Skip to:
Content

BuddyPress.org

Changeset 9760


Ignore:
Timestamp:
04/16/2015 11:09:33 PM (4 years ago)
Author:
imath
Message:

Improve bp_core_get_allowed_avatar_types(). Make sure to get the file type if the upload was not done using html5

The way we used to check the image file type is not working if the browser is Internet Explorer < 10. In this particular case, the Plupload runtime is falling back to flash and the file type is application/octet-stream. We are now using wp_check_filetype_and_ext() to fix this issue.

You can use the filter bp_core_get_allowed_avatar_types if you wish to *restrict* the avatar image types. Our supported types are: jpg, jpeg, png and gif.

Props DJPaul.

Fixes #6336
See #6290
See #6278

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-avatars.php

    r9758 r9760  
    13221322
    13231323/**
     1324 * Get allowed avatar types
     1325 *
     1326 * @since  BuddyPress (2.3.0)
     1327 */
     1328function bp_core_get_allowed_avatar_types() {
     1329    $allowed_types = array( 'jpeg', 'gif', 'png' );
     1330
     1331    /**
     1332     * Use this filter to restrict image types
     1333     *
     1334     * @since BuddyPress (2.3.0)
     1335     *
     1336     * @param array list of image types
     1337     */
     1338    $avatar_types = (array) apply_filters( 'bp_core_get_allowed_avatar_types', $allowed_types );
     1339
     1340    if ( empty( $avatar_types ) ) {
     1341        $avatar_types = $allowed_types;
     1342    } else {
     1343        $avatar_types = array_intersect( $allowed_types, $avatar_types );
     1344    }
     1345
     1346    return array_values( $avatar_types );
     1347}
     1348
     1349/**
     1350 * Get allowed avatar mime types
     1351 *
     1352 * @since  BuddyPress (2.3.0)
     1353 */
     1354function bp_core_get_allowed_avatar_mimes() {
     1355    $allowed_types  = bp_core_get_allowed_avatar_types();
     1356    $validate_mimes = wp_match_mime_types( join( ',', $allowed_types ), wp_get_mime_types() );
     1357    $allowed_mimes  = array_map( 'implode', $validate_mimes );
     1358
     1359    /**
     1360     * Include jpg type if needed so that bp_core_check_avatar_type()
     1361     * will check for jpeg and jpg extensions.
     1362     */
     1363    if ( isset( $allowed_mimes['jpeg'] ) ) {
     1364        $allowed_mimes['jpg'] = $allowed_mimes['jpeg'];
     1365    }
     1366
     1367    return $allowed_mimes;
     1368}
     1369
     1370/**
    13241371 * Does the current avatar upload have an allowed file type?
    13251372 *
     
    13291376 * @return bool True if the file extension is permitted, otherwise false.
    13301377 */
    1331 function bp_core_check_avatar_type($file) {
    1332     if ( ( !empty( $file['file']['type'] ) && !preg_match('/(jpe?g|gif|png)$/i', $file['file']['type'] ) ) || !preg_match( '/(jpe?g|gif|png)$/i', $file['file']['name'] ) )
    1333         return false;
    1334 
    1335     return true;
     1378function bp_core_check_avatar_type( $file ) {
     1379    $avatar_filetype = wp_check_filetype_and_ext( $file['file']['tmp_name'], $file['file']['name'], bp_core_get_allowed_avatar_mimes() );
     1380
     1381    if ( ! empty( $avatar_filetype['ext'] ) && ! empty( $avatar_filetype['type'] ) ) {
     1382        return true;
     1383    }
     1384
     1385    return false;
    13361386}
    13371387
  • trunk/tests/phpunit/testcases/core/avatars.php

    r9576 r9760  
    205205        $this->assertSame( $expected, array_intersect_key( $expected, $classes ) );
    206206    }
     207
     208    /**
     209     * @group bp_core_check_avatar_type
     210     */
     211    public function test_bp_core_check_avatar_type() {
     212        $plugin_dir = trailingslashit( buddypress()->plugin_dir );
     213
     214        $file = array(
     215            'file' => array(
     216                'name' => 'humans.txt',
     217                'type' => 'text/plain',
     218                'tmp_name' => $plugin_dir . 'humans.txt',
     219            )
     220        );
     221
     222        $this->assertFalse( bp_core_check_avatar_type( $file ) );
     223
     224        $file = array(
     225            'file' => array(
     226                'name' => 'mystery-man.jpg',
     227                'type' => 'image/jpeg',
     228                'tmp_name' => $plugin_dir . 'bp-core/images/mystery-man.jpg',
     229            )
     230        );
     231
     232        $this->assertTrue( bp_core_check_avatar_type( $file ) );
     233
     234        $file = array(
     235            'file' => array(
     236                'name' => 'mystery-man.jpg',
     237                'type' => 'application/octet-stream',
     238                'tmp_name' => $plugin_dir . 'bp-core/images/mystery-man.jpg',
     239            )
     240        );
     241
     242        $this->assertTrue( bp_core_check_avatar_type( $file ), 'flash is using application/octet-stream for image uploads' );
     243    }
     244
     245    /**
     246     * @group bp_core_check_avatar_type
     247     * @group bp_core_get_allowed_avatar_types
     248     */
     249    public function test_bp_core_get_allowed_avatar_types_filter() {
     250        add_filter( 'bp_core_get_allowed_avatar_types', array( $this, 'avatar_types_filter_add_type' ) );
     251
     252        $this->assertEquals( array( 'jpeg', 'gif', 'png' ), bp_core_get_allowed_avatar_types() );
     253
     254        remove_filter( 'bp_core_get_allowed_avatar_types', array( $this, 'avatar_types_filter_add_type' ) );
     255
     256        add_filter( 'bp_core_get_allowed_avatar_types', array( $this, 'avatar_types_filter_remove_type' ) );
     257
     258        $this->assertEquals( array( 'gif', 'png' ), bp_core_get_allowed_avatar_types() );
     259
     260        remove_filter( 'bp_core_get_allowed_avatar_types', array( $this, 'avatar_types_filter_remove_type' ) );
     261
     262        add_filter( 'bp_core_get_allowed_avatar_types', '__return_empty_array' );
     263
     264        $this->assertEquals( array( 'jpeg', 'gif', 'png' ), bp_core_get_allowed_avatar_types() );
     265
     266        remove_filter( 'bp_core_get_allowed_avatar_types', '__return_empty_array' );
     267    }
     268
     269    /**
     270     * @group bp_core_check_avatar_type
     271     * @group bp_core_get_allowed_avatar_mimes
     272     */
     273    public function test_bp_core_get_allowed_avatar_mimes() {
     274        $mimes = bp_core_get_allowed_avatar_mimes();
     275
     276        $this->assertEquals( array( 'jpeg', 'gif', 'png', 'jpg' ), array_keys( $mimes ) );
     277        $this->assertEquals( array( 'image/jpeg', 'image/gif', 'image/png', 'image/jpeg' ), array_values( $mimes ) );
     278
     279        add_filter( 'bp_core_get_allowed_avatar_types', array( $this, 'avatar_types_filter_add_type' ) );
     280
     281        $this->assertEquals( array( 'image/jpeg', 'image/gif', 'image/png', 'image/jpeg' ), array_values( bp_core_get_allowed_avatar_mimes() ) );
     282
     283        remove_filter( 'bp_core_get_allowed_avatar_types', array( $this, 'avatar_types_filter_add_type' ) );
     284
     285        add_filter( 'bp_core_get_allowed_avatar_types', array( $this, 'avatar_types_filter_remove_type' ) );
     286
     287        $this->assertEquals( array( 'image/gif', 'image/png' ), array_values( bp_core_get_allowed_avatar_mimes() ) );
     288
     289        remove_filter( 'bp_core_get_allowed_avatar_types', array( $this, 'avatar_types_filter_remove_type' ) );
     290
     291        add_filter( 'bp_core_get_allowed_avatar_types', '__return_empty_array' );
     292
     293        $this->assertEquals( array( 'image/jpeg', 'image/gif', 'image/png', 'image/jpeg' ), array_values( bp_core_get_allowed_avatar_mimes() ) );
     294
     295        remove_filter( 'bp_core_get_allowed_avatar_types', '__return_empty_array' );
     296    }
     297
     298    public function avatar_types_filter_add_type( $types ) {
     299        $types[] = 'bmp';
     300
     301        return $types;
     302    }
     303
     304    public function avatar_types_filter_remove_type( $types ) {
     305        $jpeg = array_shift( $types );
     306
     307        return $types;
     308    }
    207309}
Note: See TracChangeset for help on using the changeset viewer.