Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
04/16/2015 11:09:33 PM (9 years ago)
Author:
imath
Message:

Improve bp_core_get_allowed_avatar_types(). Make sure to get the file type if the upload was not done using html5

The way we used to check the image file type is not working if the browser is Internet Explorer < 10. In this particular case, the Plupload runtime is falling back to flash and the file type is application/octet-stream. We are now using wp_check_filetype_and_ext() to fix this issue.

You can use the filter bp_core_get_allowed_avatar_types if you wish to *restrict* the avatar image types. Our supported types are: jpg, jpeg, png and gif.

Props DJPaul.

Fixes #6336
See #6290
See #6278

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-avatars.php

    r9758 r9760  
    13221322
    13231323/**
     1324 * Get allowed avatar types
     1325 *
     1326 * @since  BuddyPress (2.3.0)
     1327 */
     1328function bp_core_get_allowed_avatar_types() {
     1329    $allowed_types = array( 'jpeg', 'gif', 'png' );
     1330
     1331    /**
     1332     * Use this filter to restrict image types
     1333     *
     1334     * @since BuddyPress (2.3.0)
     1335     *
     1336     * @param array list of image types
     1337     */
     1338    $avatar_types = (array) apply_filters( 'bp_core_get_allowed_avatar_types', $allowed_types );
     1339
     1340    if ( empty( $avatar_types ) ) {
     1341        $avatar_types = $allowed_types;
     1342    } else {
     1343        $avatar_types = array_intersect( $allowed_types, $avatar_types );
     1344    }
     1345
     1346    return array_values( $avatar_types );
     1347}
     1348
     1349/**
     1350 * Get allowed avatar mime types
     1351 *
     1352 * @since  BuddyPress (2.3.0)
     1353 */
     1354function bp_core_get_allowed_avatar_mimes() {
     1355    $allowed_types  = bp_core_get_allowed_avatar_types();
     1356    $validate_mimes = wp_match_mime_types( join( ',', $allowed_types ), wp_get_mime_types() );
     1357    $allowed_mimes  = array_map( 'implode', $validate_mimes );
     1358
     1359    /**
     1360     * Include jpg type if needed so that bp_core_check_avatar_type()
     1361     * will check for jpeg and jpg extensions.
     1362     */
     1363    if ( isset( $allowed_mimes['jpeg'] ) ) {
     1364        $allowed_mimes['jpg'] = $allowed_mimes['jpeg'];
     1365    }
     1366
     1367    return $allowed_mimes;
     1368}
     1369
     1370/**
    13241371 * Does the current avatar upload have an allowed file type?
    13251372 *
     
    13291376 * @return bool True if the file extension is permitted, otherwise false.
    13301377 */
    1331 function bp_core_check_avatar_type($file) {
    1332     if ( ( !empty( $file['file']['type'] ) && !preg_match('/(jpe?g|gif|png)$/i', $file['file']['type'] ) ) || !preg_match( '/(jpe?g|gif|png)$/i', $file['file']['name'] ) )
    1333         return false;
    1334 
    1335     return true;
     1378function bp_core_check_avatar_type( $file ) {
     1379    $avatar_filetype = wp_check_filetype_and_ext( $file['file']['tmp_name'], $file['file']['name'], bp_core_get_allowed_avatar_mimes() );
     1380
     1381    if ( ! empty( $avatar_filetype['ext'] ) && ! empty( $avatar_filetype['type'] ) ) {
     1382        return true;
     1383    }
     1384
     1385    return false;
    13361386}
    13371387
Note: See TracChangeset for help on using the changeset viewer.