Changeset 9760 for trunk/src/bp-core/bp-core-avatars.php

Timestamp:

04/16/2015 11:09:33 PM (10 years ago)

Author:

imath

Message:

Improve bp_core_get_allowed_avatar_types(). Make sure to get the file type if the upload was not done using html5

The way we used to check the image file type is not working if the browser is Internet Explorer < 10. In this particular case, the Plupload runtime is falling back to flash and the file type is application/octet-stream. We are now using wp_check_filetype_and_ext() to fix this issue.

You can use the filter bp_core_get_allowed_avatar_types if you wish to *restrict* the avatar image types. Our supported types are: jpg, jpeg, png and gif.

Props DJPaul.

Fixes #6336
See #6290
See #6278

File:

• trunk/src/bp-core/bp-core-avatars.php (modified) (2 diffs)

trunk/src/bp-core/bp-core-avatars.php

@@ -1322 +1322 @@
 
 /**
+ * Get allowed avatar types
+ *
+ * @since  BuddyPress (2.3.0)
+ */
+function bp_core_get_allowed_avatar_types() {
+    $allowed_types = array( 'jpeg', 'gif', 'png' );
+
+    /**
+     * Use this filter to restrict image types
+     *
+     * @since BuddyPress (2.3.0)
+     *
+     * @param array list of image types
+     */
+    $avatar_types = (array) apply_filters( 'bp_core_get_allowed_avatar_types', $allowed_types );
+
+    if ( empty( $avatar_types ) ) {
+        $avatar_types = $allowed_types;
+    } else {
+        $avatar_types = array_intersect( $allowed_types, $avatar_types );
+    }
+
+    return array_values( $avatar_types );
+}
+
+/**
+ * Get allowed avatar mime types
+ *
+ * @since  BuddyPress (2.3.0)
+ */
+function bp_core_get_allowed_avatar_mimes() {
+    $allowed_types  = bp_core_get_allowed_avatar_types();
+    $validate_mimes = wp_match_mime_types( join( ',', $allowed_types ), wp_get_mime_types() );
+    $allowed_mimes  = array_map( 'implode', $validate_mimes );
+
+    /**
+     * Include jpg type if needed so that bp_core_check_avatar_type()
+     * will check for jpeg and jpg extensions.
+     */
+    if ( isset( $allowed_mimes['jpeg'] ) ) {
+        $allowed_mimes['jpg'] = $allowed_mimes['jpeg'];
+    }
+
+    return $allowed_mimes;
+}
+
+/**
  * Does the current avatar upload have an allowed file type?
  *
@@ -1329 +1376 @@
  * @return bool True if the file extension is permitted, otherwise false.
  */
-function bp_core_check_avatar_type($file) {
-    if ( ( !empty( $file['file']['type'] ) && !preg_match('/(jpe?g|gif|png)$/i', $file['file']['type'] ) ) || !preg_match( '/(jpe?g|gif|png)$/i', $file['file']['name'] ) )
-        return false;
-
-    return true;
+function bp_core_check_avatar_type( $file ) {
+    $avatar_filetype = wp_check_filetype_and_ext( $file['file']['tmp_name'], $file['file']['name'], bp_core_get_allowed_avatar_mimes() );
+
+    if ( ! empty( $avatar_filetype['ext'] ) && ! empty( $avatar_filetype['type'] ) ) {
+        return true;
+    }
+
+    return false;
 }