# This patch file was generated by NetBeans IDE # This patch can be applied using context Tools: Apply Diff Patch action on respective folder. # It uses platform neutral UTF-8 encoding. # Above lines and this line are ignored by the patching process. --- components/com_comprofiler/plugin/user/plug_cbcore/cb.core.php +++ components/com_comprofiler/plugin/user/plug_cbcore/cb.core.php @@ -2249,38 +2249,27 @@ */ function prepareFieldDataSave( &$field, &$user, &$postdata, $reason ) { global $_CB_framework, $ueConfig, $_PLUGINS, $_FILES; + $this->_prepareFieldMetaSave( $field, $user, $postdata, $reason ); - $col = $field->name; - $colapproved = $col . 'approved'; - $col_choice = $col . '__choice'; - $col_file = $col . '__file'; - $col_gallery = $col . '__gallery'; + $col = $field->name; + $colapproved = $col . 'approved'; + $col_choice = $col . '__choice'; + $col_file = $col . '__file'; + $col_gallery = $col . '__gallery'; - $choice = stripslashes( cbGetParam( $postdata, $col_choice ) ); + $choice = stripslashes( cbGetParam( $postdata, $col_choice ) ); + switch ( $choice ) { case 'upload': - if ( ( $col == 'avatar' ) && ! $ueConfig['allowAvatarUpload'] ) { - $this->_setErrorMSG( _UE_NOT_AUTHORIZED ); - return; - } + $value = ( isset( $_FILES[$col_file] ) ? $_FILES[$col_file] : null ); - $isModerator = isModerator( $_CB_framework->myId() ); + if ( $this->validate( $field, $user, $choice, $value, $postdata, $reason ) ) { + $_PLUGINS->loadPluginGroup( 'user' ); - if ( ( ! isset( $_FILES[$col_file]['tmp_name'] ) ) - || empty( $_FILES[$col_file]['tmp_name'] ) - || ( $_FILES[$col_file]['error'] != 0 ) - || ( ! is_uploaded_file( $_FILES[$col_file]['tmp_name'] ) ) - ) { - $this->_setErrorMSG( _UE_UPLOAD_ERROR_EMPTY ); - return; - } + $isModerator = isModerator( $_CB_framework->myId() ); - $_PLUGINS->loadPluginGroup( 'user' ); - $_PLUGINS->trigger( 'onBeforeUserAvatarUpdate', array( &$user, &$user, $isModerator, &$_FILES[$col_file]['tmp_name'] ) ); - if ( $_PLUGINS->is_errors() ) { - $this->_setErrorMSG( $_PLUGINS->getErrorMSG() ); - } + $_PLUGINS->trigger( 'onBeforeUserAvatarUpdate', array( &$user, &$user, $isModerator, &$value['tmp_name'] ) ); $imgToolBox = new imgToolBox(); $imgToolBox->_conversiontype = $ueConfig['conversiontype']; @@ -2288,115 +2277,150 @@ $imgToolBox->_NETPBM_path = $ueConfig['netpbm_path']; $imgToolBox->_maxsize = $this->_getImageFieldParam( $field, 'avatarSize' ); $imgToolBox->_maxwidth = $this->_getImageFieldParam( $field, 'avatarWidth' ); - $imgToolBox->_maxheight = $this->_getImageFieldParam( $field, 'avatarHeight' ); + $imgToolBox->_maxheight = $this->_getImageFieldParam( $field, 'avatarHeight' ); $imgToolBox->_thumbwidth = $this->_getImageFieldParam( $field, 'thumbWidth' ); $imgToolBox->_thumbheight = $this->_getImageFieldParam( $field, 'thumbHeight' ); $imgToolBox->_debug = 0; + $allwaysResize = ( isset( $ueConfig['avatarResizeAlways'] ) ? $ueConfig['avatarResizeAlways'] : 1 ); + $fileNameInDir = ( $col == 'avatar' ? '' : $col . '_' ) . uniqid( $user->id . '_' ); - $fileNameInDir = ( $col == 'avatar' ? '' : $col . '_' ) . uniqid($user->id."_"); - $newFileName = $imgToolBox->processImage( $_FILES[$col_file], $fileNameInDir, $_CB_framework->getCfg('absolute_path') . '/images/comprofiler/', 0, 0, 1, $allwaysResize ); - if ( ! $newFileName ) { - $this->_setErrorMSG( $imgToolBox->_errMSG ); + $value = $imgToolBox->processImage( $value, $fileNameInDir, $_CB_framework->getCfg( 'absolute_path' ) . '/images/comprofiler/', 0, 0, 1, $allwaysResize ); + + if ( ! $value ) { + $this->_setValidationError( $field, $user, $reason, $imgToolBox->_errMSG ); // needed if uploaded file fails in imgToolbox return; } - if ( isset( $user->$col ) && ! ( ( $col == 'avatar' ) && $ueConfig['avatarUploadApproval'] == 1 && $isModerator == 0 ) ) { - // if auto-approved: //TBD: else need to log update on image approval ! - $this->_logFieldUpdate( $field, $user, $reason, $user->$col, $newFileName ); + if ( isset( $user->$col ) && ! ( ( $col == 'avatar' ) && ( $ueConfig['avatarUploadApproval'] == 1 ) && ( $isModerator == 0 ) ) ) { + $this->_logFieldUpdate( $field, $user, $reason, $user->$col, $value ); } if ( $user->$col != '' ) { deleteAvatar( $user->$col ); } - if ( ( $col == 'avatar' ) && $ueConfig['avatarUploadApproval'] == 1 && $isModerator == 0 ) { - + if ( ( $col == 'avatar' ) && ( $ueConfig['avatarUploadApproval'] == 1 ) && ( $isModerator == 0 ) ) { $cbNotification = new cbNotification(); + $cbNotification->sendToModerators( _UE_IMAGE_ADMIN_SUB, _UE_IMAGE_ADMIN_MSG ); - $user->$col = $newFileName; + $user->$col = $value; $user->$colapproved = 0; - // $_CB_database->setQuery("UPDATE #__comprofiler SET avatar='" . $_CB_database->getEscaped($newFileName) . "', avatarapproved=0 WHERE id=" . (int) $row->id); - // $redMsg = _UE_UPLOAD_PEND_APPROVAL; } else { - $user->$col = $newFileName; + $user->$col = $value; $user->$colapproved = 1; - // $_CB_database->setQuery("UPDATE #__comprofiler SET avatar='" . $_CB_database->getEscaped($newFileName) . "', avatarapproved=1, lastupdatedate='".date('Y-m-d\TH:i:s')."' WHERE id=" . (int) $row->id); - // $redMsg = _UE_UPLOAD_SUCCESSFUL; } - // $_CB_database->query(); - - $_PLUGINS->trigger( 'onAfterUserAvatarUpdate', array(&$user, &$user, $isModerator, $newFileName ) ); + $_PLUGINS->trigger( 'onAfterUserAvatarUpdate', array( &$user, &$user, $isModerator, $value ) ); + } break; - case 'gallery': - if( ( $col == 'avatar' ) && ! $ueConfig['allowAvatarGallery'] ) { - $this->_setErrorMSG( _UE_NOT_AUTHORIZED ); - return; - } + $value = stripslashes( cbGetParam( $postdata, $col_gallery ) ); - $newAvatar = stripslashes( cbGetParam( $postdata, $col_gallery ) ); - if ( ( $newAvatar == '' ) || preg_match( '/[^-_a-zA-Z0-9.]/', $newAvatar ) || ( strpos( $newAvatar, '..' ) !== false ) ) { - $this->_setErrorMSG( _UE_UPLOAD_ERROR_CHOOSE . $newAvatar ); - return; - } + if ( $this->validate( $field, $user, $choice, $value, $postdata, $reason ) ) { + $value = 'gallery/' . $value; - $newAvatar = 'gallery/' . $newAvatar; if ( isset( $user->$col ) ) { - $this->_logFieldUpdate( $field, $user, $reason, $user->$col, $newAvatar ); + $this->_logFieldUpdate( $field, $user, $reason, $user->$col, $value ); } - // delete old avatar: - deleteAvatar( $user->$col ); + deleteAvatar( $user->$col ); // delete old avatar - $user->$col = $newAvatar; + $user->$col = $value; $user->$colapproved = 1; -/* - //$_CB_database->setQuery( "UPDATE #__comprofiler SET avatar = " . $_CB_database->Quote($newAvatar) - // . ", avatarapproved=1, lastupdatedate = " . $_CB_database->Quote( date('Y-m-d H:i:s') ) - // . " WHERE id = " . (int) $row->id); - if( ! $_CB_database->query() ) { - $msg = _UE_USER_PROFILE_NOT; - }else { - // delete old avatar: - deleteAvatar( $user->$col ); - $msg = _UE_USER_PROFILE_UPDATED; } -*/ break; case 'delete': - if ( $user->id && $user->$col != null && $user->$col != "" ) { + if ( $user->id && ( $user->$col != null ) && ( $user->$col != '' ) ) { global $_CB_database; if ( isset( $user->$col ) ) { $this->_logFieldUpdate( $field, $user, $reason, $user->$col, '' ); } - deleteAvatar( $user->$col ); - $user->$col = null; // this will not update, so we do query below: - $user->$colapproved = 1; - $_CB_database->setQuery('UPDATE ' . $_CB_database->NameQuote( $field->table ) . ' SET ' . $_CB_database->NameQuote( $col ) . ' = NULL, ' . $_CB_database->NameQuote( $col . 'approved' ) . ' = 1, ' . $_CB_database->NameQuote( 'lastupdatedate' ) . ' = ' . $_CB_database->Quote( date('Y-m-d H:i:s') ) . ' WHERE id=' . (int) $user->id); + deleteAvatar( $user->$col ); // delete old avatar + + $user->$col = null; // this will not update, so we do query below: + $user->$colapproved = 1; + + $query = 'UPDATE ' . $_CB_database->NameQuote( $field->table ) + . "\n SET " . $_CB_database->NameQuote( $col ) . " = NULL" + . ', ' . $_CB_database->NameQuote( $col . 'approved' ) . ' = 1' + . ', ' . $_CB_database->NameQuote( 'lastupdatedate' ) . ' = ' . date( 'Y-m-d H:i:s', $_CB_framework->now() ) + . "\n WHERE " . $_CB_database->NameQuote( 'id' ) . " = " . (int) $user_id; + $_CB_database->setQuery( $query ); $_CB_database->query(); } - break; case 'approve': - if ( isset( $user->$col ) && ( $_CB_framework->getUi() == 2 ) && $user->id && $user->$col != null && $user->$colapproved == 0 ) { + if ( isset( $user->$col ) && ( $_CB_framework->getUi() == 2 ) && $user->id && ( $user->$col != null ) && ( $user->$colapproved == 0 ) ) { $this->_logFieldUpdate( $field, $user, $reason, '', $user->$col ); // here we are missing the old value, so can't give it... - $user->$colapproved = 1; - $user->lastupdatedate = date('Y-m-d H:i:s'); - $cbNotification = new cbNotification(); + $user->$colapproved = 1; + $user->lastupdatedate = date( 'Y-m-d H:i:s', $_CB_framework->now() ); + + $cbNotification = new cbNotification(); + $cbNotification->sendFromSystem( $user, _UE_IMAGEAPPROVED_SUB, _UE_IMAGEAPPROVED_MSG ); } + break; case '': default: break; } } + /** + * Validator: + * Validates $value for $field->required and other rules + * Override + * + * @param moscomprofilerFields $field + * @param moscomprofilerUser $user RETURNED populated: touch only variables related to saving this field (also when not validating for showing re-edit) + * @param string $columnName Column to validate + * @param string $value (RETURNED:) Value to validate, Returned Modified if needed ! + * @param array $postdata Typically $_POST (but not necessarily), filtering required. + * @param string $reason 'edit' for save user edit, 'register' for save registration + * @return boolean True if validate, $this->_setErrorMSG if False + */ + function validate( &$field, &$user, $columnName, &$value, &$postdata, $reason ) { + global $_CB_framework, $ueConfig, $_FILES; + + $isRequired = $this->_isRequired( $field, $user, $reason ); + + switch ( $columnName ) { + case 'upload': + if ( ( $field->name == 'avatar' ) && ! $ueConfig['allowAvatarUpload'] ) { + $this->_setValidationError( $field, $user, $reason, _UE_NOT_AUTHORIZED ); + return false; + } + + if ( ! isset( $value['tmp_name'] ) || empty( $value['tmp_name'] ) || ( $value['error'] != 0 ) || ! is_uploaded_file( $value['tmp_name'] ) ) { + if ( $isRequired ) { + $this->_setValidationError( $field, $user, $reason, _UE_UPLOAD_ERROR_EMPTY ); + } + + return false; + } + break; + case 'gallery': + if ( ( $field->name == 'avatar' ) && ! $ueConfig['allowAvatarGallery'] ) { + $this->_setValidationError( $field, $user, $reason, _UE_NOT_AUTHORIZED ); + return false; + } + + if ( ( $value == '' ) || preg_match( '/[^-_a-zA-Z0-9.]/', $value ) || ( strpos( $value, '..' ) !== false ) ) { + $this->_setValidationError( $field, $user, $reason, _UE_UPLOAD_ERROR_CHOOSE . $value ); + return false; + } + break; + } + + return true; + } + + /** \ No newline at end of file * Finder: * Prepares field data for saving to database (safe transfer from $postdata to $user) * Override