[xoops-cvslog 2778] CVS update: xoops2jp/html

アーカイブの一覧に戻る

onokazu onoka****@users*****
2006年 4月 11日 (火) 23:54:06 JST


Index: xoops2jp/html/edituser.php
diff -u xoops2jp/html/edituser.php:1.4 xoops2jp/html/edituser.php:1.4.6.1
--- xoops2jp/html/edituser.php:1.4	Wed Aug  3 21:39:11 2005
+++ xoops2jp/html/edituser.php	Tue Apr 11 23:54:06 2006
@@ -1,5 +1,5 @@
 <?php
-// $Id: edituser.php,v 1.4 2005/08/03 12:39:11 onokazu Exp $
+// $Id: edituser.php,v 1.4.6.1 2006/04/11 14:54:06 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -24,7 +24,6 @@
 //  along with this program; if not, write to the Free Software              //
 //  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA //
 //  ------------------------------------------------------------------------ //
-
 $xoopsOption['pagetype'] = 'user';
 include 'mainfile.php';
 include_once XOOPS_ROOT_PATH.'/class/xoopsformloader.php';
@@ -344,9 +343,22 @@
         redirect_header('index.php', 3, _US_NOEDITRIGHT);
         exit();
     }
-    $user_avatar = '';
-    if (!empty($_POST['user_avatar'])) {
-        $user_avatar = trim($_POST['user_avatar']);
+    $avt_handler =& xoops_gethandler('avatar');
+    $user_avatar = 'blank.gif';
+    $user_avatar_object = false;
+    $myts =& MyTextSanitizer::getInstance();
+    if ($user_avatar_req = trim($myts->stripSlashesGPC($_POST['user_avatar']))) {
+        // allow system avatar selection only
+        if (preg_match("/^savt/", $user_avatar_req)) {
+            $criteria =& new CriteriaCompo(new Criteria('avatar_file', addslashes($user_avatar_req)));
+            $criteria->add(new Criteria('avatar_type', 'S'));
+            if ($avatars = $avt_handler->getObjects($criteria)) {
+                if (is_object($avatars[0])) {
+                    $user_avatar = $avatars[0]->getVar('avatar_file');
+                    $user_avatar_object =& $avatars[0];
+                }
+            }
+        }
     }
     $user_avatarpath = str_replace("\\", "/", realpath(XOOPS_UPLOAD_PATH.'/'.$user_avatar));
     if (0 === strpos($user_avatarpath, XOOPS_UPLOAD_PATH) && is_file($user_avatarpath)) {
@@ -359,9 +371,10 @@
             include XOOPS_ROOT_PATH.'/footer.php';
             exit();
         }
-        $avt_handler =& xoops_gethandler('avatar');
-        if ($oldavatar && $oldavatar != 'blank.gif' && !preg_match("/^savt/", strtolower($oldavatar))) {
-            $avatars =& $avt_handler->getObjects(new Criteria('avatar_file', $oldavatar));
+        if ($oldavatar && $oldavatar != 'blank.gif' && preg_match("/^cavt/", strtolower($oldavatar))) {
+            $criteria =& new CriteriaCompo(new Criteria('avatar_file', addslashes($oldavatar)));
+            $criteria->add(new Criteria('avatar_type', 'C'));
+            $avatars =& $avt_handler->getObjects($criteria);
             if (is_object($avatars[0])) {
                 $avt_handler->delete($avatars[0]);
             }
@@ -370,11 +383,8 @@
                 unlink($oldavatar_path);
             }
         }
-        if ($user_avatar != 'blank.gif') {
-            $avatars =& $avt_handler->getObjects(new Criteria('avatar_file', $user_avatar));
-            if (is_object($avatars[0])) {
-                $avt_handler->addUser($avatars[0]->getVar('avatar_id'), $xoopsUser->getVar('uid'));
-            }
+        if (is_object($user_avatar_object)) {
+            $avt_handler->addUser($user_avatar_object->getVar('avatar_id'), $xoopsUser->getVar('uid'));
         }
     }
     redirect_header('userinfo.php?uid='.$uid, 0, _US_PROFUPDATED);


xoops-cvslog メーリングリストの案内
アーカイブの一覧に戻る