- if ($avatar && (!common_valid_http_url($avatar) || strlen($avatar) > 255)) {
- throw new OAuthException("Invalid avatar '$avatar'");
+ if ($avatar) {
+ if (!common_valid_http_url($avatar) || strlen($avatar) > 255) {
+ throw new OAuthException("Invalid avatar URL '$avatar'");
+ }
+ $size = @getimagesize($avatar);
+ if (!$size) {
+ throw new OAuthException("Can't read avatar URL '$avatar'");
+ }
+ if ($size[0] != AVATAR_PROFILE_SIZE || $size[1] != AVATAR_PROFILE_SIZE) {
+ throw new OAuthException("Wrong size image at '$avatar'");
+ }
+ if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG,
+ IMAGETYPE_PNG))) {
+ throw new OAuthException("Wrong image type for '$avatar'");
+ }