function profile_photo_post(&$a) {
- if(! local_user()) {
- notice ( t('Permission denied.') . EOL );
- return;
- }
-
+ if(! local_user()) {
+ notice ( t('Permission denied.') . EOL );
+ return;
+ }
+
+ check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
+
if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) {
// phase 2 - we have finished cropping
$base_image = $r[0];
- $im = new Photo($base_image['data']);
+ $im = new Photo($base_image['data'], $base_image['type']);
if($im->is_valid()) {
$im->cropImage(175,$srcX,$srcY,$srcW,$srcH);
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
-
+ $filetype = $_FILES['userfile']['type'];
+ if ($filetype=="") $filetype=guess_image_type($filename);
+
$maximagesize = get_config('system','maximagesize');
if(($maximagesize) && ($filesize > $maximagesize)) {
}
$imagedata = @file_get_contents($src);
- $ph = new Photo($imagedata);
+ $ph = new Photo($imagedata, $filetype);
if(! $ph->is_valid()) {
notice( t('Unable to process image.') . EOL );
notice( t('Permission denied.') . EOL );
return;
};
-
+
+// check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
+
$resource_id = $a->argv[2];
//die(":".local_user());
$r=q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' ORDER BY `scale` ASC",
goaway($a->get_baseurl() . '/profiles');
return; // NOTREACHED
}
- $ph = new Photo($r[0]['data']);
+ $ph = new Photo($r[0]['data'], $r[0]['type']);
profile_photo_crop_ui_head($a, $ph);
// go ahead as we have jus uploaded a new photo to crop
}
'$lbl_upfile' => t('Upload File:'),
'$title' => t('Upload Profile Photo'),
'$submit' => t('Upload'),
+ '$form_security_token' => get_form_security_token("profile_photo"),
'$select' => sprintf('%s %s', t('or'), ($newuser) ? '<a href="' . $a->get_baseurl() . '">' . t('skip this step') . '</a>' : '<a href="'. $a->get_baseurl() . '/photos/' . $a->user['nickname'] . '">' . t('select a photo from your photo albums') . '</a>')
));
return $o;
}
else {
- $filename = $a->config['imagecrop'] . '-' . $a->config['imagecrop_resolution'] . '.jpg';
+ $filename = $a->config['imagecrop'] . '-' . $a->config['imagecrop_resolution'] . '.'.$a->config['imagecrop_ext'];
$resolution = $a->config['imagecrop_resolution'];
$tpl = get_markup_template("cropbody.tpl");
$o .= replace_macros($tpl,array(
'$image_url' => $a->get_baseurl() . '/photo/' . $filename,
'$title' => t('Crop Image'),
'$desc' => t('Please adjust the image cropping for optimum viewing.'),
+ '$form_security_token' => get_form_security_token("profile_photo"),
'$done' => t('Done Editing')
));
return $o;
$a->config['imagecrop'] = $hash;
$a->config['imagecrop_resolution'] = $smallest;
+ $a->config['imagecrop_ext'] = $ph->getExt();
$a->page['htmlhead'] .= get_markup_template("crophead.tpl");
return;
}}