Commit a3d82f91 authored by Iaki Arenaza's avatar Iaki Arenaza Committed by Nigel McNie

MAH-3317 Cannot Login to Mahara from Moodle When Picture is added to Moodle Profile

Instead of using a fixed platform-specific path for temporary image files,
create a new temporary directory inside dataroot and place temporary files
there.

In addition to it, make sure we prefix the profile icon file names with 'mpi_'
(stands for mnet profile icon) to prevent clashes (as per Nigel's suggestion)
and check the return result from file_put_contents() for errors (but otherwise
and continue gracefully if the file can't be written, as Nigel suggested on the
bug tracker).

While in this particular case the related code takes care of the temporary
files, if we are going to have a temp directory, it might be good to have a
cronjob to clean it out (We should file a bug to remind us to do that)

[Minor whitespace fixups by Nigel]
Signed-off-by: default avatarIñaki Arenaza <iarenaza@eps.mondragon.edu>
Signed-off-by: default avatarNigel McNie <nigel@catalyst.net.nz>
parent 3c44a80e
......@@ -186,6 +186,7 @@ $string['rm'] = 'RM Real Player Movie';
// Profile icons
$string['cantcreatetempprofileiconfile'] = 'Could not write temporary profile icon image in %s';
$string['profileiconsize'] = 'Profile Icon Size';
$string['profileicons'] = 'Profile Icons';
$string['Default'] = 'Default';
......
......@@ -271,84 +271,88 @@ class AuthXmlrpc extends Auth {
$imageobject = (object)$client->response;
$u = preg_replace('/[^A-Za-z0-9 ]/', '', $user->username);
$filename = '/tmp/'.intval($this->instanceid).'_'.$u;
$filename = get_config('dataroot') . 'temp/mpi_' . intval($this->instanceid) . '_' . $u;
if (array_key_exists('f1', $client->response)) {
$imagecontents = base64_decode($client->response['f1']);
file_put_contents($filename, $imagecontents);
$imageexists = false;
$icons = false;
if ($update) {
$newchecksum = sha1_file($filename);
$icons = get_records_select_array('artefact', 'artefacttype = \'profileicon\' AND owner = ? ', array($user->id), '', 'id');
if (false != $icons) {
foreach ($icons as $icon) {
$iconfile = get_config('dataroot') . 'artefact/file/profileicons/originals/' . ($icon->id % 256) . '/'.$icon->id;
$checksum = sha1_file($iconfile);
if ($newchecksum == $checksum) {
$imageexists = true;
unlink($filename);
break;
if (file_put_contents($filename, $imagecontents)) {
$imageexists = false;
$icons = false;
if ($update) {
$newchecksum = sha1_file($filename);
$icons = get_records_select_array('artefact', 'artefacttype = \'profileicon\' AND owner = ? ', array($user->id), '', 'id');
if (false != $icons) {
foreach ($icons as $icon) {
$iconfile = get_config('dataroot') . 'artefact/file/profileicons/originals/' . ($icon->id % 256) . '/'.$icon->id;
$checksum = sha1_file($iconfile);
if ($newchecksum == $checksum) {
$imageexists = true;
unlink($filename);
break;
}
}
}
}
}
if (false == $imageexists) {
$filesize = filesize($filename);
if (!$user->quota_allowed($filesize)) {
$error = get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot'));
}
if (false == $imageexists) {
$filesize = filesize($filename);
if (!$user->quota_allowed($filesize)) {
$error = get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot'));
}
require_once('file.php');
$imagesize = getimagesize($filename);
if (!$imagesize || !is_image_type($imagesize[2])) {
$error = get_string('filenotimage');
}
require_once('file.php');
$imagesize = getimagesize($filename);
if (!$imagesize || !is_image_type($imagesize[2])) {
$error = get_string('filenotimage');
}
$mime = $imagesize['mime'];
$width = $imagesize[0];
$height = $imagesize[1];
$imagemaxwidth = get_config('imagemaxwidth');
$imagemaxheight = get_config('imagemaxheight');
if ($width > $imagemaxwidth || $height > $imagemaxheight) {
$error = get_string('profileiconimagetoobig', 'artefact.file', $width, $height, $imagemaxwidth, $imagemaxheight);
}
$mime = $imagesize['mime'];
$width = $imagesize[0];
$height = $imagesize[1];
$imagemaxwidth = get_config('imagemaxwidth');
$imagemaxheight = get_config('imagemaxheight');
if ($width > $imagemaxwidth || $height > $imagemaxheight) {
$error = get_string('profileiconimagetoobig', 'artefact.file', $width, $height, $imagemaxwidth, $imagemaxheight);
}
try {
$user->quota_add($filesize);
}
catch (QuotaException $qe) {
$error = get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot'));
}
try {
$user->quota_add($filesize);
}
catch (QuotaException $qe) {
$error = get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot'));
}
require_once(get_config('docroot') .'/artefact/lib.php');
require_once(get_config('docroot') .'/artefact/file/lib.php');
// Entry in artefact table
$artefact = new ArtefactTypeProfileIcon();
$artefact->set('owner', $user->id);
$artefact->set('title', 'Profile Icon');
$artefact->set('note', 'Profile Icon');
$artefact->set('size', $filesize);
$artefact->set('filetype', $mime);
$artefact->set('width', $width);
$artefact->set('height', $height);
$artefact->commit();
$id = $artefact->get('id');
// Move the file into the correct place.
$directory = get_config('dataroot') . 'artefact/file/profileicons/originals/' . ($id % 256) . '/';
check_dir_exists($directory);
rename($filename, $directory . $id);
if ($create || empty($icons)) {
$user->profileicon = $id;
require_once(get_config('docroot') .'/artefact/lib.php');
require_once(get_config('docroot') .'/artefact/file/lib.php');
// Entry in artefact table
$artefact = new ArtefactTypeProfileIcon();
$artefact->set('owner', $user->id);
$artefact->set('title', 'Profile Icon');
$artefact->set('note', 'Profile Icon');
$artefact->set('size', $filesize);
$artefact->set('filetype', $mime);
$artefact->set('width', $width);
$artefact->set('height', $height);
$artefact->commit();
$id = $artefact->get('id');
// Move the file into the correct place.
$directory = get_config('dataroot') . 'artefact/file/profileicons/originals/' . ($id % 256) . '/';
check_dir_exists($directory);
rename($filename, $directory . $id);
if ($create || empty($icons)) {
$user->profileicon = $id;
}
}
}
$user->commit();
$user->commit();
}
else {
log_warn(get_string('cantcreatetempprofileiconfile', 'artefact.file', $filename));
}
}
}
......
......@@ -149,6 +149,7 @@ function ensure_sanity() {
!check_dir_exists(get_config('dataroot') . 'smarty/compile') ||
!check_dir_exists(get_config('dataroot') . 'smarty/cache') ||
!check_dir_exists(get_config('dataroot') . 'sessions') ||
!check_dir_exists(get_config('dataroot') . 'temp') ||
!check_dir_exists(get_config('dataroot') . 'langpacks') ||
!check_dir_exists(get_config('dataroot') . 'htmlpurifier')) {
throw new ConfigSanityException(get_string('couldnotmakedatadirectories', 'error'));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment