Catch error when trying to upload empty or invalid avatar

2021-04-20 07:42:58 +02:00 · 2021-04-20 07:42:58 +02:00 · ae39544e10
parent 6f8f5aff33
commit ae39544e10
38 changed files with 100 additions and 2 deletions
--- a/app/Controller/AvatarFileController.php
+++ b/app/Controller/AvatarFileController.php
@ -33,8 +33,14 @@ class AvatarFileController extends BaseController
        $this->checkCSRFParam();
        $user = $this->getUser();

-        if (! $this->avatarFileModel->uploadImageFile($user['id'], $this->request->getFileInfo('avatar'))) {
-            $this->flash->failure(t('Unable to upload files, check the permissions of your data folder.'));
+        if (! $this->request->getFileInfo('avatar')['name']) {
+            $this->flash->failure(t('You must select a file to upload as your avatar!'));
+        } elseif (! $this->avatarFileModel->isAvatarImage($this->request->getFileInfo('avatar')['name'])) {
+            $this->flash->failure(t('The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)'));
+        } else {
+            if (! $this->avatarFileModel->uploadImageFile($user['id'], $this->request->getFileInfo('avatar'))) {
+                $this->flash->failure(t('Unable to upload files, check the permissions of your data folder.'));
+            }
        }

        $this->renderResponse($user['id']);
--- a/app/Locale/bs_BA/translations.php
+++ b/app/Locale/bs_BA/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    // 'XBT - Bitcoin' => '',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/ca_ES/translations.php
+++ b/app/Locale/ca_ES/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    // 'XBT - Bitcoin' => '',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/cs_CZ/translations.php
+++ b/app/Locale/cs_CZ/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - Bitcoin',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/da_DK/translations.php
+++ b/app/Locale/da_DK/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - Bitcoin',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/de_DE/translations.php
+++ b/app/Locale/de_DE/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - Bitcoin',
+    'You must select a file to upload as your avatar!' => 'Sie müssen eine Datei auswählen, die als Avatar hochgeladen werden soll!',
+    'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => 'Die hochgeladene Datei ist kein gültiges Bild! (Nur *.gif, *.jpg, *.jpeg and *.png sind erlaubt!)',
 );
--- a/app/Locale/de_DE_du/translations.php
+++ b/app/Locale/de_DE_du/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - Bitcoin',
+    'You must select a file to upload as your avatar!' => 'Du musst eine Datei auswählen, die als Avatar hochgeladen werden soll!',
+    'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => 'Die hochgeladene Datei ist kein gültiges Bild! (Nur *.gif, *.jpg, *.jpeg and *.png sind erlaubt!)',
 );
--- a/app/Locale/el_GR/translations.php
+++ b/app/Locale/el_GR/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    // 'XBT - Bitcoin' => '',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/es_ES/translations.php
+++ b/app/Locale/es_ES/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - Bitcoin',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/es_VE/translations.php
+++ b/app/Locale/es_VE/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - Bitcoin',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/fa_IR/translations.php
+++ b/app/Locale/fa_IR/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - بیت کوین',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/fi_FI/translations.php
+++ b/app/Locale/fi_FI/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    // 'XBT - Bitcoin' => '',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/fr_FR/translations.php
+++ b/app/Locale/fr_FR/translations.php
@ -1427,4 +1427,6 @@ return array(
    'Estimated vs actual time per column' => 'Temps estimé vs temps réel par colonne',
    'HUF - Hungarian Forint' => 'HUF - Forint hongrois',
    'XBT - Bitcoin' => 'XBT - Bitcoin',
+    'You must select a file to upload as your avatar!' => 'Vous devez sélectionner un fichier à télécharger pour votre avatar !',
+    'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => 'Le fichier que vous avez téléchargé n\'est pas une image valide ! (Seuls * .gif, * .jpg, * .jpeg et * .png sont autorisés !)',
 );
--- a/app/Locale/hr_HR/translations.php
+++ b/app/Locale/hr_HR/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    // 'XBT - Bitcoin' => '',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/hu_HU/translations.php
+++ b/app/Locale/hu_HU/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    'HUF - Hungarian Forint' => 'HUF – magyar forint',
    'XBT - Bitcoin' => 'XBT – Bitcoin',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/id_ID/translations.php
+++ b/app/Locale/id_ID/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - Bitcoin',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/it_IT/translations.php
+++ b/app/Locale/it_IT/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    // 'XBT - Bitcoin' => '',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/ja_JP/translations.php
+++ b/app/Locale/ja_JP/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - Bitcoin',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/ko_KR/translations.php
+++ b/app/Locale/ko_KR/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    // 'XBT - Bitcoin' => '',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/mk_MK/translations.php
+++ b/app/Locale/mk_MK/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - биткоин',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/my_MY/translations.php
+++ b/app/Locale/my_MY/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    // 'XBT - Bitcoin' => '',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/nb_NO/translations.php
+++ b/app/Locale/nb_NO/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    // 'XBT - Bitcoin' => '',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/nl_NL/translations.php
+++ b/app/Locale/nl_NL/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    // 'XBT - Bitcoin' => '',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/pl_PL/translations.php
+++ b/app/Locale/pl_PL/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - Bitcoin',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/pt_BR/translations.php
+++ b/app/Locale/pt_BR/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - Bitcoin',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/pt_PT/translations.php
+++ b/app/Locale/pt_PT/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - Bitcoin',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/ro_RO/translations.php
+++ b/app/Locale/ro_RO/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    // 'XBT - Bitcoin' => '',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/ru_RU/translations.php
+++ b/app/Locale/ru_RU/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - Биткоин',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/sk_SK/translations.php
+++ b/app/Locale/sk_SK/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT – Bitcoin',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/sr_Latn_RS/translations.php
+++ b/app/Locale/sr_Latn_RS/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - Bitkoin',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/sv_SE/translations.php
+++ b/app/Locale/sv_SE/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    // 'XBT - Bitcoin' => '',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/th_TH/translations.php
+++ b/app/Locale/th_TH/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    // 'XBT - Bitcoin' => '',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/tr_TR/translations.php
+++ b/app/Locale/tr_TR/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - Bitcoin',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/uk_UA/translations.php
+++ b/app/Locale/uk_UA/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT – Біткоїн',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/vi_VN/translations.php
+++ b/app/Locale/vi_VN/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    // 'XBT - Bitcoin' => '',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/zh_CN/translations.php
+++ b/app/Locale/zh_CN/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    'XBT - Bitcoin' => 'XBT - 比特币',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Locale/zh_TW/translations.php
+++ b/app/Locale/zh_TW/translations.php
@ -1427,4 +1427,6 @@ return array(
    // 'Estimated vs actual time per column' => '',
    // 'HUF - Hungarian Forint' => '',
    // 'XBT - Bitcoin' => '',
+    // 'You must select a file to upload as your avatar!' => '',
+    // 'The file you uploaded is not a valid image! (Only *.gif, *.jpg, *.jpeg and *.png are allowed!)' => '',
 );
--- a/app/Model/AvatarFileModel.php
+++ b/app/Model/AvatarFileModel.php
@ -136,4 +136,24 @@ class AvatarFileModel extends Base
    {
        return implode(DIRECTORY_SEPARATOR, array(self::PATH_PREFIX, $user_id, hash('sha1', $filename.time())));
    }
+
+    /**
+     * Check if a filename is an image (file types that can be shown as avatar)
+     *
+     * @access public
+     * @param  string   $filename   Filename
+     * @return bool
+     */
+    public function isAvatarImage($filename)
+    {
+        switch (get_file_extension($filename)) {
+            case 'jpeg':
+            case 'jpg':
+            case 'png':
+            case 'gif':
+                return true;
+        }
+
+        return false;
+    }
 }