Active
Project:
Avatar Crop
Version:
6.x-1.5-beta1
Component:
Code
Priority:
Major
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
6 Feb 2012 at 22:31 UTC
Updated:
6 Feb 2012 at 22:31 UTC
If an admin user is editing another user's pictures, the uploaded image will be named using the admin user's UID and not the user being edited. This can lead to an admin user's picture being overwritten.
This is because the code in the avatarcrop_form_submit() function uses the global user value rather than the change_pic_uid SESSION value. Here is the manual patch info:
Original code at about line 125 in avatarcrop.module
$dest = $filepath . '/' .$upload_dir;
$file = file_save_upload('file_upload', $validators, $dest);
global $user;
$owner=$user->uid;
$filetype;
$filetype = $file->filemime;
$extension='';
Corrected code
$dest = $filepath . '/' .$upload_dir;
$file = file_save_upload('file_upload', $validators, $dest);
$owner=$_SESSION['change_pic_uid'];
$filetype = $file->filemime;
$extension='';