Posted by cgmonroe on February 6, 2012 at 10:31pm
1 follower
| Project: | Avatar Crop |
| Version: | 6.x-1.5-beta1 |
| Component: | Code |
| Category: | bug report |
| Priority: | major |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
If an admin user is editing another user's pictures, the uploaded image will be named using the admin user's UID and not the user being edited. This can lead to an admin user's picture being overwritten.
This is because the code in the avatarcrop_form_submit() function uses the global user value rather than the change_pic_uid SESSION value. Here is the manual patch info:
Original code at about line 125 in avatarcrop.module
$dest = $filepath . '/' .$upload_dir;
$file = file_save_upload('file_upload', $validators, $dest);
global $user;
$owner=$user->uid;
$filetype;
$filetype = $file->filemime;
$extension='';Corrected code
$dest = $filepath . '/' .$upload_dir;
$file = file_save_upload('file_upload', $validators, $dest);
$owner=$_SESSION['change_pic_uid'];
$filetype = $file->filemime;
$extension='';