Wrong UID used if editing another user's image

squio - November 26, 2007 - 16:22

Project:	User Picture Resizer
Version:	5.x-1.x-dev
Component:	Code
Category:	bug report
Priority:	normal
Assigned:	Unassigned
Status:	needs review

<?php
function resizer_submit_user_picture($edit, $account, $form, $step) {
    global $form_values;
    switch($step) {
        case 2:
//            global $user;
            
            list($width, $height) = explode('x', variable_get('user_picture_dimensions', '85x85'));
            
            $path = $_SERVER['DOCUMENT_ROOT'].base_path().file_directory_temp();
            
            $oldImage = $_POST['tmp_picture_name'];            
            list($filename,$extension) = explode('.',$oldImage);
            
            $newImage = createThumbnail($oldImage,$path,"-thumb",$extension,$_REQUEST['x1'],$_REQUEST['y1'],$width, $height,$_REQUEST['width'],$_REQUEST['height'],500);
            
            //$_POST['newImage'] = file_directory_temp().'/'.$newImage;
            $src = $_SERVER['DOCUMENT_ROOT'].base_path().file_directory_temp().'/'.$newImage;
            $pictures_dir = base_path().file_directory_path().'/'.variable_get('user_picture_path', 'pictures').'/';
//            $dest = $_SERVER['DOCUMENT_ROOT'].$pictures_dir.'picture-'.$user->uid.'.'.$extension;
            $dest = $_SERVER['DOCUMENT_ROOT'].$pictures_dir.'picture-'.$account->uid.'.'.$extension;
            file_copy($src,$dest,FILE_EXISTS_REPLACE);
//            $form_values['picture'] = file_directory_path().'/'.variable_get('user_picture_path', 'pictures').'/'.'picture-'.$user->uid.'.'.$extension;
            $form_values['picture'] = file_directory_path().'/'.variable_get('user_picture_path', 'pictures').'/'.'picture-'.$account->uid.'.'.$extension;
            break;
    }
}
?>

» Login or register to post comments

#1

squio - November 26, 2007 - 16:24

Status:

active

» needs review

Wrong UID used if editing another user's image

Jump to:

#1

User login

Contributor links