/** * Avatar specific rules. * * Adds an error if the avatar size or type don't match BuddyPress needs. * The error code is the index of $upload_error_strings. * * @since 2.3.0 * * @param array $file the temporary file attributes (before it has been moved). * @return array the file with extra errors if needed. */ public function validate_upload($file = array()) { // Bail if already an error. if (!empty($file['error'])) { return $file; } // File size is too big. if (!bp_core_check_avatar_size(array('file' => $file))) { $file['error'] = 9; // File is of invalid type. } elseif (!bp_core_check_avatar_type(array('file' => $file))) { $file['error'] = 10; } // Return with error code attached. return $file; }
function bp_core_avatar_admin($message = null, $action, $delete_action) { global $wp_upload_error; ?> <?php if (!isset($_POST['slick_avatars_action']) && !isset($_GET['slick_avatars_action'])) { ?> <?php if ($message) { ?> <br /> <div id="message" class="updated fade"> <p><?php echo $message; ?> </p> </div> <?php } ?> <p><?php _e('Your avatar will be used on your profile and throughout the site.', 'buddypress'); ?> </p> <p><?php _e('Click below to select a JPG, GIF or PNG format photo from your computer and then click \'Upload Photo\' to proceed.', 'buddypress'); ?> </p> <?php bp_core_render_avatar_upload_form($action); $str = bp_core_get_avatar(get_current_user_id(), 1); if (strlen($str)) { echo '<h3>' . __('This is your current avatar', 'buddypress') . '</h3>'; echo '<span class="crop-img avatar">' . bp_core_get_avatar(get_current_user_id(), 1) . '</span>'; echo '<span class="crop-img avatar">' . bp_core_get_avatar(get_current_user_id(), 2) . '</span>'; echo '<a href="' . wp_nonce_url($delete_action, 'bp_delete_avatar_link') . '">' . __('Delete', 'buddypress') . '</a>'; } } else { if (isset($_POST['slick_avatars_action']) && 'upload' == $_POST['slick_avatars_action']) { // Confirm that the nonce is valid if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'slick_avatars')) { bp_core_ap_die('Security error.'); } // Set friendly error feedback. $uploadErrors = array(0 => __("There is no error, the file uploaded with success", 'buddypress'), 1 => __("Your image was bigger than the maximum allowed file size of: ", 'buddypress') . size_format(CORE_MAX_FILE_SIZE), 2 => __("Your image was bigger than the maximum allowed file size of: ", 'buddypress') . size_format(CORE_MAX_FILE_SIZE), 3 => __("The uploaded file was only partially uploaded", 'buddypress'), 4 => __("No file was uploaded", 'buddypress'), 6 => __("Missing a temporary folder", 'buddypress')); if (!bp_core_check_avatar_upload($_FILES)) { bp_core_ap_die(sprintf(__('Your upload failed, please try again. Error was: %s', 'buddypress'), $uploadErrors[$_FILES['file']['error']])); } if (!bp_core_check_avatar_size($_FILES)) { bp_core_ap_die(sprintf(__('The file you uploaded is too big. Please upload a file under %s', 'buddypress'), size_format(CORE_MAX_FILE_SIZE))); } if (!bp_core_check_avatar_type($_FILES)) { bp_core_ap_die(__('Please upload only JPG, GIF or PNG photos.', 'buddypress')); } // "Handle" upload into temporary location if (!($original = bp_core_handle_avatar_upload($_FILES))) { bp_core_ap_die(sprintf(__('Upload Failed! Error was: %s', 'buddypress'), $wp_upload_error)); } // Resize down to something we can display on the page or use original if its small enough already. if (!($canvas = bp_core_resize_avatar($original))) { $canvas = $original; } // Render the cropper UI bp_core_render_avatar_cropper($original, $canvas, $action); } else { if (isset($_POST['slick_avatars_action']) && 'crop' == $_POST['slick_avatars_action']) { // Crop, save, store // Confirm that the nonce is valid if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'slick_avatars')) { bp_core_ap_die(__('Security error.', 'buddypress')); } if (!bp_core_check_crop($_POST['orig'], $_POST['canvas'])) { bp_core_ap_die(__('Error when cropping, please go back and try again', 'buddypress')); } if (!($result = bp_core_avatar_cropstore(stripslashes($_POST['orig']), $_POST['canvas'], $_POST['v1_x1'], $_POST['v1_y1'], $_POST['v1_w'], $_POST['v1_h'], $_POST['v2_x1'], $_POST['v2_y1'], $_POST['v2_w'], $_POST['v2_h']))) { bp_core_ap_die(__('Error when saving avatars, please go back and try again.', 'buddypress')); } // Store details to the DB and we're done echo '<p>' . __('Your new avatar was successfully created!', 'buddypress') . '</p>'; bp_core_avatar_save($result); echo '<span class="crop-img">' . bp_core_get_avatar(get_current_user_id(), 1) . '</span>'; if (CORE_AVATAR_V2_W && CORE_AVATAR_V2_H) { echo '<span class="crop-img">' . bp_core_get_avatar(get_current_user_id(), 2) . '</span>'; } } else { if (isset($_GET['slick_avatars_action']) && 'delete' == $_GET['slick_avatars_action']) { // Delete an avatar bp_core_delete_avatar(); unset($_GET['slick_avatars_action']); $message = __('Avatar successfully removed.', 'buddypress'); bp_core_avatar_admin($message); } } } } ?> <?php }
/** * Handle avatar uploading. * * The functions starts off by checking that the file has been uploaded * properly using bp_core_check_avatar_upload(). It then checks that the file * size is within limits, and that it has an accepted file extension (jpg, gif, * png). If everything checks out, crop the image and move it to its real * location. * * @see bp_core_check_avatar_upload() * @see bp_core_check_avatar_type() * * @param array $file The appropriate entry the from $_FILES superglobal. * @param string $upload_dir_filter A filter to be applied to 'upload_dir'. * @return bool True on success, false on failure. */ function bp_core_avatar_handle_upload($file, $upload_dir_filter) { /*** * You may want to hook into this filter if you want to override this function. * Make sure you return false. */ if (!apply_filters('bp_core_pre_avatar_handle_upload', true, $file, $upload_dir_filter)) { return true; } require_once ABSPATH . '/wp-admin/includes/file.php'; $uploadErrors = array(0 => __('The image was uploaded successfully', 'buddypress'), 1 => __('The image exceeds the maximum allowed file size of: ', 'buddypress') . size_format(bp_core_avatar_original_max_filesize()), 2 => __('The image exceeds the maximum allowed file size of: ', 'buddypress') . size_format(bp_core_avatar_original_max_filesize()), 3 => __('The uploaded file was only partially uploaded.', 'buddypress'), 4 => __('The image was not uploaded.', 'buddypress'), 6 => __('Missing a temporary folder.', 'buddypress')); if (!bp_core_check_avatar_upload($file)) { bp_core_add_message(sprintf(__('Your upload failed, please try again. Error was: %s', 'buddypress'), $uploadErrors[$file['file']['error']]), 'error'); return false; } if (!bp_core_check_avatar_size($file)) { bp_core_add_message(sprintf(__('The file you uploaded is too big. Please upload a file under %s', 'buddypress'), size_format(bp_core_avatar_original_max_filesize())), 'error'); return false; } if (!bp_core_check_avatar_type($file)) { bp_core_add_message(__('Please upload only JPG, GIF or PNG photos.', 'buddypress'), 'error'); return false; } // Filter the upload location add_filter('upload_dir', $upload_dir_filter, 10, 0); $bp = buddypress(); $bp->avatar_admin->original = wp_handle_upload($file['file'], array('action' => 'bp_avatar_upload')); // Remove the upload_dir filter, so that other upload URLs on the page // don't break remove_filter('upload_dir', $upload_dir_filter, 10, 0); // Move the file to the correct upload location. if (!empty($bp->avatar_admin->original['error'])) { bp_core_add_message(sprintf(__('Upload Failed! Error was: %s', 'buddypress'), $bp->avatar_admin->original['error']), 'error'); return false; } // Get image size $size = @getimagesize($bp->avatar_admin->original['file']); $error = false; // Check image size and shrink if too large if ($size[0] > bp_core_avatar_original_max_width()) { $editor = wp_get_image_editor($bp->avatar_admin->original['file']); if (!is_wp_error($editor)) { $editor->set_quality(100); $resized = $editor->resize(bp_core_avatar_original_max_width(), bp_core_avatar_original_max_width(), false); if (!is_wp_error($resized)) { $thumb = $editor->save($editor->generate_filename()); } else { $error = $resized; } // Check for thumbnail creation errors if (false === $error && is_wp_error($thumb)) { $error = $thumb; } // Thumbnail is good so proceed if (false === $error) { $bp->avatar_admin->resized = $thumb; } } else { $error = $editor; } if (false !== $error) { bp_core_add_message(sprintf(__('Upload Failed! Error was: %s', 'buddypress'), $error->get_error_message()), 'error'); return false; } } if (!isset($bp->avatar_admin->image)) { $bp->avatar_admin->image = new stdClass(); } // We only want to handle one image after resize. if (empty($bp->avatar_admin->resized)) { $bp->avatar_admin->image->dir = str_replace(bp_core_avatar_upload_path(), '', $bp->avatar_admin->original['file']); } else { $bp->avatar_admin->image->dir = str_replace(bp_core_avatar_upload_path(), '', $bp->avatar_admin->resized['path']); @unlink($bp->avatar_admin->original['file']); } // Check for WP_Error on what should be an image if (is_wp_error($bp->avatar_admin->image->dir)) { bp_core_add_message(sprintf(__('Upload failed! Error was: %s', 'buddypress'), $bp->avatar_admin->image->dir->get_error_message()), 'error'); return false; } // If the uploaded image is smaller than the "full" dimensions, throw // a warning $uploaded_image = @getimagesize(bp_core_avatar_upload_path() . buddypress()->avatar_admin->image->dir); $full_width = bp_core_avatar_full_width(); $full_height = bp_core_avatar_full_height(); if (isset($uploaded_image[0]) && $uploaded_image[0] < $full_width || $uploaded_image[1] < $full_height) { bp_core_add_message(sprintf(__('You have selected an image that is smaller than recommended. For best results, upload a picture larger than %d x %d pixels.', 'buddypress'), $full_width, $full_height), 'error'); } // Set the url value for the image $bp->avatar_admin->image->url = bp_core_avatar_url() . $bp->avatar_admin->image->dir; return true; }
function bp_core_avatar_handle_upload( $file, $upload_dir_filter ) { global $bp; /*** * You may want to hook into this filter if you want to override this function. * Make sure you return false. */ if ( !apply_filters( 'bp_core_pre_avatar_handle_upload', true, $file, $upload_dir_filter ) ) return true; require_once( ABSPATH . '/wp-admin/includes/image.php' ); require_once( ABSPATH . '/wp-admin/includes/file.php' ); $uploadErrors = array( 0 => __("There is no error, the file uploaded with success", 'buddypress'), 1 => __("Your image was bigger than the maximum allowed file size of: ", 'buddypress') . size_format(BP_AVATAR_ORIGINAL_MAX_FILESIZE), 2 => __("Your image was bigger than the maximum allowed file size of: ", 'buddypress') . size_format(BP_AVATAR_ORIGINAL_MAX_FILESIZE), 3 => __("The uploaded file was only partially uploaded", 'buddypress'), 4 => __("No file was uploaded", 'buddypress'), 6 => __("Missing a temporary folder", 'buddypress') ); if ( !bp_core_check_avatar_upload( $file ) ) { bp_core_add_message( sprintf( __( 'Your upload failed, please try again. Error was: %s', 'buddypress' ), $uploadErrors[$file['file']['error']] ), 'error' ); return false; } if ( !bp_core_check_avatar_size( $file ) ) { bp_core_add_message( sprintf( __( 'The file you uploaded is too big. Please upload a file under %s', 'buddypress'), size_format(BP_AVATAR_ORIGINAL_MAX_FILESIZE) ), 'error' ); return false; } if ( !bp_core_check_avatar_type( $file ) ) { bp_core_add_message( __( 'Please upload only JPG, GIF or PNG photos.', 'buddypress' ), 'error' ); return false; } /* Filter the upload location */ add_filter( 'upload_dir', $upload_dir_filter, 10, 0 ); $bp->avatar_admin->original = wp_handle_upload( $file['file'], array( 'action'=> 'bp_avatar_upload' ) ); /* Move the file to the correct upload location. */ if ( !empty( $bp->avatar_admin->original['error'] ) ) { bp_core_add_message( sprintf( __( 'Upload Failed! Error was: %s', 'buddypress' ), $bp->avatar_admin->original['error'] ), 'error' ); return false; } /* Get image size */ $size = @getimagesize( $bp->avatar_admin->original['file'] ); /* Check image size and shrink if too large */ if ( $size[0] > BP_AVATAR_ORIGINAL_MAX_WIDTH ) { $thumb = wp_create_thumbnail( $bp->avatar_admin->original['file'], BP_AVATAR_ORIGINAL_MAX_WIDTH ); /* Check for thumbnail creation errors */ if ( is_wp_error( $thumb ) ) { bp_core_add_message( sprintf( __( 'Upload Failed! Error was: %s', 'buddypress' ), $thumb->get_error_message() ), 'error' ); return false; } /* Thumbnail is good so proceed */ $bp->avatar_admin->resized = $thumb; } /* We only want to handle one image after resize. */ if ( empty( $bp->avatar_admin->resized ) ) $bp->avatar_admin->image->dir = str_replace( BP_AVATAR_UPLOAD_PATH, '', $bp->avatar_admin->original['file'] ); else { $bp->avatar_admin->image->dir = str_replace( BP_AVATAR_UPLOAD_PATH, '', $bp->avatar_admin->resized ); @unlink( $bp->avatar_admin->original['file'] ); } /* Set the url value for the image */ $bp->avatar_admin->image->url = BP_AVATAR_URL . $bp->avatar_admin->image->dir; return true; }
/** * @group bp_core_check_avatar_type */ public function test_bp_core_check_avatar_type() { $plugin_dir = trailingslashit(buddypress()->plugin_dir); $file = array('file' => array('name' => 'humans.txt', 'type' => 'text/plain', 'tmp_name' => $plugin_dir . 'humans.txt')); $this->assertFalse(bp_core_check_avatar_type($file)); $file = array('file' => array('name' => 'mystery-man.jpg', 'type' => 'image/jpeg', 'tmp_name' => $plugin_dir . 'bp-core/images/mystery-man.jpg')); $this->assertTrue(bp_core_check_avatar_type($file)); $file = array('file' => array('name' => 'mystery-man.jpg', 'type' => 'application/octet-stream', 'tmp_name' => $plugin_dir . 'bp-core/images/mystery-man.jpg')); $this->assertTrue(bp_core_check_avatar_type($file), 'flash is using application/octet-stream for image uploads'); }
function xprofile_validate_signup_fields($result) { global $bp_xprofile_callback, $avatar_error, $avatar_error_msg, $has_errors; global $canvas, $original; global $current_site, $active_signup; global $wp_upload_error; if ($_POST['stage'] != 'validate-user-signup') { return $result; } // form has been submitted, let's validate the form // using the built in Wordpress functions and our own. extract($result); $counter = 0; $has_errors = false; $prev_field_id = -1; // Validate all sign up fields $fields = BP_XProfile_Field::get_signup_fields(); if ($fields) { foreach ($fields as $field) { $value = $_POST['field_' . $field->id]; // Need to check if the previous field had // the same ID, as to not validate individual // day/month/year dropdowns individually. if ($prev_field_id != $field->id) { $field = new BP_XProfile_Field($field->id); if ('datebox' == $field->type) { if ($_POST['field_' . $field->id . '_day'] != "" && $_POST['field_' . $field->id . '_month'] != "" && $_POST['field_' . $field->id . '_year'] != "") { $value = strtotime($_POST['field_' . $field->id . '_day'] . " " . $_POST['field_' . $field->id . '_month'] . " " . $_POST['field_' . $field->id . '_year']); } } if (is_array($value)) { $value = serialize($value); } $bp_xprofile_callback[$counter] = array("field_id" => $field->id, "type" => $field->type, "value" => $value); if ($field->is_required && empty($value)) { $bp_xprofile_callback[$counter]["error_msg"] = sprintf(__('%s cannot be left blank', 'buddypress'), $field->name); $has_errors = true; } $counter++; } $prev_field_id = $field->id; } } // validate the avatar upload if there is one. $avatar_error = false; $checked_upload = false; $checked_size = false; $checked_type = false; $original = false; $canvas = false; // Set friendly error feedback. $uploadErrors = array(0 => __("There is no error, the file uploaded with success", 'buddypress'), 1 => __("Your image was bigger than the maximum allowed file size of: ", 'buddypress') . size_format(CORE_MAX_FILE_SIZE), 2 => __("Your image was bigger than the maximum allowed file size of: ", 'buddypress') . size_format(CORE_MAX_FILE_SIZE), 3 => __("The uploaded file was only partially uploaded", 'buddypress'), 6 => __("Missing a temporary folder", 'buddypress')); if (isset($_FILES['file'])) { if (4 !== $_FILES['file']['error']) { if (!($checked_upload = bp_core_check_avatar_upload($_FILES))) { $avatar_error = true; $avatar_error_msg = $uploadErrors[$_FILES['file']['error']]; } if ($checked_upload && !($checked_size = bp_core_check_avatar_size($_FILES))) { $avatar_error = true; $avatar_size = size_format(CORE_MAX_FILE_SIZE); $avatar_error_msg = sprintf(__('The file you uploaded is too big. Please upload a file under %s', 'buddypress'), $avatar_size); } if ($checked_upload && $checked_size && !($checked_type = bp_core_check_avatar_type($_FILES))) { $avatar_error = true; $avatar_error_msg = __('Please upload only JPG, GIF or PNG photos.', 'buddypress'); } // "Handle" upload into temporary location if ($checked_upload && $checked_size && $checked_type && !($original = bp_core_handle_avatar_upload($_FILES))) { $avatar_error = true; $avatar_error_msg = sprintf(__('Upload Failed! Error was: %s', 'buddypress'), $wp_upload_error); } if ($checked_upload && $checked_size && $checked_type && $original && !($canvas = bp_core_resize_avatar($original))) { $canvas = $original; } } } if (!$has_errors && !$avatar_error) { $public = (int) $_POST['blog_public']; // put the user profile meta in a session ready to store. for ($i = 0; $i < count($bp_xprofile_callback); $i++) { $meta['field_' . $bp_xprofile_callback[$i]['field_id']] .= $bp_xprofile_callback[$i]['value']; } $meta['xprofile_field_ids'] = $_POST['xprofile_ids']; $meta['avatar_image_resized'] = $canvas; $meta['avatar_image_original'] = $original; $_SESSION['xprofile_meta'] = $meta; } else { $errors->add('bp_xprofile_errors', ''); } return array('user_name' => $user_name, 'user_email' => $user_email, 'errors' => $errors); }
/** * Handles avatar uploading. * * The functions starts off by checking that the file has been uploaded properly using bp_core_check_avatar_upload(). * It then checks that the file size is within limits, and that it has an accepted file extension (jpg, gif, png). * If everything checks out, crop the image and move it to its real location. * * @global object $bp BuddyPress global settings * @param array $file The appropriate entry the from $_FILES superglobal. * @param string $upload_dir_filter A filter to be applied to upload_dir * @return bool Success/failure * @see bp_core_check_avatar_upload() * @see bp_core_check_avatar_type() */ function bp_core_avatar_handle_upload($file, $upload_dir_filter) { global $bp; /*** * You may want to hook into this filter if you want to override this function. * Make sure you return false. */ if (!apply_filters('bp_core_pre_avatar_handle_upload', true, $file, $upload_dir_filter)) { return true; } require_once ABSPATH . '/nxt-admin/includes/image.php'; require_once ABSPATH . '/nxt-admin/includes/file.php'; $uploadErrors = array(0 => __("There is no error, the file uploaded with success", 'buddypress'), 1 => __("Your image was bigger than the maximum allowed file size of: ", 'buddypress') . size_format(bp_core_avatar_original_max_filesize()), 2 => __("Your image was bigger than the maximum allowed file size of: ", 'buddypress') . size_format(bp_core_avatar_original_max_filesize()), 3 => __("The uploaded file was only partially uploaded", 'buddypress'), 4 => __("No file was uploaded", 'buddypress'), 6 => __("Missing a temporary folder", 'buddypress')); if (!bp_core_check_avatar_upload($file)) { bp_core_add_message(sprintf(__('Your upload failed, please try again. Error was: %s', 'buddypress'), $uploadErrors[$file['file']['error']]), 'error'); return false; } if (!bp_core_check_avatar_size($file)) { bp_core_add_message(sprintf(__('The file you uploaded is too big. Please upload a file under %s', 'buddypress'), size_format(bp_core_avatar_original_max_filesize())), 'error'); return false; } if (!bp_core_check_avatar_type($file)) { bp_core_add_message(__('Please upload only JPG, GIF or PNG photos.', 'buddypress'), 'error'); return false; } // Filter the upload location add_filter('upload_dir', $upload_dir_filter, 10, 0); $bp->avatar_admin->original = nxt_handle_upload($file['file'], array('action' => 'bp_avatar_upload')); // Move the file to the correct upload location. if (!empty($bp->avatar_admin->original['error'])) { bp_core_add_message(sprintf(__('Upload Failed! Error was: %s', 'buddypress'), $bp->avatar_admin->original['error']), 'error'); return false; } // Get image size $size = @getimagesize($bp->avatar_admin->original['file']); // Check image size and shrink if too large if ($size[0] > bp_core_avatar_original_max_width()) { $thumb = nxt_create_thumbnail($bp->avatar_admin->original['file'], bp_core_avatar_original_max_width()); // Check for thumbnail creation errors if (is_nxt_error($thumb)) { bp_core_add_message(sprintf(__('Upload Failed! Error was: %s', 'buddypress'), $thumb->get_error_message()), 'error'); return false; } // Thumbnail is good so proceed $bp->avatar_admin->resized = $thumb; } // We only want to handle one image after resize. if (empty($bp->avatar_admin->resized)) { $bp->avatar_admin->image->dir = str_replace(bp_core_avatar_upload_path(), '', $bp->avatar_admin->original['file']); } else { $bp->avatar_admin->image->dir = str_replace(bp_core_avatar_upload_path(), '', $bp->avatar_admin->resized); @unlink($bp->avatar_admin->original['file']); } // Check for nxt_Error on what should be an image if (is_nxt_error($bp->avatar_admin->image->dir)) { bp_core_add_message(sprintf(__('Upload failed! Error was: %s', 'buddypress'), $bp->avatar_admin->image->dir->get_error_message()), 'error'); return false; } // Set the url value for the image $bp->avatar_admin->image->url = bp_core_avatar_url() . $bp->avatar_admin->image->dir; return true; }
function groups_avatar_upload($file) { // validate the group avatar upload if there is one. $avatar_error = false; // Set friendly error feedback. $uploadErrors = array(0 => __("There is no error, the file uploaded with success", 'buddypress'), 1 => __("The uploaded file exceeds the upload_max_filesize directive in php.ini", 'buddypress'), 2 => __("The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form", 'buddypress'), 3 => __("The uploaded file was only partially uploaded", 'buddypress'), 4 => __("No file was uploaded", 'buddypress'), 6 => __("Missing a temporary folder", 'buddypress')); if (!bp_core_check_avatar_upload($file)) { $avatar_error = true; $avatar_error_msg = __('Your group avatar upload failed, please try again. Error was: ' . $uploadErrors[$file['file']['error']], 'buddypress'); } else { if (!bp_core_check_avatar_size($file)) { $avatar_error = true; $avatar_size = size_format(1024 * CORE_MAX_FILE_SIZE); $avatar_error_msg = __('The file you uploaded is too big. Please upload a file under', 'buddypress') . size_format(CORE_MAX_FILE_SIZE); } else { if (!bp_core_check_avatar_type($file)) { $avatar_error = true; $avatar_error_msg = __('Please upload only JPG, GIF or PNG photos.', 'buddypress'); } else { if (!($original = bp_core_handle_avatar_upload($file))) { $avatar_error = true; $avatar_error_msg = __('Upload Failed! Please check the permissions on the group avatar upload directory.', 'buddypress'); } } } } if (!($canvas = bp_core_resize_avatar($original))) { $canvas = $original; } if ($avatar_error) { ?> <div id="message" class="error"> <p><?php echo $avatar_error_msg; ?> </p> </div> <?php bp_core_render_avatar_upload_form('', true); } else { bp_core_render_avatar_cropper($original, $canvas, null, null, false, $bp->loggedin_user->domain); } }