16
Humm, after looking into the code I get more convinced that it is a 2.5 bug and that the intention of
if (false === strpos($user_avatarpath, realpath(XOOPS_UPLOAD_PATH)) && is_file($user_avatarpath)) {
$oldavatar = $xoopsUser->getVar('user_avatar');
$xoopsUser->setVar('user_avatar', $user_avatar);
$member_handler =& xoops_gethandler('member');
if (!$member_handler->insertUser($xoopsUser)) {
include $GLOBALS['xoops']->path('header.php');
echo $xoopsUser->getHtmlErrors();
include $GLOBALS['xoops']->path('footer.php');
exit();
}
if ($oldavatar && preg_match("/^cavt/", strtolower(substr($oldavatar,8)))) {
$avatars = $avt_handler->getObjects(new Criteria('avatar_file', $oldavatar));
if (!empty($avatars) && count($avatars) == 1 && is_object($avatars[0])) {
$avt_handler->delete($avatars[0]);
$oldavatar_path = str_replace("", "/", realpath(XOOPS_UPLOAD_PATH . '/' . $oldavatar));
if (false === strpos($oldavatar_path, realpath(XOOPS_UPLOAD_PATH)) && is_file($oldavatar_path)) {
unlink($oldavatar_path);
}
}
}
if ($user_avatar != 'avatars/blank.gif') {
$avatars = $avt_handler->getObjects(new Criteria('avatar_file', $user_avatar));
if (is_object($avatars[0])) {
$avt_handler->addUser($avatars[0]->getVar('avatar_id'), $xoopsUser->getVar('uid'));
}
}
}
(was in 2.3.3
if (0 === strpos($user_avatarpath, realpath(XOOPS_UPLOAD_PATH)) && is_file($user_avatarpath)) {
)
is to process the if block when the path starts with the XOOPS upload path and not something to do when the upload path is not present.
So all these 3 changes in /edituser.php and /modules/profile/edituser.php should be reverted!
