16
Humm, after looking into the code I get more convinced that it is a 2.5 bug and that the intention of
le="color: #000000"><?php if (false === strpos($user_avatarpath, realpath(XOOPS_UPLOAD_PATH)) && is_file($user_avatarpath)) { $oldavatar = $xoopsUser->getVar('user_avatar'); $xoopsUser->setVar('user_avatar', $user_avatar); $member_handler =& xoops_gethandler('member'); if (!$member_handler->insertUser($xoopsUser)) { include $GLOBALS['xoops']->path('header.php'); echo $xoopsUser->getHtmlErrors(); include $GLOBALS['xoops']->path('footer.php'); exit(); } if ($oldavatar && preg_match("/^cavt/", strtolower(substr($oldavatar,8)))) { $avatars = $avt_handler->getObjects(new Criteria('avatar_file', $oldavatar)); if (!empty($avatars) && count($avatars) == 1 && is_object($avatars[0])) { $avt_handler->delete($avatars[0]); $oldavatar_path = str_replace("", "/", realpath(XOOPS_UPLOAD_PATH . '/' . $oldavatar)); if (false === strpos($oldavatar_path, realpath(XOOPS_UPLOAD_PATH)) && is_file($oldavatar_path)) { unlink($oldavatar_path); } } } if ($user_avatar != 'avatars/blank.gif') { $avatars = $avt_handler->getObjects(new Criteria('avatar_file', $user_avatar)); if (is_object($avatars[0])) { $avt_handler->addUser($avatars[0]->getVar('avatar_id'), $xoopsUser->getVar('uid')); } } }
(was in 2.3.3
le="color: #000000"><?php if (0 === strpos($user_avatarpath, realpath(XOOPS_UPLOAD_PATH)) && is_file($user_avatarpath)) {
)
is to process the if block when the path starts with the XOOPS upload path and not something to do when the upload path is not present.
So all these 3 changes in /edituser.php and /modules/profile/edituser.php should be reverted!