ISSUE-241 Fix the show users image in the lists
This commit is contained in:
Brayan Pereyra
@@ -2,89 +2,63 @@
|
|||||||
|
|
||||||
use ProcessMaker\Model\User;
|
use ProcessMaker\Model\User;
|
||||||
|
|
||||||
|
if (($RBAC_Response = $RBAC->userCanAccess( "PM_LOGIN" )) != 1) {
|
||||||
if (($RBAC_Response = $RBAC->userCanAccess( "PM_LOGIN" )) != 1)
|
|
||||||
return $RBAC_Response;
|
return $RBAC_Response;
|
||||||
|
}
|
||||||
|
|
||||||
$direction = PATH_IMAGES_ENVIRONMENT_USERS . $_REQUEST['pUID'] . ".gif";
|
// Validate transversal path in pUID parameter
|
||||||
// header('Pragma: ');
|
$pUID = basename($_REQUEST['pUID']); // Elimina path traversal
|
||||||
// header('Cache-Control: cache');
|
$pUID = preg_replace('/[^a-zA-Z0-9_-]/', '', $pUID); // Solo caracteres seguros
|
||||||
|
|
||||||
|
if (empty($pUID)) {
|
||||||
|
$filename = PATH_HOME . 'public_html/images/user.gif';
|
||||||
|
} else {
|
||||||
|
$filename = PATH_IMAGES_ENVIRONMENT_USERS . $pUID . ".gif";
|
||||||
|
}
|
||||||
|
|
||||||
if (! file_exists( $direction )) {
|
// Verify if user image exists, if not, try to get it by USR_UID, if still not found, use default user image
|
||||||
|
if (!file_exists($filename)) {
|
||||||
$user = new User();
|
$user = new User();
|
||||||
$filters = array(
|
$filters = array(
|
||||||
'limit' => 1,
|
'limit' => 1,
|
||||||
'fields' => ['USR_UID'],
|
'fields' => ['USR_UID'],
|
||||||
'conditions' => [['USR_ID', '=', $_REQUEST['pUID']]]
|
'conditions' => [['USR_ID', '=', $pUID]]
|
||||||
);
|
);
|
||||||
$result = $user->show($filters);
|
$result = $user->show($filters);
|
||||||
if ($result['total'] == 1){
|
if ($result['total'] == 1){
|
||||||
$direction = PATH_IMAGES_ENVIRONMENT_USERS . $result['data'][0]['USR_UID'] . ".gif";
|
$filename = PATH_IMAGES_ENVIRONMENT_USERS . $result['data'][0]['USR_UID'] . ".gif";
|
||||||
if (! file_exists( $direction )) {
|
if (!file_exists($filename)) {
|
||||||
$direction = PATH_HOME . 'public_html/images/user.gif';
|
$filename = PATH_HOME . 'public_html/images/user.gif';
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$direction = PATH_HOME . 'public_html/images/user.gif';
|
$filename = PATH_HOME . 'public_html/images/user.gif';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
G::sendHeaders( $direction );
|
// Verify if file exists, if not, return 404
|
||||||
|
if (! file_exists( $filename )) {
|
||||||
DumpHeaders( $direction );
|
header('HTTP/1.1 404 Not Found');
|
||||||
|
exit();
|
||||||
/*
|
|
||||||
* This function is verified to work with Netscape and the *very latest*
|
|
||||||
* version of IE. I don't know if it works with Opera, but it should now.
|
|
||||||
*/
|
|
||||||
function DumpHeaders ($filename)
|
|
||||||
{
|
|
||||||
|
|
||||||
global $root_path;
|
|
||||||
|
|
||||||
if (! $filename)
|
|
||||||
return;
|
|
||||||
|
|
||||||
$HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
|
|
||||||
|
|
||||||
$isIE = 0;
|
|
||||||
|
|
||||||
if (strstr( $HTTP_USER_AGENT, 'compatible; MSIE ' ) !== false && strstr( $HTTP_USER_AGENT, 'Opera' ) === false) {
|
|
||||||
$isIE = 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (strstr( $HTTP_USER_AGENT, 'compatible; MSIE 6' ) !== false && strstr( $HTTP_USER_AGENT, 'Opera' ) === false) {
|
// Get file info
|
||||||
$isIE6 = 1;
|
$lastModified = filemtime($filename);
|
||||||
|
$fileSize = filesize($filename);
|
||||||
|
$etag = md5($fileSize . $lastModified . $filename);
|
||||||
|
|
||||||
|
header('Content-Type: image/gif');
|
||||||
|
header('ETag: "' . $etag . '"');
|
||||||
|
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $lastModified) . ' GMT');
|
||||||
|
header('Content-Length: ' . $fileSize);
|
||||||
|
header('Cache-Control: public, must-revalidate, max-age=300'); // 5 min cache
|
||||||
|
|
||||||
|
// Validate Client eTAg
|
||||||
|
$clientEtag = isset($_SERVER['HTTP_IF_NONE_MATCH']) ? trim($_SERVER['HTTP_IF_NONE_MATCH']) : '';
|
||||||
|
if ($clientEtag === '"' . $etag . '"') {
|
||||||
|
header('HTTP/1.1 304 Not Modified');
|
||||||
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$aux = preg_replace( '[^-a-zA-Z0-9\.]', '_', $filename );
|
// Show image
|
||||||
$aux = explode( '_', $aux );
|
|
||||||
$downloadName = $aux[count( $aux ) - 1];
|
|
||||||
|
|
||||||
if ($isIE && ! isset( $isIE6 )) {
|
|
||||||
// http://support.microsoft.com/support/kb/articles/Q182/3/15.asp
|
|
||||||
// Do not have quotes around filename, but that applied to
|
|
||||||
// "attachment"... does it apply to inline too?
|
|
||||||
|
|
||||||
|
|
||||||
// This combination seems to work mostly. IE 5.5 SP 1 has
|
|
||||||
// known issues (see the Microsoft Knowledge Base)
|
|
||||||
header( "Content-Disposition: inline; filename=$downloadName" );
|
|
||||||
|
|
||||||
// This works for most types, but doesn't work with Word files
|
|
||||||
header( "Content-Type: application/download; name=\"$downloadName\"" );
|
|
||||||
|
|
||||||
//header("Content-Type: $type0/$type1; name=\"$downloadName\"");
|
|
||||||
//header("Content-Type: application/x-msdownload; name=\"$downloadName\"");
|
|
||||||
//header("Content-Type: application/octet-stream; name=\"$downloadName\"");
|
|
||||||
} else {
|
|
||||||
header( "Content-Disposition: attachment; filename=\"$downloadName\"" );
|
|
||||||
header( "Content-Type: application/octet-stream; name=\"$downloadName\"" );
|
|
||||||
}
|
|
||||||
|
|
||||||
//$filename = PATH_UPLOAD . "$filename";
|
|
||||||
readfile($filename);
|
readfile($filename);
|
||||||
}
|
exit();
|
||||||
|
|
||||||
//G::header2( "location: /files/" .$_SESSION['ENVIRONMENT']. "/" .$appid, $filename);
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user