ISSUE-241 Fix the show users image in the lists
This commit is contained in:
Brayan Pereyra
@@ -2,89 +2,63 @@
|
||||
|
||||
use ProcessMaker\Model\User;
|
||||
|
||||
|
||||
if (($RBAC_Response = $RBAC->userCanAccess( "PM_LOGIN" )) != 1)
|
||||
if (($RBAC_Response = $RBAC->userCanAccess( "PM_LOGIN" )) != 1) {
|
||||
return $RBAC_Response;
|
||||
}
|
||||
|
||||
$direction = PATH_IMAGES_ENVIRONMENT_USERS . $_REQUEST['pUID'] . ".gif";
|
||||
// header('Pragma: ');
|
||||
// header('Cache-Control: cache');
|
||||
// Validate transversal path in pUID parameter
|
||||
$pUID = basename($_REQUEST['pUID']); // Elimina path traversal
|
||||
$pUID = preg_replace('/[^a-zA-Z0-9_-]/', '', $pUID); // Solo caracteres seguros
|
||||
|
||||
if (empty($pUID)) {
|
||||
$filename = PATH_HOME . 'public_html/images/user.gif';
|
||||
} else {
|
||||
$filename = PATH_IMAGES_ENVIRONMENT_USERS . $pUID . ".gif";
|
||||
}
|
||||
|
||||
if (! file_exists( $direction )) {
|
||||
// Verify if user image exists, if not, try to get it by USR_UID, if still not found, use default user image
|
||||
if (!file_exists($filename)) {
|
||||
$user = new User();
|
||||
$filters = array(
|
||||
'limit' => 1,
|
||||
'fields' => ['USR_UID'],
|
||||
'conditions' => [['USR_ID', '=', $_REQUEST['pUID']]]
|
||||
'conditions' => [['USR_ID', '=', $pUID]]
|
||||
);
|
||||
$result = $user->show($filters);
|
||||
if ($result['total'] == 1){
|
||||
$direction = PATH_IMAGES_ENVIRONMENT_USERS . $result['data'][0]['USR_UID'] . ".gif";
|
||||
if (! file_exists( $direction )) {
|
||||
$direction = PATH_HOME . 'public_html/images/user.gif';
|
||||
$filename = PATH_IMAGES_ENVIRONMENT_USERS . $result['data'][0]['USR_UID'] . ".gif";
|
||||
if (!file_exists($filename)) {
|
||||
$filename = PATH_HOME . 'public_html/images/user.gif';
|
||||
}
|
||||
} else {
|
||||
$direction = PATH_HOME . 'public_html/images/user.gif';
|
||||
$filename = PATH_HOME . 'public_html/images/user.gif';
|
||||
}
|
||||
}
|
||||
|
||||
G::sendHeaders( $direction );
|
||||
|
||||
DumpHeaders( $direction );
|
||||
|
||||
/*
|
||||
* This function is verified to work with Netscape and the *very latest*
|
||||
* version of IE. I don't know if it works with Opera, but it should now.
|
||||
*/
|
||||
function DumpHeaders ($filename)
|
||||
{
|
||||
|
||||
global $root_path;
|
||||
|
||||
if (! $filename)
|
||||
return;
|
||||
|
||||
$HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
|
||||
|
||||
$isIE = 0;
|
||||
|
||||
if (strstr( $HTTP_USER_AGENT, 'compatible; MSIE ' ) !== false && strstr( $HTTP_USER_AGENT, 'Opera' ) === false) {
|
||||
$isIE = 1;
|
||||
}
|
||||
|
||||
if (strstr( $HTTP_USER_AGENT, 'compatible; MSIE 6' ) !== false && strstr( $HTTP_USER_AGENT, 'Opera' ) === false) {
|
||||
$isIE6 = 1;
|
||||
}
|
||||
|
||||
$aux = preg_replace( '[^-a-zA-Z0-9\.]', '_', $filename );
|
||||
$aux = explode( '_', $aux );
|
||||
$downloadName = $aux[count( $aux ) - 1];
|
||||
|
||||
if ($isIE && ! isset( $isIE6 )) {
|
||||
// http://support.microsoft.com/support/kb/articles/Q182/3/15.asp
|
||||
// Do not have quotes around filename, but that applied to
|
||||
// "attachment"... does it apply to inline too?
|
||||
|
||||
|
||||
// This combination seems to work mostly. IE 5.5 SP 1 has
|
||||
// known issues (see the Microsoft Knowledge Base)
|
||||
header( "Content-Disposition: inline; filename=$downloadName" );
|
||||
|
||||
// This works for most types, but doesn't work with Word files
|
||||
header( "Content-Type: application/download; name=\"$downloadName\"" );
|
||||
|
||||
//header("Content-Type: $type0/$type1; name=\"$downloadName\"");
|
||||
//header("Content-Type: application/x-msdownload; name=\"$downloadName\"");
|
||||
//header("Content-Type: application/octet-stream; name=\"$downloadName\"");
|
||||
} else {
|
||||
header( "Content-Disposition: attachment; filename=\"$downloadName\"" );
|
||||
header( "Content-Type: application/octet-stream; name=\"$downloadName\"" );
|
||||
}
|
||||
|
||||
//$filename = PATH_UPLOAD . "$filename";
|
||||
readfile( $filename );
|
||||
// Verify if file exists, if not, return 404
|
||||
if (! file_exists( $filename )) {
|
||||
header('HTTP/1.1 404 Not Found');
|
||||
exit();
|
||||
}
|
||||
|
||||
//G::header2( "location: /files/" .$_SESSION['ENVIRONMENT']. "/" .$appid, $filename);
|
||||
// Get file info
|
||||
$lastModified = filemtime($filename);
|
||||
$fileSize = filesize($filename);
|
||||
$etag = md5($fileSize . $lastModified . $filename);
|
||||
|
||||
header('Content-Type: image/gif');
|
||||
header('ETag: "' . $etag . '"');
|
||||
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $lastModified) . ' GMT');
|
||||
header('Content-Length: ' . $fileSize);
|
||||
header('Cache-Control: public, must-revalidate, max-age=300'); // 5 min cache
|
||||
|
||||
// Validate Client eTAg
|
||||
$clientEtag = isset($_SERVER['HTTP_IF_NONE_MATCH']) ? trim($_SERVER['HTTP_IF_NONE_MATCH']) : '';
|
||||
if ($clientEtag === '"' . $etag . '"') {
|
||||
header('HTTP/1.1 304 Not Modified');
|
||||
exit;
|
||||
}
|
||||
|
||||
// Show image
|
||||
readfile($filename);
|
||||
exit();
|
||||
|
||||
Reference in New Issue
Block a user