Test in Ostatus_profile if avatar is an image before writing to filesystem

This clears one FIXME... We also fix HTTPClient::quickGet() (and a related call in OStatus testfeed.php).
2015-01-27 13:49:26 +01:00 · 2015-01-27 13:49:26 +01:00 · cc996f58db
parent cdd3c52633
commit cc996f58db
3 changed files with 11 additions and 11 deletions
--- a/lib/httpclient.php
+++ b/lib/httpclient.php
@ -177,10 +177,12 @@ class HTTPClient extends HTTP_Request2
    /**
     * Quick static function to GET a URL
     */
-    public static function quickGet($url, $accept='text/html,application/xhtml+xml')
+    public static function quickGet($url, $accept=null)
    {
        $client = new HTTPClient();
-        $client->setHeader('Accept', $accept);
+        if (!is_null($accept)) {
+            $client->setHeader('Accept', $accept);
+        }
        $response = $client->get($url);
        if (!$response->isOk()) {
            // TRANS: Exception. %s is a profile URL.
--- a/plugins/OStatus/classes/Ostatus_profile.php
+++ b/plugins/OStatus/classes/Ostatus_profile.php
@ -1261,15 +1261,13 @@ class Ostatus_profile extends Managed_DataObject
        // ripped from oauthstore.php (for old OMB client)
        $temp_filename = tempnam(sys_get_temp_dir(), 'listener_avatar');
        try {
-            $client = new HTTPClient();
-            $response = $client->get($url);
-
-            if (!$response->isOk()) {
-                // TRANS: Server exception. %s is a URL.
-                throw new ServerException(sprintf(_m('Unable to fetch avatar from %s.'), $url));
+            $imgData = HTTPClient::quickGet($url);
+            // Make sure it's at least an image file. ImageFile can do the rest.
+            if (false === getimagesizefromstring($imgData)) {
+                throw new UnsupportedMediaException(_('Downloaded group avatar was not an image.'));
            }
-            // FIXME: make sure it's an image here instead of _after_ writing to a file?
-            file_put_contents($temp_filename, $response->getBody());
+            file_put_contents($temp_filename, $imgData);
+            unset($imgData);    // No need to carry this in memory.

            if ($this->isGroup()) {
                $id = $this->group_id;
--- a/plugins/OStatus/scripts/testfeed.php
+++ b/plugins/OStatus/scripts/testfeed.php
@ -53,7 +53,7 @@ if (!$sub) {

 // Fetch the URL
 try {
-    $xml = HTTPClient::quickGet($feedurl);
+    $xml = HTTPClient::quickGet($feedurl, 'text/html,application/xhtml+xml');
 } catch (Exception $e) {
    echo sprintf("Could not fetch feedurl %s (%d).\n", $e->getMessage(), $e->getCode());
    exit(1);