From fdc2bc39d06ba2f1d59a0402e5ba11b801431d85 Mon Sep 17 00:00:00 2001 From: Daniel Date: Sun, 29 Nov 2020 16:54:29 +0000 Subject: [PATCH] [Cover] Input restrictions, Code cleanup --- plugins/Cover/Controller/Cover.php | 50 ++++++++++++++++++++++++++---- plugins/Cover/Cover.php | 18 ++++++++--- src/Entity/Cover.php | 32 +++++++++++++++---- templates/cover/cover.html.twig | 15 +-------- templates/left/left.html.twig | 4 +-- 5 files changed, 87 insertions(+), 32 deletions(-) diff --git a/plugins/Cover/Controller/Cover.php b/plugins/Cover/Controller/Cover.php index c03dbada79..f9d9c687f2 100644 --- a/plugins/Cover/Controller/Cover.php +++ b/plugins/Cover/Controller/Cover.php @@ -27,23 +27,55 @@ use function App\Core\I18n\_m; use App\Entity\Cover as CoverEntity; use App\Util\Common; use App\Util\Exception\ClientException; -use App\Util\Exception\RedirectException; +use App\Util\Exception\ServerException; use Component\Media\Media; use Component\Media\Media as M; use Symfony\Component\Form\Extension\Core\Type\FileType; use Symfony\Component\Form\Extension\Core\Type\HiddenType; use Symfony\Component\Form\Extension\Core\Type\SubmitType; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\Validator\Constraints\File as F; +/** + * Cover controller + * + * @package GNUsocial + * @category CoverPlugin + * + * @author Daniel Brandao + * @copyright 2020 Free Software Foundation, Inc http://www.fsf.org + * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later + */ class Cover { /** - * Display and handle the cover edit page + * Display and handle the cover edit page, where a user can add or + * edit their cover image + * + * @param Request $request + * + * @throws ClientException Invalid form + * @throws ServerException Invalid file type + * + * @return array template */ public function coverSettings(Request $request) { $form = Form::create([ - ['cover', FileType::class, ['label' => _m('Cover'), 'help' => _m('You can upload your personal cover. The maximum file size is 2MB.')]], + ['cover', FileType::class, ['label' => _m('Cover'), 'help' => _m('You can upload your personal cover. The maximum file size is 2MB.'), + 'constraints' => [ + new F([ + 'maxSize' => '2048k', + 'mimeTypes' => [ + 'image/gif', + 'image/png', + 'image/jpeg', + 'image/bmp', + 'image/webp', + ], + 'maxSizeMessage' => 'Image exceeded maximum size', + 'mimeTypesMessage' => 'Please upload a valid image', + ]), ], ]], ['hidden', HiddenType::class, []], ['save', SubmitType::class, ['label' => _m('Submit')]], ]); @@ -56,6 +88,10 @@ class Cover } else { throw new ClientException('Invalid form'); } + + if (explode('/',$sfile->getMimeType())[0] != 'image') { + throw new ServerException('Invalid file type'); + } $user = Common::user(); $actor_id = $user->getId(); $file = Media::validateAndStoreFile($sfile, Common::config('cover', 'dir'), $title = null, $is_local = true, $use_unique = $actor_id); @@ -63,7 +99,6 @@ class Cover $cover = DB::find('cover', ['gsactor_id' => $actor_id]); // Must get old id before inserting another one if ($cover != null) { - var_dump('test'); $old_file = $cover->delete(); DB::remove($cover); } @@ -78,13 +113,16 @@ class Cover if ($old_file != null) { @unlink($old_file); } - throw new RedirectException(); - //var_dump($cover->getFilePath()); } return ['_template' => 'cover/cover.html.twig', 'form' => $form->createView()]; } + /** + * get user cover + * + * @return mixed cover file + */ public function cover() { $cover = DB::find('cover', ['gsactor_id' => Common::user()->getId()]); diff --git a/plugins/Cover/Cover.php b/plugins/Cover/Cover.php index d923140b19..1add646b6f 100644 --- a/plugins/Cover/Cover.php +++ b/plugins/Cover/Cover.php @@ -26,6 +26,16 @@ use App\Core\Module; use App\Core\Router\RouteLoader; use App\Util\Common; +/** + * Cover plugin main class + * + * @package GNUsocial + * @category CoverPlugin + * + * @author Daniel Brandao + * @copyright 2020 Free Software Foundation, Inc http://www.fsf.org + * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later + */ class Cover extends Module { /** @@ -56,15 +66,15 @@ class Cover extends Module ]]; if (Common::user() != null) { - if (array_key_exists('profile_temp',$vars)) { - $vars['profile_temp'] = []; + if (array_key_exists('profile_extras',$vars)) { + $vars['profile_extras'] = []; } $cover = DB::find('cover', ['gsactor_id' => Common::user()->getId()]); if ($cover != null) { - $vars['profile_temp'][] = ['name' => 'cover', 'vars' => ['img' => '/cover']]; + $vars['profile_extras'][] = ['name' => 'cover', 'vars' => ['img' => '/cover']]; } else { - $vars['profile_temp'][] = ['name' => 'cover', 'vars' => []]; + $vars['profile_extras'][] = ['name' => 'cover', 'vars' => []]; } } return Event::next; diff --git a/src/Entity/Cover.php b/src/Entity/Cover.php index 99cee2d3fd..6be4237460 100644 --- a/src/Entity/Cover.php +++ b/src/Entity/Cover.php @@ -26,6 +26,16 @@ use App\Core\Entity; use App\Util\Common; use DateTimeInterface; +/** + * For storing a cover + * + * @package GNUsocial + * @category CoverPlugin + * + * @author Daniel Brandao + * @copyright 2020 Free Software Foundation, Inc http://www.fsf.org + * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later + */ class Cover extends Entity { // {{{ Autocode @@ -83,17 +93,22 @@ class Cover extends Entity private ?File $file = null; + /** + * get cover file + * + * @return File + */ public function getFile(): File { $this->file = $this->file ?: DB::find('file', ['id' => $this->file_id]); return $this->file; } - public static function getFilePathStatic(string $filename): string - { - return Common::config('cover', 'dir') . $filename; - } - + /** + * get cover file path + * + * @return string + */ public function getFilePath(): string { return Common::config('cover', 'dir') . $this->getFile()->getFileName(); @@ -101,6 +116,12 @@ class Cover extends Entity /** * Delete this cover and the corresponding file and thumbnails, which this owns + * + * @param bool $flush + * @param bool $delete_files_now + * @param bool $cascading + * + * @return array files deleted (if delete_files_now is true) */ public function delete(bool $flush = false, bool $delete_files_now = false, bool $cascading = false): array { @@ -108,7 +129,6 @@ class Cover extends Entity if (!$cascading) { $files = $this->getFile()->delete($cascade = true, $file_flush = false, $delete_files_now); } else { - var_dump('test3'); DB::remove(DB::getReference('cover', ['gsactor_id' => $this->gsactor_id])); $file_path = $this->getFilePath(); $files[] = $file_path; diff --git a/templates/cover/cover.html.twig b/templates/cover/cover.html.twig index 5d47cddec0..96f3060752 100644 --- a/templates/cover/cover.html.twig +++ b/templates/cover/cover.html.twig @@ -2,12 +2,6 @@ {% block title %}Cover Settings{% endblock %} -{% block stylesheets %} - {{ parent() }} - - -{% endblock %} - {% block body %} {{ parent() }} {% endblock body %} @@ -15,12 +9,5 @@ {% block form %}
{{ form(form) }} -
- -
-{% endblock form %} - -{% block javascripts %} - -{% endblock javascripts %} \ No newline at end of file +{% endblock form %} \ No newline at end of file diff --git a/templates/left/left.html.twig b/templates/left/left.html.twig index aef280f4cd..6656ac9c9e 100644 --- a/templates/left/left.html.twig +++ b/templates/left/left.html.twig @@ -17,8 +17,8 @@
- {% for temp in profile_temp %} - {% include '/'~ temp.name ~ '/view.html.twig' with {'vars': temp.vars} only %} + {% for extra in profile_extras %} + {% include '/'~ extra.name ~ '/view.html.twig' with {'vars': extra.vars} only %} {% endfor %} Your avatar.