[Cover] Input restrictions, Code cleanup

This commit is contained in:
Daniel 2020-11-29 16:54:29 +00:00 committed by Hugo Sales
parent 0d18615fd8
commit e2df8aec10
5 changed files with 87 additions and 32 deletions

View File

@ -27,23 +27,55 @@ use function App\Core\I18n\_m;
use App\Entity\Cover as CoverEntity; use App\Entity\Cover as CoverEntity;
use App\Util\Common; use App\Util\Common;
use App\Util\Exception\ClientException; use App\Util\Exception\ClientException;
use App\Util\Exception\RedirectException; use App\Util\Exception\ServerException;
use Component\Media\Media; use Component\Media\Media;
use Component\Media\Media as M; use Component\Media\Media as M;
use Symfony\Component\Form\Extension\Core\Type\FileType; use Symfony\Component\Form\Extension\Core\Type\FileType;
use Symfony\Component\Form\Extension\Core\Type\HiddenType; use Symfony\Component\Form\Extension\Core\Type\HiddenType;
use Symfony\Component\Form\Extension\Core\Type\SubmitType; use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Validator\Constraints\File as F;
/**
* Cover controller
*
* @package GNUsocial
* @category CoverPlugin
*
* @author Daniel Brandao <up201705812@fe.up.pt>
* @copyright 2020 Free Software Foundation, Inc http://www.fsf.org
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/
class Cover class Cover
{ {
/** /**
* Display and handle the cover edit page * Display and handle the cover edit page, where a user can add or
* edit their cover image
*
* @param Request $request
*
* @throws ClientException Invalid form
* @throws ServerException Invalid file type
*
* @return array template
*/ */
public function coverSettings(Request $request) public function coverSettings(Request $request)
{ {
$form = Form::create([ $form = Form::create([
['cover', FileType::class, ['label' => _m('Cover'), 'help' => _m('You can upload your personal cover. The maximum file size is 2MB.')]], ['cover', FileType::class, ['label' => _m('Cover'), 'help' => _m('You can upload your personal cover. The maximum file size is 2MB.'),
'constraints' => [
new F([
'maxSize' => '2048k',
'mimeTypes' => [
'image/gif',
'image/png',
'image/jpeg',
'image/bmp',
'image/webp',
],
'maxSizeMessage' => 'Image exceeded maximum size',
'mimeTypesMessage' => 'Please upload a valid image',
]), ], ]],
['hidden', HiddenType::class, []], ['hidden', HiddenType::class, []],
['save', SubmitType::class, ['label' => _m('Submit')]], ['save', SubmitType::class, ['label' => _m('Submit')]],
]); ]);
@ -56,6 +88,10 @@ class Cover
} else { } else {
throw new ClientException('Invalid form'); throw new ClientException('Invalid form');
} }
if (explode('/',$sfile->getMimeType())[0] != 'image') {
throw new ServerException('Invalid file type');
}
$user = Common::user(); $user = Common::user();
$actor_id = $user->getId(); $actor_id = $user->getId();
$file = Media::validateAndStoreFile($sfile, Common::config('cover', 'dir'), $title = null, $is_local = true, $use_unique = $actor_id); $file = Media::validateAndStoreFile($sfile, Common::config('cover', 'dir'), $title = null, $is_local = true, $use_unique = $actor_id);
@ -63,7 +99,6 @@ class Cover
$cover = DB::find('cover', ['gsactor_id' => $actor_id]); $cover = DB::find('cover', ['gsactor_id' => $actor_id]);
// Must get old id before inserting another one // Must get old id before inserting another one
if ($cover != null) { if ($cover != null) {
var_dump('test');
$old_file = $cover->delete(); $old_file = $cover->delete();
DB::remove($cover); DB::remove($cover);
} }
@ -78,13 +113,16 @@ class Cover
if ($old_file != null) { if ($old_file != null) {
@unlink($old_file); @unlink($old_file);
} }
throw new RedirectException();
//var_dump($cover->getFilePath());
} }
return ['_template' => 'cover/cover.html.twig', 'form' => $form->createView()]; return ['_template' => 'cover/cover.html.twig', 'form' => $form->createView()];
} }
/**
* get user cover
*
* @return mixed cover file
*/
public function cover() public function cover()
{ {
$cover = DB::find('cover', ['gsactor_id' => Common::user()->getId()]); $cover = DB::find('cover', ['gsactor_id' => Common::user()->getId()]);

View File

@ -26,6 +26,16 @@ use App\Core\Module;
use App\Core\Router\RouteLoader; use App\Core\Router\RouteLoader;
use App\Util\Common; use App\Util\Common;
/**
* Cover plugin main class
*
* @package GNUsocial
* @category CoverPlugin
*
* @author Daniel Brandao <up201705812@fe.up.pt>
* @copyright 2020 Free Software Foundation, Inc http://www.fsf.org
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/
class Cover extends Module class Cover extends Module
{ {
/** /**
@ -56,15 +66,15 @@ class Cover extends Module
]]; ]];
if (Common::user() != null) { if (Common::user() != null) {
if (array_key_exists('profile_temp',$vars)) { if (array_key_exists('profile_extras',$vars)) {
$vars['profile_temp'] = []; $vars['profile_extras'] = [];
} }
$cover = DB::find('cover', ['gsactor_id' => Common::user()->getId()]); $cover = DB::find('cover', ['gsactor_id' => Common::user()->getId()]);
if ($cover != null) { if ($cover != null) {
$vars['profile_temp'][] = ['name' => 'cover', 'vars' => ['img' => '/cover']]; $vars['profile_extras'][] = ['name' => 'cover', 'vars' => ['img' => '/cover']];
} else { } else {
$vars['profile_temp'][] = ['name' => 'cover', 'vars' => []]; $vars['profile_extras'][] = ['name' => 'cover', 'vars' => []];
} }
} }
return Event::next; return Event::next;

View File

@ -26,6 +26,16 @@ use App\Core\Entity;
use App\Util\Common; use App\Util\Common;
use DateTimeInterface; use DateTimeInterface;
/**
* For storing a cover
*
* @package GNUsocial
* @category CoverPlugin
*
* @author Daniel Brandao <up201705812@fe.up.pt>
* @copyright 2020 Free Software Foundation, Inc http://www.fsf.org
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/
class Cover extends Entity class Cover extends Entity
{ {
// {{{ Autocode // {{{ Autocode
@ -83,17 +93,22 @@ class Cover extends Entity
private ?File $file = null; private ?File $file = null;
/**
* get cover file
*
* @return File
*/
public function getFile(): File public function getFile(): File
{ {
$this->file = $this->file ?: DB::find('file', ['id' => $this->file_id]); $this->file = $this->file ?: DB::find('file', ['id' => $this->file_id]);
return $this->file; return $this->file;
} }
public static function getFilePathStatic(string $filename): string /**
{ * get cover file path
return Common::config('cover', 'dir') . $filename; *
} * @return string
*/
public function getFilePath(): string public function getFilePath(): string
{ {
return Common::config('cover', 'dir') . $this->getFile()->getFileName(); return Common::config('cover', 'dir') . $this->getFile()->getFileName();
@ -101,6 +116,12 @@ class Cover extends Entity
/** /**
* Delete this cover and the corresponding file and thumbnails, which this owns * Delete this cover and the corresponding file and thumbnails, which this owns
*
* @param bool $flush
* @param bool $delete_files_now
* @param bool $cascading
*
* @return array files deleted (if delete_files_now is true)
*/ */
public function delete(bool $flush = false, bool $delete_files_now = false, bool $cascading = false): array public function delete(bool $flush = false, bool $delete_files_now = false, bool $cascading = false): array
{ {
@ -108,7 +129,6 @@ class Cover extends Entity
if (!$cascading) { if (!$cascading) {
$files = $this->getFile()->delete($cascade = true, $file_flush = false, $delete_files_now); $files = $this->getFile()->delete($cascade = true, $file_flush = false, $delete_files_now);
} else { } else {
var_dump('test3');
DB::remove(DB::getReference('cover', ['gsactor_id' => $this->gsactor_id])); DB::remove(DB::getReference('cover', ['gsactor_id' => $this->gsactor_id]));
$file_path = $this->getFilePath(); $file_path = $this->getFilePath();
$files[] = $file_path; $files[] = $file_path;

View File

@ -2,12 +2,6 @@
{% block title %}Cover Settings{% endblock %} {% block title %}Cover Settings{% endblock %}
{% block stylesheets %}
{{ parent() }}
<link href="{{ asset('assets/javascript/cropperjs/dist/cropper.css') }}" rel="stylesheet">
<script src="{{ asset('assets/javascript/cropperjs/dist/cropper.js') }}"></script>
{% endblock %}
{% block body %} {% block body %}
{{ parent() }} {{ parent() }}
{% endblock body %} {% endblock body %}
@ -15,12 +9,5 @@
{% block form %} {% block form %}
<div class='form'> <div class='form'>
{{ form(form) }} {{ form(form) }}
<div id="img-container">
<img id="img-cropped">
</div>
</div> </div>
{% endblock form %} {% endblock form %}
{% block javascripts %}
<script type="text/javascript" src="{{ asset('assets/javascript/cropping.js') }}"></script>
{% endblock javascripts %}

View File

@ -17,8 +17,8 @@
<div class='navbar'> <div class='navbar'>
<div class="left-nav"> <div class="left-nav">
<div class='profile'> <div class='profile'>
{% for temp in profile_temp %} {% for extra in profile_extras %}
{% include '/'~ temp.name ~ '/view.html.twig' with {'vars': temp.vars} only %} {% include '/'~ extra.name ~ '/view.html.twig' with {'vars': extra.vars} only %}
{% endfor %} {% endfor %}
<a href="{{ path('settings_avatar') }}"> <a href="{{ path('settings_avatar') }}">
<img src='{{ user_avatar }}' alt="Your avatar." class="icon icon-avatar"> <img src='{{ user_avatar }}' alt="Your avatar." class="icon icon-avatar">