In order to apply to PHP's POST processing, the MAX_FILE_SIZE field must appear *before* the file upload field. They were incorrectly placed after, where they had no effect on POST processing.
Part of the reported issue was previuosly fixed by dc497ed0 (smaller size images being blanked).
This commit fixes the remaining bug with original-size avatars being left as BMP (which could include the 96px size for instance, which could cause problems in browsers not supporting BMP natively)
Added ImageFile::copyTo() as a convenient alias for resizeTo() when not resizing; this performs the BMP/XPM/XBM->PNG conversion if needed, or copies the original file.
Copying instead of using move_uploaded_file() is fine here since:
a) the files are cleaned up on script completion anyway (vs moving to remove it)
b) we're already performing getimagesize() and possibly load/resize on the file before this point (vs needing to move the file into a usable area to work with open_basedir restrictions that prevent working directly with uploaded files in the temp dir; since this would fail anyway, we lose nothing)
ImageFile::preferredType() now works on $this->type instead of asking for one, to make it handier to use from outside. (This is still needed in order for calling code to generate a target filename.)
Recommended for future:
* additional consolidation between the various ways of uploading avatars (touched avatarsettings, grouplogo, and apiaccountupdateprofileimage with similar minor changes)
* consolidate type checks and file naming into Avatar class
L10n updates
Remove superfluous whitespace
Number parameters in message when two or more are used
ClientException and ServerException should end with a period
* 'testing' of gitorious.org:statusnet/mainline: (63 commits)
Add a scary 'experimental feture' warning & are-you-sure prompt on moveuser.php
fix wrong datatypes (saving string instead of array) in AtomPub notice processing
Account moving is a background activity
return a 409 Conflict when subscription already exists
OStatusPlugin does discovery in Profile::fromURI()
considerably more logging and error checking in AccountMover
add a log method to AccountMover
normalize accounts and check for return in HTTP for moving
move account-moving classes to their own libraries
execution protection on discovery.php
PHPCS discovery.php
Move discovery library from OStatus plugin to core
Revert "Revert "0.9.7alpha1""
first example of moving a user
Parse properties of links in XRD files
Add the Atom username to the XRD output
preserve activities in object
let callers pass in an XMLOutputter to output to
execution protection on discovery.php
PHPCS linkheader.php
...
Removed the free calls (unneeded since destructors now work), and added an error check w/ logging & an exception for future attempts to forward calls to nonexistent object.
* adds Right::CREATEGROUP
* logic in Profile::hasRight() checks for silencing
* NewgroupAction checks for the permission before letting you see or process the form in the UI
* User_group::register() logic does a low-level check on the specified initial group admin, and rejects creation if that user doesn't have the right; guaranteeing that API methods etc will also have this restriction applied sensibly.