From a61929730ef6f4a24d877fb8562f34f837d0c82c Mon Sep 17 00:00:00 2001 From: Toby Zerner Date: Mon, 23 Nov 2015 14:14:53 +1030 Subject: [PATCH] Validate avatar URL Still needs refactor --- src/Core/Command/RegisterUserHandler.php | 31 +++++++++++++++++++++--- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/src/Core/Command/RegisterUserHandler.php b/src/Core/Command/RegisterUserHandler.php index b9c7a735d..ee7045c1c 100644 --- a/src/Core/Command/RegisterUserHandler.php +++ b/src/Core/Command/RegisterUserHandler.php @@ -10,6 +10,7 @@ namespace Flarum\Core\Command; +use Exception; use Flarum\Core\Access\AssertPermissionTrait; use Flarum\Core\User; use Flarum\Core\AuthToken; @@ -20,7 +21,10 @@ use Flarum\Foundation\Application; use Flarum\Settings\SettingsRepositoryInterface; use Flarum\Core\Exception\PermissionDeniedException; use Illuminate\Contracts\Events\Dispatcher; +use Illuminate\Contracts\Validation\Factory; +use Illuminate\Contracts\Validation\ValidationException; use Illuminate\Support\Str; +use Illuminate\Validation\Validator; use Intervention\Image\ImageManager; use League\Flysystem\Adapter\Local; use League\Flysystem\Filesystem; @@ -52,20 +56,27 @@ class RegisterUserHandler */ protected $uploadDir; + /** + * @var Factory + */ + private $validatorFactory; + /** * @param Dispatcher $events * @param SettingsRepositoryInterface $settings * @param UserValidator $validator * @param Application $app * @param FilesystemInterface $uploadDir + * @param Factory $validatorFactory */ - public function __construct(Dispatcher $events, SettingsRepositoryInterface $settings, UserValidator $validator, Application $app, FilesystemInterface $uploadDir) + public function __construct(Dispatcher $events, SettingsRepositoryInterface $settings, UserValidator $validator, Application $app, FilesystemInterface $uploadDir, Factory $validatorFactory) { $this->events = $events; $this->settings = $settings; $this->validator = $validator; $this->app = $app; $this->uploadDir = $uploadDir; + $this->validatorFactory = $validatorFactory; } /** @@ -119,7 +130,19 @@ class RegisterUserHandler $this->validator->assertValid(array_merge($user->getAttributes(), compact('password'))); - $this->saveAvatarFromUrl($user, array_get($data, 'attributes.avatarUrl')); + if ($avatarUrl = array_get($data, 'attributes.avatarUrl')) { + $validation = $this->validatorFactory->make(compact('avatarUrl'), ['avatarUrl' => 'url']); + + if ($validation->fails()) { + throw new ValidationException($validation); + } + + try { + $this->saveAvatarFromUrl($user, $avatarUrl); + } catch (Exception $e) { + // + } + } $user->save(); @@ -132,12 +155,12 @@ class RegisterUserHandler return $user; } - private function saveAvatarFromUrl(User $user, $avatarUrl) + private function saveAvatarFromUrl(User $user, $url) { $tmpFile = tempnam($this->app->storagePath().'/tmp', 'avatar'); $manager = new ImageManager; - $manager->make($avatarUrl)->fit(100, 100)->save($tmpFile); + $manager->make($url)->fit(100, 100)->save($tmpFile); $mount = new MountManager([ 'source' => new Filesystem(new Local(pathinfo($tmpFile, PATHINFO_DIRNAME))),