aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Profile_photo.php
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2016-10-23 17:46:29 -0700
committerzotlabs <mike@macgirvin.com>2016-10-23 17:46:29 -0700
commit5c891bcfb55c662bfb5d86b0d5695bd03523e842 (patch)
tree36448f578c01a9d55f83a956a6f313a595a0303e /Zotlabs/Module/Profile_photo.php
parent547c70076499010b240ec174696176a2f5de0dc8 (diff)
downloadvolse-hubzilla-5c891bcfb55c662bfb5d86b0d5695bd03523e842.tar.gz
volse-hubzilla-5c891bcfb55c662bfb5d86b0d5695bd03523e842.tar.bz2
volse-hubzilla-5c891bcfb55c662bfb5d86b0d5695bd03523e842.zip
need to perform dbunescbin on stored filenames as well as binary data - this is a no-op under mysql but could provide unpredictable data under postgres
Diffstat (limited to 'Zotlabs/Module/Profile_photo.php')
-rw-r--r--Zotlabs/Module/Profile_photo.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/Zotlabs/Module/Profile_photo.php b/Zotlabs/Module/Profile_photo.php
index 8a12e3799..231b80bcf 100644
--- a/Zotlabs/Module/Profile_photo.php
+++ b/Zotlabs/Module/Profile_photo.php
@@ -98,7 +98,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
if($r) {
$base_image = $r[0];
- $base_image['content'] = (($r[0]['os_storage']) ? @file_get_contents($base_image['content']) : dbunescbin($base_image['content']));
+ $base_image['content'] = (($r[0]['os_storage']) ? @file_get_contents(dbunescbin($base_image['content'])) : dbunescbin($base_image['content']));
$im = photo_factory($base_image['content'], $base_image['mimetype']);
if($im->is_valid()) {
@@ -354,7 +354,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
}
if(intval($r[0]['os_storage']))
- $data = @file_get_contents($r[0]['content']);
+ $data = @file_get_contents(dbunescbin($r[0]['content']));
else
$data = dbunescbin($r[0]['content']);