From 499734ebf9fbfefc197bc6dde4439bc9b27f585c Mon Sep 17 00:00:00 2001 From: yystopf Date: Tue, 4 Jan 2022 22:44:39 +0800 Subject: [PATCH] fix: upload user image allow base64 --- app/controllers/application_controller.rb | 10 ++++++++-- app/controllers/users_controller.rb | 14 ++++++-------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d7707391f..4e59a7e07 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -709,14 +709,20 @@ class ApplicationController < ActionController::Base Rails.application.config_for(:configuration)['platform_url'] || request.base_url end + def image_type?(str) + default_type = %w(png jpg gif tif psd svg bmp webp jpeg ico psd) + default_type.include?(str&.downcase) + end + def convert_image! @image = params[:image] @image = @image.nil? && params[:user].present? ? params[:user][:image] : @image return unless @image.present? max_size = EduSetting.get('upload_avatar_max_size') || 2 * 1024 * 1024 # 2M if @image.class == ActionDispatch::Http::UploadedFile - render_error('请上传文件') if @image.size.zero? - render_error('文件大小超过限制') if @image.size > max_size.to_i + return render_error('请上传文件') if @image.size.zero? + return render_error('文件大小超过限制') if @image.size > max_size.to_i + return render_error('头像格式不正确!') unless image_type?(File.extname(@image.original_filename.to_s)[1..-1]) else image = @image.to_s.strip return render_error('请上传正确的图片') if image.blank? diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 8cb89febd..00ea926fd 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,7 +1,6 @@ class UsersController < ApplicationController include ApplicationHelper include Ci::DbConnectable - include RepositoriesHelper before_action :load_user, only: [:show, :homepage_info, :sync_token, :sync_gitea_pwd, :projects, :watch_users, :fan_users, :hovercard] before_action :check_user_exist, only: [:show, :homepage_info,:projects, :watch_users, :fan_users, :hovercard] @@ -90,13 +89,12 @@ class UsersController < ApplicationController def update_image return render_not_found unless @user = User.find_by(login: params[:id]) || User.find_by_id(params[:id]) return render_forbidden unless User.current.logged? && (current_user&.admin? || current_user.id == @user.id) - - return render_error(-1, '头像格式不正确!') unless params[:image].present? && image_type?(File.extname(params[:image].original_filename.to_s)[1..-1]) - if Util.write_file(@image, avatar_path(@user)) && params[:image].present? - render_ok({message: '头像修改成功'}) - else - render_error(-1, '头像修改失败!') - end + + Util.write_file(@image, avatar_path(@user)) + return render_ok({message: '头像修改成功'}) + rescue Exception => e + uid_logger_error(e.message) + render_error(-1, '头像修改失败!') end def me