diff options
Diffstat (limited to 'api/user.go')
-rw-r--r-- | api/user.go | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/api/user.go b/api/user.go index 3071e1b26..732c6b9a8 100644 --- a/api/user.go +++ b/api/user.go @@ -652,6 +652,12 @@ func getProfiles(c *Context, w http.ResponseWriter, r *http.Request) { for k, p := range profiles { options := utils.SanitizeOptions options["passwordupdate"] = false + + if c.IsSystemAdmin() { + options["fullname"] = true + options["email"] = true + } + p.Sanitize(options) profiles[k] = p } @@ -814,6 +820,7 @@ func getProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { w.Header().Set("Cache-Control", "max-age=86400, public") // 24 hrs } + w.Header().Set("Content-Type", "image/png") w.Write(img) } } @@ -854,6 +861,18 @@ func uploadProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { return } + // Decode image config first to check dimensions before loading the whole thing into memory later on + config, _, err := image.DecodeConfig(file) + if err != nil { + c.Err = model.NewAppError("uploadProfileFile", "Could not decode profile image config.", err.Error()) + return + } else if config.Width*config.Height > MaxImageSize { + c.Err = model.NewAppError("uploadProfileFile", "Unable to upload profile image. File is too large.", err.Error()) + return + } + + file.Seek(0, 0) + // Decode image into Image object img, _, err := image.Decode(file) if err != nil { |