[OzzModz] Gif Avatar Permissions

[OzzModz] Gif Avatar Permissions 2.0.0

No permission to download

Ozzy47

Well-known member
ozzy47 submitted a new resource:

[OzzModz] Gif Avatar Permissions - Set usergroups that are allowed to upload gif avatars

Another addon brought to you by,
View attachment 204768

This simple addon will allow you to set which usergroups have the permission to upload gif avatars. Gif avatars are typically animated and many admins don't like all users to have them.

This is a screenshot of the usergroup setting:
View attachment 204770

If a user tries to upload a gif avatar, and they do not have the proper permission, they will get a error message:
[ATTACH...

Read more about this resource...
 

deslocotoco

Well-known member
Very usefull! Thank you VERY much for this.

In the next month i can give you a small donation for your work. If you can send me some details, please.
 

kick

Well-known member
One supplement is better than another. https://xenforo.com/community/threads/ozzmodz-start-conversations-with-yourself.165702/#post-1362087
Similarly to the past, only we completely rewritten the function of the engine here.
PHP:
class Avatar extends XFCP_Avatar
{
    protected $validImageType = [IMAGETYPE_JPEG, IMAGETYPE_PNG];

    public function validateImageAsAvatar($fileName, &$error = null)
    {
          // Set the parent
          $parent = parent::validateImageAsAvatar($fileName, $error);
          //Set error to null
        $error = null;
          // Get visitor
        $visitor = \XF::visitor();
          // Get image iinfo
          $imageInfo = filesize($fileName) ? getimagesize($fileName) : false;
      
          $type = $imageInfo[2];
        if (!$visitor->hasPermission('GifAvatarPerms', 'use') && (!in_array($type, $this->validImageType)))
        {
              $error = \XF::phrase('ozzmodz_no_gif_avatar_perms');
            return false;
        }

        return true;
      
          // We are done, send them to the parent
          return $parent;
    }
}
No code formatting. Neglecting the use of variables. But the most interesting thing in the end is that we have overwritten the entire function and we say no to other additions that extend the validateImageAsAvatar method
If a class extension is required to extend core methods then it must be extended properly, rather than overridden, by calling the parent method.
For any other type, we do true, with our own rewrites of the engine code, and at the same time open possible vulnerabilities. Ie if the past addition was detrimental to the forum, then this has the possibility of a security problem and without validating the image. Where it will be possible to replace the image on the php shell.
Also, the prefix for add-ons and phrases is not used.
 

Joe Link

Well-known member
@Ozzy47 Will this remove animated avatars if/when the user is no longer in the group?

If not, it'd be great if you'd consider adding it in the future :)
 

Joe Link

Well-known member
That would be really helpful. We've been using this as an upgrade benefit, but once the upgrade expires the animated avatars remain. I'd be happy to donate a few bucks to your beer fund :)
 

djbaxter

Well-known member
@Ozzy47 I get this warning with your [OzzModz] Gif Avatar Permissions addon after upgrading to PHP8 - disabled for now:

PHP:
Server error log

    ErrorException: [E_WARNING] Trying to access array offset on value of type bool src/addons/OzzModz/GifAvatar/XF/Service/User/Avatar.php:20 

Stack trace

#0 src/addons/OzzModz/GifAvatar/XF/Service/User/Avatar.php(20): XF::handlePhpError(2, '[E_WARNING] Try...', '/path/to/...', 20)
#1 src/XF/Service/User/Avatar.php(80): OzzModz\GifAvatar\XF\Service\User\Avatar->validateImageAsAvatar('/path/to/...', NULL)
#2 src/addons/TickTackk/UploadAvatarFromUrl/XF/Pub/Controller/Account.php(68): XF\Service\User\Avatar->setImage('/path/to/...')
#3 src/XF/Mvc/Dispatcher.php(350): TickTackk\UploadAvatarFromUrl\XF\Pub\Controller\Account->actionAvatar(Object(XF\Mvc\ParameterBag))
#4 src/XF/Mvc/Dispatcher.php(257): XF\Mvc\Dispatcher->dispatchClass('XF:Account', 'Avatar', Object(XF\Mvc\RouteMatch), Object(Truonglv\IgnoreContent\XF\Pub\Controller\Account), NULL)
#5 src/XF/Mvc/Dispatcher.php(113): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(Truonglv\IgnoreContent\XF\Pub\Controller\Account), NULL)
#6 src/XF/Mvc/Dispatcher.php(55): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#7 src/XF/App.php(2337): XF\Mvc\Dispatcher->run()
#8 src/XF.php(488): XF\App->run()
#9 index.php(20): XF::runApp('XF\\Pub\\App')
#10 {main}

Request state

array(4) {
  ["url"] => string(15) "/account/avatar"
  ["referrer"] => string(30) "https://domain.com/whats-new/"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(9) {
    ["avatar_crop_x"] => string(1) "0"
    ["avatar_crop_y"] => string(1) "0"
    ["use_custom"] => string(1) "1"
    ["custom_type"] => string(3) "url"
    ["url"] => string(256) "https://www.google.com/url?sa=i&url=https%3A%2F%2Fwww.thesun.ie%2Ftvandshowbiz%2Fmusic%2F4562945%2Fphil-lynott-one-man-play-ireland%2F&psig=AOvVaw36CGjh1dgZVo9ZB10GUlOj&ust=1620914193769000&source=images&cd=vfe&ved=0CAIQjRxqFwoTCPiqk5GmxPACFQAAAAAdAAAAABAD"
    ["_xfToken"] => string(8) "********"
    ["_xfRequestUri"] => string(11) "/whats-new/"
    ["_xfWithData"] => string(1) "1"
    ["_xfResponseType"] => string(4) "json"
  }
}
 

Gsk8

Active member
@Ozzy47

Seems to work good on 2.2.1 but only if I have "PHP built-in GD image library" enabled. If I enable "Imagemagick PECL extension" folks can still upload .gif avatars.

Thanks so much!
 

SBEEZY

Member
So I was wondering if it's possible to get this same resource but for banners instead? I have no problems with people uploading gif avatars but gif profile banners/headers is usually what breaks my site.
 
Last edited:

Splinter

Member
Excuse my ignorance, but where does one download from and then install the Imagemagick PECL extension?
Thanks.
 

Brogan

XenForo moderator
Staff member
It's a PHP extension.

Contact your host and they should be able to assist with installing it on the server.
 
Top