Merge pull request #21536 from owncloud/avatar_verify_posted_path

Verify the path is a file on avatar update

core/avatar/avatarcontroller.php

@@ -160,6 +160,9 @@ class AvatarController extends Controller {
 		if (isset($path)) {
 			$path = stripslashes($path);
 			$node = $this->userFolder->get($path);
+			if (!($node instanceof \OCP\Files\File)) {
+				return new DataResponse(['data' => ['message' => $this->l->t('Please select a file.')]], Http::STATUS_OK, $headers);
+			}
 			if ($node->getSize() > 20*1024*1024) {
 				return new DataResponse(
 					['data' => ['message' => $this->l->t('File is too big')]],

settings/css/settings.css

@@ -17,7 +17,7 @@ input#openid, input#webdav { width:20em; }
 	margin-bottom: 10px;
 }
 #avatar .warning {
-	width: 350px;
+	width: 100%;
 }
 #uploadavatarbutton,
 #selectavatar,

tests/core/avatar/avatarcontrollertest.php

@@ -323,6 +323,23 @@ class AvatarControllerTest extends \Test\TestCase {
 		$this->assertEquals('notsquare', $response->getData()['data']);
 	}
 
+	/**
+	 * Test posting avatar from existing folder
+	 */
+	public function testPostAvatarFromNoFile() {
+		$file = $this->getMock('OCP\Files\Node');
+		$this->container['UserFolder']
+			->method('get')
+			->with('folder')
+			->willReturn($file);
+
+		//Create request return
+		$response = $this->avatarController->postAvatar('folder');
+
+		//On correct upload always respond with the notsquare message
+		$this->assertEquals(['data' => ['message' => 'Please select a file.']], $response->getData());
+	}
+
 	/**
 	 * Test what happens if the upload of the avatar fails
 	 */