false, 'error' => t('User not found')]; } if (empty($file) || !isset($file['tmp_name'])) { return ['ok' => false, 'error' => t('No file uploaded')]; } if (($file['error'] ?? UPLOAD_ERR_NO_FILE) !== UPLOAD_ERR_OK) { return ['ok' => false, 'error' => t('Upload failed')]; } if (($file['size'] ?? 0) > self::MAX_SIZE) { return ['ok' => false, 'error' => t('File is too large')]; } $tmpPath = $file['tmp_name']; $mime = self::detectMime($tmpPath); $isSvg = self::imageIsSvgUpload($mime, $tmpPath); $ext = self::imageExtensionForMime($mime, $isSvg); if (!$ext) { return ['ok' => false, 'error' => t('Invalid image file')]; } if ($isSvg && !self::imageIsSafeSvg($tmpPath)) { return ['ok' => false, 'error' => t('Invalid image file')]; } $dir = self::userDir($uuid); if (!is_dir($dir) && !mkdir($dir, 0755, true) && !is_dir($dir)) { return ['ok' => false, 'error' => t('Upload failed')]; } self::delete($uuid); $originalPath = $dir . '/original.' . $ext; if (!move_uploaded_file($tmpPath, $originalPath)) { return ['ok' => false, 'error' => t('Upload failed')]; } @chmod($originalPath, 0644); $variantExt = function_exists('imagewebp') ? 'webp' : 'jpg'; if (!$isSvg && self::imageCanResize()) { foreach (self::SIZES as $size) { $target = $dir . '/avatar-' . $size . '.' . $variantExt; self::imageResizeAndFit($originalPath, $target, $size, $size, $variantExt); } } return ['ok' => true, 'path' => $originalPath, 'mime' => $mime]; } public static function saveBinary(string $uuid, string $contents, string $mime = ''): array { if (!self::isValidUuid($uuid)) { return ['ok' => false, 'error' => t('User not found')]; } $size = strlen($contents); if ($size <= 0) { return ['ok' => false, 'error' => t('Invalid image file')]; } if ($size > self::MAX_SIZE) { return ['ok' => false, 'error' => t('File is too large')]; } $tmpPath = tempnam(sys_get_temp_dir(), 'user-avatar-'); if ($tmpPath === false) { return ['ok' => false, 'error' => t('Upload failed')]; } if (@file_put_contents($tmpPath, $contents) === false) { @unlink($tmpPath); return ['ok' => false, 'error' => t('Upload failed')]; } $detectedMime = self::detectMime($tmpPath); if ($detectedMime === 'application/octet-stream') { $headerMime = strtolower(trim(explode(';', $mime, 2)[0])); if (in_array($headerMime, ['image/jpeg', 'image/png', 'image/webp'], true)) { $detectedMime = $headerMime; } } $ext = self::imageExtensionForMime($detectedMime, false); if (!$ext) { @unlink($tmpPath); return ['ok' => false, 'error' => t('Invalid image file')]; } $dir = self::userDir($uuid); if (!is_dir($dir) && !mkdir($dir, 0755, true) && !is_dir($dir)) { @unlink($tmpPath); return ['ok' => false, 'error' => t('Upload failed')]; } self::delete($uuid); $originalPath = $dir . '/original.' . $ext; if (!@rename($tmpPath, $originalPath)) { if (!@copy($tmpPath, $originalPath)) { @unlink($tmpPath); return ['ok' => false, 'error' => t('Upload failed')]; } @unlink($tmpPath); } @chmod($originalPath, 0644); $variantExt = function_exists('imagewebp') ? 'webp' : 'jpg'; if (self::imageCanResize()) { foreach (self::SIZES as $sizeVariant) { $target = $dir . '/avatar-' . $sizeVariant . '.' . $variantExt; self::imageResizeAndFit($originalPath, $target, $sizeVariant, $sizeVariant, $variantExt); } } return ['ok' => true, 'path' => $originalPath, 'mime' => $detectedMime]; } public static function detectMime(string $path): string { return self::imageDetectMime($path); } private static function normalizeSize(int $size): int { if (in_array($size, self::SIZES, true)) { return $size; } return self::DEFAULT_SIZE; } private static function findVariantPath(string $dir, int $size): ?string { $matches = glob($dir . '/avatar-' . $size . '.*'); if (!$matches) { return null; } usort($matches, static function ($a, $b) { return filemtime($b) <=> filemtime($a); }); return $matches[0] ?? null; } }