From b153d8fc29f423b3cc67ca9dbcab874ab9ab0464 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Thu, 8 Nov 2018 18:18:42 +0100
Subject: [PATCH] login/edit: disable file uploads if unwritable

Silence PHP warnings and avoid input since browsers ignore readonly
and current image is displayed regardless.
---
 login/edit.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/login/edit.php b/login/edit.php
index 1d29b03..2b043cc 100644
--- a/login/edit.php
+++ b/login/edit.php
@@ -173,9 +173,10 @@ foreach ($cols as $col => &$colconf) {
 	print "\t";
 	printf('<li><label for="%s">%s:</label>', $col, ucfirst($colconf['label']));
 	if (@$colconf['type'] == 'file' and isset($colconf['value'])) {
+		$target = $user['dir'] . '/' . $colconf['filename'];
 		printf('<a href="/%s"><img src="/thumb/%s/%s?%s" /></a><br />',
-			$colconf['target'],
-			200, $colconf['target'], filemtime($colconf['target'])
+			$target,
+			200, $target, filemtime($target)
 		);
 	}
 
@@ -203,7 +204,7 @@ foreach ($cols as $col => &$colconf) {
 			);
 		}
 	}
-	else {
+	elseif (@$colconf['type'] !== 'file' or isset($colconf['target'])) {
 		if (isset($cols[$col]['filter'])) {
 			list ($targetstr, $inputstr) = $cols[$col]['filter'];
 			$colconf['value'] = str_replace($targetstr, $inputstr, @$colconf['value']);
-- 
2.30.0