diff --git a/bl-kernel/admin/views/edit-user.php b/bl-kernel/admin/views/edit-user.php index 22415760..ba279bfa 100644 --- a/bl-kernel/admin/views/edit-user.php +++ b/bl-kernel/admin/views/edit-user.php @@ -134,9 +134,8 @@ contentType: false, processData: false }).done(function(data) { - console.log(data); if (data.status==0) { - $("#jsprofilePicturePreview").attr('src',json.absoluteURL+"?time="+Math.random()); + $("#jsprofilePicturePreview").attr('src',data.absoluteURL+"?time="+Math.random()); } else { showAlert(data.message); } diff --git a/bl-kernel/ajax/profile-picture-upload.php b/bl-kernel/ajax/profile-picture-upload.php index a32e8362..31d49911 100644 --- a/bl-kernel/ajax/profile-picture-upload.php +++ b/bl-kernel/ajax/profile-picture-upload.php @@ -11,6 +11,10 @@ if ($username===false) { ajaxResponse(1, 'Error in username.'); } +if ( ($login->role()!='admin') && ($login->username()!=$username) ) { + ajaxResponse(1, 'Error in username.'); +} + if (!isset($_FILES['profilePictureInputFile'])) { ajaxResponse(1, 'Error trying to upload the profile picture.'); }