From 35483e0d30a1ed48121f8e07d6050162646937ad Mon Sep 17 00:00:00 2001
From: Diego Najar <dignajar@gmail.com>
Date: Wed, 5 Feb 2020 20:57:07 +0100
Subject: [PATCH] Security bug fixed #1131 and refresh profile picture after
 uploaded

---
 bl-kernel/admin/views/edit-user.php       | 3 +--
 bl-kernel/ajax/profile-picture-upload.php | 4 ++++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/bl-kernel/admin/views/edit-user.php b/bl-kernel/admin/views/edit-user.php
index 22415760..ba279bfa 100644
--- a/bl-kernel/admin/views/edit-user.php
+++ b/bl-kernel/admin/views/edit-user.php
@@ -134,9 +134,8 @@
 				contentType: false,
 				processData: false
 			}).done(function(data) {
-				console.log(data);
 				if (data.status==0) {
-					$("#jsprofilePicturePreview").attr('src',json.absoluteURL+"?time="+Math.random());
+					$("#jsprofilePicturePreview").attr('src',data.absoluteURL+"?time="+Math.random());
 				} else {
 					showAlert(data.message);
 				}
diff --git a/bl-kernel/ajax/profile-picture-upload.php b/bl-kernel/ajax/profile-picture-upload.php
index a32e8362..31d49911 100644
--- a/bl-kernel/ajax/profile-picture-upload.php
+++ b/bl-kernel/ajax/profile-picture-upload.php
@@ -11,6 +11,10 @@ if ($username===false) {
 	ajaxResponse(1, 'Error in username.');
 }
 
+if ( ($login->role()!='admin') && ($login->username()!=$username) ) {
+	ajaxResponse(1, 'Error in username.');
+}
+
 if (!isset($_FILES['profilePictureInputFile'])) {
 	ajaxResponse(1, 'Error trying to upload the profile picture.');
 }