Commit 934d379e authored by Theo's avatar Theo Committed by Matthias Larisch

Use ID from session rather than post data

parent a4d9aab6
Pipeline #22259031 passed with stages
in 12 minutes and 59 seconds
......@@ -18,6 +18,7 @@
- use babel polyfills to support more browsers !359 @nicksellen
- fixed check for allowed attachment types in the mail app. !363 #183 by @peter.toennies
- data privacy : removed foodsaver / ambassador selection from map. #165 by @k.miklobusec
- fixed potential security issue in profile picture uploads. !371 #84 @theolampert
## Refactoring
- complete tidying up of all team related files !321 by @peter.toennies
......
......@@ -647,7 +647,8 @@ class XhrMethods
public function xhr_cropagain($data)
{
if ($photo = $this->model->getVal('photo', 'foodsaver', $data['fsid'])) {
$id = S::id();
if ($photo = $this->model->getVal('photo', 'foodsaver', $id)) {
$path = ROOT_DIR . 'images';
$img = $photo;
......
......@@ -71,8 +71,6 @@ class FoodsaverControl extends Control
}
$this->func->addContent($this->view->foodsaver_form($data['name'] . ' ' . $data['nachname'] . ' bearbeiten', $regionDetails));
$this->func->addContent($this->picture_box(), CNT_RIGHT);
$this->func->addContent($this->v_utils->v_field($this->v_utils->v_menu(array(
$this->func->pageLink('foodsaver', 'back_to_overview')
)), $this->func->s('actions')), CNT_RIGHT);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment