diff --git a/includes/core/class-files.php b/includes/core/class-files.php index 8a702456..20e65db3 100644 --- a/includes/core/class-files.php +++ b/includes/core/class-files.php @@ -317,37 +317,31 @@ if ( ! class_exists( 'um\core\Files' ) ) { /** * Resize image AJAX handler */ - function ajax_resize_image() { + public function ajax_resize_image() { UM()->check_ajax_nonce(); - /** - * @var $key - * @var $src - * @var $coord - * @var $user_id - */ - extract( $_REQUEST ); + $data = $_REQUEST; // phpcs:ignore WordPress.Security.NonceVerification - if ( ! isset( $src ) || ! isset( $coord ) ) { + if ( ! isset( $data['src'] ) || ! isset( $data['coord'] ) ) { wp_send_json_error( esc_js( __( 'Invalid parameters', 'ultimate-member' ) ) ); } - $coord_n = substr_count( $coord, "," ); - if ( $coord_n != 3 ) { + $coord_n = substr_count( $data['coord'], ',' ); + if ( 3 !== $coord_n ) { wp_send_json_error( esc_js( __( 'Invalid coordinates', 'ultimate-member' ) ) ); } - $user_id = empty( $_REQUEST['user_id'] ) ? get_current_user_id() : absint( $_REQUEST['user_id'] ); + $user_id = empty( $data['user_id'] ) ? get_current_user_id() : absint( $data['user_id'] ); - UM()->fields()->set_id = isset( $_POST['set_id'] ) ? absint( $_POST['set_id'] ) : null; - UM()->fields()->set_mode = isset( $_POST['set_mode'] ) ? sanitize_text_field( $_POST['set_mode'] ) : null; + UM()->fields()->set_id = isset( $_POST['set_id'] ) ? absint( $_POST['set_id'] ) : null; // phpcs:ignore WordPress.Security.NonceVerification + UM()->fields()->set_mode = isset( $_POST['set_mode'] ) ? sanitize_text_field( $_POST['set_mode'] ) : null; // phpcs:ignore WordPress.Security.NonceVerification - if ( UM()->fields()->set_mode != 'register' && ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) { + if ( 'register' !== UM()->fields()->set_mode && ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) { $ret['error'] = esc_js( __( 'You have no permission to edit this user', 'ultimate-member' ) ); wp_send_json_error( $ret ); } - $src = esc_url_raw( $src ); + $src = esc_url_raw( $data['src'] ); $image_path = um_is_file_owner( $src, $user_id, true ); if ( ! $image_path ) { @@ -355,7 +349,9 @@ if ( ! class_exists( 'um\core\Files' ) ) { } UM()->uploader()->replace_upload_dir = true; - $output = UM()->uploader()->resize_image( $image_path, $src, sanitize_text_field( $key ), $user_id, sanitize_text_field( $coord ) ); + + $output = UM()->uploader()->resize_image( $image_path, $src, sanitize_text_field( $data['key'] ), $user_id, sanitize_text_field( $data['coord'] ) ); + UM()->uploader()->replace_upload_dir = false; delete_option( "um_cache_userdata_{$user_id}" );