login/edit: disable file uploads if unwritable

Silence PHP warnings and avoid input since browsers ignore readonly
and current image is displayed regardless.

diff --git a/login/edit.php b/login/edit.php
index 1d29b03d203fec26440e5213521ae6774aa7f3e9..2b043cc24a1f427e68e2a5504ea088023141a884 100644 (file)
--- a/login/edit.php
+++ b/login/edit.php
@@ -173,9 +173,10 @@ foreach ($cols as $col => &$colconf) {
        print "\t";
        printf('<li><label for="%s">%s:</label>', $col, ucfirst($colconf['label']));
        if (@$colconf['type'] == 'file' and isset($colconf['value'])) {
+               $target = $user['dir'] . '/' . $colconf['filename'];
                printf('<a href="/%s"><img src="/thumb/%s/%s?%s" /></a><br />',
-                       $colconf['target'],
-                       200, $colconf['target'], filemtime($colconf['target'])
+                       $target,
+                       200, $target, filemtime($target)
                );
        }
 
@@ -203,7 +204,7 @@ foreach ($cols as $col => &$colconf) {
                        );
                }
        }
-       else {
+       elseif (@$colconf['type'] !== 'file' or isset($colconf['target'])) {
                if (isset($cols[$col]['filter'])) {
                        list ($targetstr, $inputstr) = $cols[$col]['filter'];
                        $colconf['value'] = str_replace($targetstr, $inputstr, @$colconf['value']);