I will look into this shortly anyway... having a picture in the auth_user
table is a vulnerability. This is because the upload entry may appear upon
registration allowing un-registered users to uploading large files.
On Saturday, 1 December 2012 08:59:21 UTC-6, Don_X wrote:
>
> Hello web2py users,
>
> I am in the process of completing the "edit profile" option for the web
> app members and I am experiencing a particular problem that is causing me
> a headache !
>
> in the profile controller, I am using the following function to update a
> user's profile :
>
> def editprofile():
> table = db.auth_user
> form= crud.update(table,request.args(0))
> return dict(form=form)
>
>
> and in the view, just to test this function, I am starting out with a
> simple view with no customization like :
> {{extend 'profile/userlayout.html'}}
> <h4>This is editprofile </h4>
> {{=form}}
>
> in db.auth_user there is the picture or avatar for the user among other
> fields
>
> First observation ) When a user updates his profile, all other fields gets
> updated ... except the picture field ! ???
>
> Second ) the fields that used checkboxes as widgets when the user was
> registering on the site do not show as checked on the edit profile view !
>
> So :
> the user's profile keeps the old picture and old thumbnail even after
> uploading a new one to replace the old ....
> the new picture uploaded does not even make it to the table nor to the
> upload folder ! ... however, I do get the message that the uploaded pic was
> re-sized but ... it is not there !
> and I wish to have that same picture to show up on the edit profile page
> before the submit (update) button is pressed !
>
> And why doesn't the checkboxes show their status or value when in edit
> profile view ?
> any assistance on this will be greatly appreciated !
>
> thank you
>
> Don
>
>
>
--
