summaryrefslogtreecommitdiffstats
path: root/models
diff options
context:
space:
mode:
authorLunny Xiao <xiaolunwen@gmail.com>2017-03-06 16:15:40 +0800
committerGitHub <noreply@github.com>2017-03-06 16:15:40 +0800
commit2215840363815a30dfe87244f59e90f8283fbb07 (patch)
treee01df3af61ca164818cb5a6a38c6139bc7c27845 /models
parent03760292412ffb3f65f2bfc359cb3bda100c5c98 (diff)
downloadgitea-2215840363815a30dfe87244f59e90f8283fbb07.tar.gz
gitea-2215840363815a30dfe87244f59e90f8283fbb07.zip
fix avatar bug #1114 (#1122)
This PR fix the avatar bug described in #1114. This will fix random avatar is blank problem and potential delete avatars dir problem.
Diffstat (limited to 'models')
-rw-r--r--models/user.go23
1 files changed, 15 insertions, 8 deletions
diff --git a/models/user.go b/models/user.go
index 67130d0131..fc78c5800f 100644
--- a/models/user.go
+++ b/models/user.go
@@ -296,6 +296,9 @@ func (u *User) GenerateRandomAvatar() error {
if err != nil {
return fmt.Errorf("RandomImage: %v", err)
}
+ // NOTICE for random avatar, it still uses id as avatar name, but custom avatar use md5
+ // since random image is not a user's photo, there is no security for enumable
+ u.Avatar = fmt.Sprintf("%d", u.ID)
if err = os.MkdirAll(filepath.Dir(u.CustomAvatarPath()), os.ModePerm); err != nil {
return fmt.Errorf("MkdirAll: %v", err)
}
@@ -451,13 +454,15 @@ func (u *User) UploadAvatar(data []byte) error {
// DeleteAvatar deletes the user's custom avatar.
func (u *User) DeleteAvatar() error {
log.Trace("DeleteAvatar[%d]: %s", u.ID, u.CustomAvatarPath())
-
- if err := os.Remove(u.CustomAvatarPath()); err != nil {
- return fmt.Errorf("Failed to remove %s: %v", u.CustomAvatarPath(), err)
+ if len(u.Avatar) > 0 {
+ if err := os.Remove(u.CustomAvatarPath()); err != nil {
+ return fmt.Errorf("Failed to remove %s: %v", u.CustomAvatarPath(), err)
+ }
}
u.UseCustomAvatar = false
- if err := UpdateUser(u); err != nil {
+ u.Avatar = ""
+ if _, err := x.Id(u.ID).Cols("avatar, use_custom_avatar").Update(u); err != nil {
return fmt.Errorf("UpdateUser: %v", err)
}
return nil
@@ -994,10 +999,12 @@ func deleteUser(e *xorm.Session, u *User) error {
return fmt.Errorf("Failed to RemoveAll %s: %v", path, err)
}
- avatarPath := u.CustomAvatarPath()
- if com.IsExist(avatarPath) {
- if err := os.Remove(avatarPath); err != nil {
- return fmt.Errorf("Failed to remove %s: %v", avatarPath, err)
+ if len(u.Avatar) > 0 {
+ avatarPath := u.CustomAvatarPath()
+ if com.IsExist(avatarPath) {
+ if err := os.Remove(avatarPath); err != nil {
+ return fmt.Errorf("Failed to remove %s: %v", avatarPath, err)
+ }
}
}