diff options
| -rw-r--r-- | models/user.go | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/models/user.go b/models/user.go index 67130d0131..fc78c5800f 100644 --- a/models/user.go +++ b/models/user.go @@ -296,6 +296,9 @@ func (u *User) GenerateRandomAvatar() error { if err != nil { return fmt.Errorf("RandomImage: %v", err) } + // NOTICE for random avatar, it still uses id as avatar name, but custom avatar use md5 + // since random image is not a user's photo, there is no security for enumable + u.Avatar = fmt.Sprintf("%d", u.ID) if err = os.MkdirAll(filepath.Dir(u.CustomAvatarPath()), os.ModePerm); err != nil { return fmt.Errorf("MkdirAll: %v", err) } @@ -451,13 +454,15 @@ func (u *User) UploadAvatar(data []byte) error { // DeleteAvatar deletes the user's custom avatar. func (u *User) DeleteAvatar() error { log.Trace("DeleteAvatar[%d]: %s", u.ID, u.CustomAvatarPath()) - - if err := os.Remove(u.CustomAvatarPath()); err != nil { - return fmt.Errorf("Failed to remove %s: %v", u.CustomAvatarPath(), err) + if len(u.Avatar) > 0 { + if err := os.Remove(u.CustomAvatarPath()); err != nil { + return fmt.Errorf("Failed to remove %s: %v", u.CustomAvatarPath(), err) + } } u.UseCustomAvatar = false - if err := UpdateUser(u); err != nil { + u.Avatar = "" + if _, err := x.Id(u.ID).Cols("avatar, use_custom_avatar").Update(u); err != nil { return fmt.Errorf("UpdateUser: %v", err) } return nil @@ -994,10 +999,12 @@ func deleteUser(e *xorm.Session, u *User) error { return fmt.Errorf("Failed to RemoveAll %s: %v", path, err) } - avatarPath := u.CustomAvatarPath() - if com.IsExist(avatarPath) { - if err := os.Remove(avatarPath); err != nil { - return fmt.Errorf("Failed to remove %s: %v", avatarPath, err) + if len(u.Avatar) > 0 { + avatarPath := u.CustomAvatarPath() + if com.IsExist(avatarPath) { + if err := os.Remove(avatarPath); err != nil { + return fmt.Errorf("Failed to remove %s: %v", avatarPath, err) + } } } |