From 2215840363815a30dfe87244f59e90f8283fbb07 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Mon, 6 Mar 2017 16:15:40 +0800 Subject: [PATCH] fix avatar bug #1114 (#1122) This PR fix the avatar bug described in #1114. This will fix random avatar is blank problem and potential delete avatars dir problem. --- models/user.go | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/models/user.go b/models/user.go index 67130d01312..fc78c5800f4 100644 --- a/models/user.go +++ b/models/user.go @@ -296,6 +296,9 @@ func (u *User) GenerateRandomAvatar() error { if err != nil { return fmt.Errorf("RandomImage: %v", err) } + // NOTICE for random avatar, it still uses id as avatar name, but custom avatar use md5 + // since random image is not a user's photo, there is no security for enumable + u.Avatar = fmt.Sprintf("%d", u.ID) if err = os.MkdirAll(filepath.Dir(u.CustomAvatarPath()), os.ModePerm); err != nil { return fmt.Errorf("MkdirAll: %v", err) } @@ -451,13 +454,15 @@ func (u *User) UploadAvatar(data []byte) error { // DeleteAvatar deletes the user's custom avatar. func (u *User) DeleteAvatar() error { log.Trace("DeleteAvatar[%d]: %s", u.ID, u.CustomAvatarPath()) - - if err := os.Remove(u.CustomAvatarPath()); err != nil { - return fmt.Errorf("Failed to remove %s: %v", u.CustomAvatarPath(), err) + if len(u.Avatar) > 0 { + if err := os.Remove(u.CustomAvatarPath()); err != nil { + return fmt.Errorf("Failed to remove %s: %v", u.CustomAvatarPath(), err) + } } u.UseCustomAvatar = false - if err := UpdateUser(u); err != nil { + u.Avatar = "" + if _, err := x.Id(u.ID).Cols("avatar, use_custom_avatar").Update(u); err != nil { return fmt.Errorf("UpdateUser: %v", err) } return nil @@ -994,10 +999,12 @@ func deleteUser(e *xorm.Session, u *User) error { return fmt.Errorf("Failed to RemoveAll %s: %v", path, err) } - avatarPath := u.CustomAvatarPath() - if com.IsExist(avatarPath) { - if err := os.Remove(avatarPath); err != nil { - return fmt.Errorf("Failed to remove %s: %v", avatarPath, err) + if len(u.Avatar) > 0 { + avatarPath := u.CustomAvatarPath() + if com.IsExist(avatarPath) { + if err := os.Remove(avatarPath); err != nil { + return fmt.Errorf("Failed to remove %s: %v", avatarPath, err) + } } }