From 36fa57f145d100fb4325d2c10d72951c1a24e758 Mon Sep 17 00:00:00 2001 From: Sam Date: Wed, 16 Dec 2015 14:02:09 +1100 Subject: [PATCH] Use a real placeholder avatar for all bad avatar links --- app/controllers/user_avatars_controller.rb | 20 +++++++++++--------- public/images/avatar.png | Bin 0 -> 8871 bytes 2 files changed, 11 insertions(+), 9 deletions(-) create mode 100644 public/images/avatar.png diff --git a/app/controllers/user_avatars_controller.rb b/app/controllers/user_avatars_controller.rb index 5714e119f..47941ac99 100644 --- a/app/controllers/user_avatars_controller.rb +++ b/app/controllers/user_avatars_controller.rb @@ -1,7 +1,6 @@ require_dependency 'letter_avatar' class UserAvatarsController < ApplicationController - DOT = Base64.decode64("R0lGODlhAQABALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD//wBiZCH5BAEAAA8ALAAAAAABAAEAAAQC8EUAOw==") skip_before_filter :preload_json, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_letter, :show_proxy_letter] @@ -49,7 +48,7 @@ class UserAvatarsController < ApplicationController no_cookies - return render_dot if params[:version] != LetterAvatar.version + return render_blank if params[:version] != LetterAvatar.version image = LetterAvatar.generate(params[:username].to_s, params[:size].to_i) @@ -73,18 +72,18 @@ class UserAvatarsController < ApplicationController def show_in_site(hostname) username = params[:username].to_s - return render_dot unless user = User.find_by(username_lower: username.downcase) + return render_blank unless user = User.find_by(username_lower: username.downcase) upload_id, version = params[:version].split("_") version = (version || OptimizedImage::VERSION).to_i - return render_dot if version != OptimizedImage::VERSION + return render_blank if version != OptimizedImage::VERSION upload_id = upload_id.to_i - return render_dot unless upload_id > 0 && user_avatar = user.user_avatar + return render_blank unless upload_id > 0 && user_avatar = user.user_avatar size = params[:size].to_i - return render_dot if size < 8 || size > 500 + return render_blank if size < 8 || size > 500 if !Discourse.avatar_sizes.include?(size) && Discourse.store.external? closest = Discourse.avatar_sizes.to_a.min { |a,b| (size-a).abs <=> (size-b).abs } @@ -113,7 +112,7 @@ class UserAvatarsController < ApplicationController expires_in 1.year, public: true send_file image, disposition: nil else - render_dot + render_blank end end @@ -137,9 +136,12 @@ class UserAvatarsController < ApplicationController end # this protects us from a DoS - def render_dot + def render_blank + path = Rails.root + "public/images/avatar.png" expires_in 10.minutes, public: true - render text: DOT, content_type: "image/png" + response.headers["Last-Modified"] = DateTime.parse("1-1-2000").httpdate + response.headers["Content-Length"] = File.size(path).to_s + send_file path, disposition: nil end def get_optimized_image(upload, size) diff --git a/public/images/avatar.png b/public/images/avatar.png new file mode 100644 index 0000000000000000000000000000000000000000..b193765445d87620774cb3f64078d4b944c071fb GIT binary patch literal 8871 zcmV;YB3RvtP)gww8@$vKX^DQkcDk>^9H8tPg-#IxsJv}|o&(GD> z)p>b&F)=Zoo}S&^-9bS?CnqP&%*?&LyVgEhOwDpkQe}aUOARxL4d8UVO*B^GTIf=EzF@L<-Ag%gQzj7SQfICSCMa1NXYyzqhZjPru~ zGrk3Ybz(zu@n!ZB@Vq5pJ$}r=1?-$!AR738LcGXL6|0s)7Q14{s9j|Bun5UKD|uhIaD0ulvDmL7y8bX+6>A8)Vh?~m|&;qZZD^ND}|-nn+-{1J{&$SN2IzCk2GhLdO@0mn2$FDEEu zj|YF09tCN@UccghjWclwkP9w!50HiXfbXw31NReW;&$I`v2B4SK?t%UN|}HhMI$q> zR?aAtpa!)556&m+#q#cB$b*=E7;=Z0!8pqmG$$uHvAY&0VCU2*qSh z;8=rqEetq!flF1G!U1lCa}(Ss*)-&qO*K|Nb5%vkq-9YR>}>Za0G8d|cY<>(oS4E1 zbvV}G+yXCaC$Gpcp+zSkP5m@o2@T?hGSPiR&|Ba*2lrMu*5DlAya=8zZp;QR5|}fp zWOWNkmf=Qb<4^*6E(Wv$w3~AJLinu*kAE+h%b#bf)tBY+&Et13PM(k97{M`t6HfT9 z$}xo(0LXfxOplCC>tWQJq<*Y!K5P%9(Nua5@H)V8_wd`Z zJ9zZ@banLf#yNOjvK_7wTnSH`DzCXabmdHVX_00om9kWI4bBWyys#?OiP_qbk&+p{ zcu9CLRBs-wPWSK4%O;!O+yD6e=*Mxuk#JlNj`PZq%HzMA@`RV*O1TxP&t5JS1|=}G zBt_TBNr}z=k8FG@;RIpaefjlZ@9#ukZ1cTWk3Kv|I5)tN;yZk!atW9yuWscv;icC- z$?Si2^)PxQ2lPmjs^KuEh{_6JA%fi)_W2~G8I8shxtehrY zD(pnrm>4tBMODC-OhV4W>kMwH5u-VCICuE1RUh|OyS8`w<}R(gHRKj}gl97GJvC}7 z2Q^YI6hO5CQjc$rS|-<1Cs%#PFSVyi|Hy*sNl?*%y2~8py8QWF}jtmRIZnq zHKT&&*p%z>@BLi|o_T+EqIGywu7nGmDu+WPof4X#(Isyqj5X6EF~jJu_=15;qhG6a*3laf(xbxW)DVe-aP7>vclP3rXgo zP1@A?yj|OSIF~+MX#c0x@yQb(oKt&X+Hht57zFq?c?Z;0$zPmPqqt@rkY!actt%oI zAG7CM9vFr=Ic~eqxv%%u1`lb29M~k!GSW;A4D!~&fEDHtEG*4viwhYD`D;lsY*~It z0%iY`2W>Yxx_yt@7@UmKE1f*Ve~=r2nY@+nsD`LsU}Z4m*l>V2V8q$~0Ta{e{qciE z+tu8keOC_dqN!T*5KkqiRViNPoANqI7Hl&v_a8dBI)a=sQ;;v6)X7`d>Gp3UtO}4~?yQT~HSxnJKdblgx}p z3O3b52;?F*DiX)liww1i_VJ6E39ONy}yISKS3C-sS!6F}0kaHr}Aa4??(bL05)hfyVv_JM$Jy&y-HNnwo zzxMH5+m9A^A5~!}m-ae&cIq?0GC4W7kT(D|M=`f$_HoQ?3a53stuk+pYY=0s*`y?iGZ!FlS^r4Ma?I(pGTP%;z9 zi5!~9NpO?gELwYmyp2rLSl1;$Dk9d3?Z(ve40z;Dcvu;kz${y_;vx5;v=^L(Mt#4~_Ng5Lm&`?9JEoaJB8eql#_c*()>v*TX8zXrjCyRl$b@&kqVLo zr|sj~-L`KX{p_GYR84S@`)>%BIXTwIImla1d|DF9O-t!lmWIf+qjE4~dHmHgZSOk1 zp#Mx%PP5`9EdmNP{P%dn4_9gI$jL|5cT~?n&*h-E~@@PO5 zInm~WyS9LF1skG`#0{!S=Q1xHk4=$JFSdi|4YGBOB z#ts;>HyI)J?LfM4Gw3$S zS-E7AkIB%9i@ZtMbTwc0)jgC(#ArfFVOC9>DG6Nq)()nteN^2@nQ04ol5LQaN!~=( z#sz3Ln2TKh03vg1&)W_pNSr)u2h$&7&V$Km7>L4pZ=WGEw4wLjd+%+i|Nkd3kX^6k z*dYNT7H;M)ms38)jx0;N-}xs!C@07{BKL6o$T%uSQKFCT@n*s&?%7Ocs#-jh^$jHO z*!AS0_P=YWLNmpS+bM{Kv9ep4F89g9y|(9M$*5S$!6IaQ>1 zv#h$wjbxmtJy7QA3Xr1J4l==T?ow$OM-S2yqQ>NOa?jS3sJ!14nB)Z_%>1m8`m79i zijBtS&$W#31KzoqpL@fl;$%=I(>ys}nIZ8QjFlyeZHS-)4q3&Fjx70terhrg0dg zSvO6d6?R%7hxtiuC1<~6W?%aWz+8}G-lJz7PFx0w!>>xyxaR#~O-_PAzFd=tg0+eq zBv^(e4_%cDra`_^CjnxXopM=@#@LU0+PLcvi3#$^d}B>ckqB}`!EBLoy{=keS3Eao zNLenPxd|c#+UXaiX?!pBYO7K)iwxxkN9K^w;}*wls~m z-bb^Pd5p+OD9HV{9Fmv5V3-=z+$_JU+P_|Y0>7k6=tmixxlo$MC%~|tTm--|Is0_! zV)Z==@`p?m^G!vsf2LqjH5D$5=3W127?6+a9Fv?$9tX>NU5X! zc)sNn>3?*+%H8FXWl2uLSdr5;3-qUlt0J~gEZT`~DYJnE^|@(AU-6HvEP(%^>s^q+ z!IM05C6b)LFY?@oFJNq{DywKf_)iAV+h!D%dR4t>l6A|(t*dWJ(|CvuSRr>pdguHA zjmasPWCik(u`@$wCL*j=onU!n#Wbu?02r;4?XTY3n$yESa7qyU5 z7}02cf=i6@^H|C1NQ+cWVzCf_!_B8O0_pwNm>lN!tBbgx1-YlZ$(1}v7fqy>EXWwV ziKtyQqeMs|1qzl~OGh4;rg0A6(74*+Z7PA;mSuaunMFxjDkVk z(b6>T6078ZrJ84kJWHcX?4C0I*#9nrpkhKeN~g1|;{H^c#uIUs+@{F6O3q*8CFe2& zcN{F9;?c48Lq$=MzaD|F`%A+(_9SRRvNa^f1UZ8oL0%A%IVZ!1hFTnk2Z>?08pNHG zrD2@CLR92+*^5V#+ko7hyuc&sp-Fmis#}Hfa)3S`ol4<`|MJ20(l9=r2<)1iJvlK) z9^!|>G%$jy=0SO?WX4Wb!H@iChhLY5@vRGQsSpl~RdTG7=WkG`NTDF5ssP>_2W4cA zY=ZUflU&&7&X&XQMv!M`FyeG(Na05+YG0N$S8RVuT5|*wdvzFuB>n8%H$elRJ#UKad zpAz?L6jpjV(v$q%k1Bsym9Ua#`BJfIf2QH~%cm|@==)A4i zx5*^g&J?MVhf1S3dz!{rPKWS|oCY(fW9!9mf|} zH*s+T941d$l5>qN8=y<4v5hYK@QuCpL>@2_EMwhKN>0`GZ^xOQl ztuC9t(Pi7Vx@>xLw_D6=PJOyUq0(ii)Vw0!Oqb0Wqjgw@IUM@tblKFq1_RxtbH0og zgXBdYmmo1R6oIv_< zw-Y#|Spa-`e;80&P|n9^n2SeG3=^!xRVblEVZ zbb3aY4clRX(n+;_t^s>*zdn_t6g4sxDo`SeK2BblGrn3KP2QOqv}aVBYwYF1y+(smM3eWs9{g zJI3%@I?Y--jaru-5IX(()IYtfJv*pcmo0#`i#u=4(?PMZE?cX*?5@^j(>Rh&&*-vw z`0@UKc+8)jP&7WT%g*yIoOFM#%cg)CU3Qf4O8_)7T8pH*qyOx#}V#UAA=oUu`Zv6i1EImbz@NkQ<#GOY&J=wiR%VE?d*OY#ZsaZBm!5 z%isRRao>C4;sOS%8{bBkjla}oYpBb{v@RQ{jn+3G{Jmyz->WAJXrgg!L=G(^R^+uV zn^@IlV@^6PuGeJ)bUZDNyx#YBhy2#Fn_8#K#soQ6$?4=%x@`VlmyJ1H_LU>2Z+|{> z?%uu6hnEaUmGi+L+}(#(8#xpPVBLE)8SlFH7>o_>22)H8Hl_r~`#;jgNE&IHJtmy9 z(fnIE;Y@Th1z96~dMJJW6GgRkgy840Px@!=_Fnhrv|K45g1_YmX3IqrIag!yAujvl z3m-b|%|{cp#d6sIPG#CY{#IQaHrMEXbN=hnzeyW$nBC^x&wf0=7-s?&x6^;!uQ8Ty z-aVhLE(Uw81{clLT(-aEh#r@Xn#&f$k|vi8el8p0xNLbQuG-7$e$$T}w;hcWXMhOD zz3b;sUG@2ScdWWBYUKN>zA%rK9o^nMP8$-L2(=s%aoJKukK?kPFqiGL-VY9Qp))ml zEeAwvo|%5z-Bv9wt_zuf#a$R26vN-R|8#z0aM?VP%ML={ip$0Tm#rhdNzonpH3Y#` z{j?ZaPwmH`5D=|1h4x!#Hy-@pxGX3j(2ii`EyieV9-Q|8Aim|A%QimmGDn=^1YEZ2 zNg@JN>bJ2!x4usvTFS3b8)uJk`g-_1@nij_-Q)6Mp*vTD(^`CgZ+?EVoy!(ghq!F| z_)EW|)PkPkvccoBPwI<}8(Y*CkByIBgZC~TC`0|hYLbXmTTTm^j2QCNm*~~a#NBwE z{1}LySu~d|M(;J34U)^IAeSxL9EnbIz}BrOJU-t`t1>B8Su_VJ!%td|^Sj)}-unFF zXGNk|rp4_H_G{bTz}~%Gs+K3@vN?(G)$@a7b0NTG%VS}Cl;FzE9zGTv;9fURRZ{5n z-{;ZyO7V2rI&p||3|ZXeRmn}{$V+k~DVMF$Y53r>QF7Vb&t=O$m%>G|&Z(QNR=Drr zatJ5G5urPHnh%G=_49f%>{MSKj@vD9f-_-@+c_WR5^fx^N5DyP*|eF zy}KI(*+?Q;i<`>FL$+IT%M(ABE&reN!HEEI5^*Kare6KpHmA< zGtvw7H*(owbXpDOq92{^J$!a>z4&9wJ>^b4*>gTpgUExNKO*K*6kkG>(%PPerMRsyI(j9;qs5UY=urQ*cZpm z<+AyFu~f?E^SNA(eQ}CQz%ZAsXZ!PwTsB8ilj-<%j@cErb4Cb+aa=ZdTsG%Oj)R=Y z33J&T%SC2e+*Oaj&t(fEE*Y0CzTikz+fMrLOlBOnaM|K|--u36OU%MN^+1BUs=jzG z8z7p?cB)xsVeZ-hkP%gx(6>Z)i797@TNWQ*Io~Wj>5MhIzzuUn{A(MRjT)Wq?=xHD zE(>8UoBO$JjN!5o0N$R;BF#c4K>bA!vq?OZl;iB7jpnbmppG+feLHUdZ5%4H9l z%<9}aNx5wBaoL>1^>=1Eyjndj8zh&F8@Oz={Q15v z{mDd_3@)2sGnWnLRzKg@8Is3k8vqB23*L`TgUMw#9+>T^wG@|4ipv%^cMO-UR)n=~ zneE9g?zu2}wAT_#sGxNKD$g}H2VZD@<7BJMqTTsCgvvOzCCXtQ+WxdNbhizHmO^UBhZ zQ5WL5Y(#+xap0QEcAi)|ayN^FzL_Z16FrRAQ_g~=Bl&9(K|hxbv0Qe+{!gqT*&8jd zAppg4+1^n7iRFW_UfhESE*pR$@E9(8#?q2SWk)W1z|xZaR)EVUlgswz&U@emE?HXA znZ|S3nPRzYQzgu^v?O;Ef0ZvJ=CAV$kWm6qSBoHn?omT((4~F~DV~sr1|O zRxX<~m+hpg^s6A3O&*sGVJ>@?rqavFxNP}m>LNv@-wPK^)UU_k0re=gv9WEcO7H9` zj+DroRKsG>X`nQfK0J%!vcW{B4K6!XXMK2vXbpQotwMJvQ*6K4iGjXrcbRUO%K9G8uH znUh}a^)pSSU&V0Q(dcv|MWt7jH=KaWCP>xT+-f724IwVuLa87YZwPSNw1vyIbk%zF z+=3wV9nEEf}> zJT9BZa@l}-Par2PH+%NQbXUB$5dkh6j4gbeG%N%Vdr1JqbJ-uE0GIuXr6ZlP-fz^$ zWviWf!(4XR`t^PCR#(eZgIqQSxNP+1m-H-Oz%7$ss;$^jQvZlPE?e@hz%`dm?KE`g z+|G%?Ws`caDS0f0%dVv1wAYpZ3Ak)DxNL_5&8#J9bPk;WmyITuO#v>O6qj9@Gux9r zhBz+!DCr6+3Ck^(Qvkk;^7OmyMaqft4NF<}q>2 zWs4edM=qORUf6fdyZbXr#%1FsE}K)^Ha<8vZ+XKmXmHt1G?$Is;IciJPb>kxvTJsH z{-I%V+42+mCNBE}E|Ak`$>g#z11}c+d@r4kfi#z`8C|YAHzt?O$#Hn=8KI5$8Z(!DWk!W_;AImj3!@eQi{SBa~&xmU~br0$>D}O|e|ILZ>0~ zyZA}|@2%d=mO9sP#8t~9xomlc6LHz7M2C;!%g5FIQSmRl@3YO}>BG!9;=z^!7>J8(vX#?Bz{Q#W7pL`u#c(t#<^O^!z^&!;lhNq;^kz^QAC0+exvC`0Wg|#H znUOiU2GJX_mRzf(v5 zQ~Uq_TH8AxHpT>$p;jUpllyE1i6BKhzP}!ikI(lvotC>DX!u>b(Kw9DmR(#n;@eWG zaoGew)HqV#Sbkg1b3Br5w%3%WX!Bh6&9-+t(DmlhE5qhp!l#_`eOc}-D^LB(y>l9u z%`$Eq?ad-M3Y|95N7pQ?dRpD!=x_usFW_u&j&VJ~Zz|8?vPIM|`nWfBviTXX%5`l7 zy-XThujA-(R2*kG1J{ZNy~S^FX;-HQHrWOa9E47@TqXiBRZL@V$03SiJgTt6(c%D5 zh=TiR_XS+8#brlRFN0b)mS8qYbYl`@$_K5hz#p!T%K&%FYIp&c0WKY`f)iXM4dSv1 z0o%B2LP#qjN1@XUAf{dCQ(})3hU33*ZE&2#Wk(8GSw}f&(uGb#G-*;-w4Bxmx-Ic< p$2EMEXq}Qg!QnUuxa@Hq<3CPtqEbhc6YBr~002ovPDHLkV1k`@W;6f* literal 0 HcmV?d00001