From 80a108e3cfce47d18a78531fe032cdd8128732f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9gis=20Hanol?= <regis@hanol.fr>
Date: Fri, 29 May 2015 19:19:41 +0200
Subject: [PATCH] FIX: don't break user avatars route

---
 app/controllers/user_avatars_controller.rb | 16 ++++++++++------
 config/routes.rb                           |  4 ++--
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/app/controllers/user_avatars_controller.rb b/app/controllers/user_avatars_controller.rb
index 22bfb271f..6a3727180 100644
--- a/app/controllers/user_avatars_controller.rb
+++ b/app/controllers/user_avatars_controller.rb
@@ -37,7 +37,6 @@ class UserAvatarsController < ApplicationController
   end
 
   def show
-
     no_cookies
 
     # we need multisite support to keep a single origin pull for CDNs
@@ -52,20 +51,25 @@ class UserAvatarsController < ApplicationController
     username = params[:username].to_s
     return render_dot unless user = User.find_by(username_lower: username.downcase)
 
-    version = params[:version].to_i
-    return render_dot unless version > 0 && user_avatar = user.user_avatar
+    upload_id, version = params[:version].split("_")
+
+    version = (version || OptimizedImage::VERSION).to_i
+    return render_dot if version != OptimizedImage::VERSION
+
+    upload_id = upload_id.to_i
+    return render_dot unless upload_id > 0 && user_avatar = user.user_avatar
 
     size = params[:size].to_i
     return render_dot if size < 8 || size > 500
 
     if !Discourse.avatar_sizes.include?(size) && Discourse.store.external?
       closest = Discourse.avatar_sizes.to_a.min { |a,b| (size-a).abs <=> (size-b).abs }
-      avatar_url = UserAvatar.local_avatar_url(hostname, user.username_lower, version, closest)
+      avatar_url = UserAvatar.local_avatar_url(hostname, user.username_lower, upload_id, closest)
       return redirect_to cdn_path(avatar_url)
     end
 
-    upload = Upload.find_by(id: version) if user_avatar.contains_upload?(version)
-    upload ||= user.uploaded_avatar if user.uploaded_avatar_id == version
+    upload = Upload.find_by(id: upload_id) if user_avatar.contains_upload?(upload_id)
+    upload ||= user.uploaded_avatar if user.uploaded_avatar_id == upload_id
 
     if user.uploaded_avatar && !upload
       avatar_url = UserAvatar.local_avatar_url(hostname, user.username_lower, user.uploaded_avatar_id, size)
diff --git a/config/routes.rb b/config/routes.rb
index 60236aa0e..b13e0c37f 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -281,8 +281,8 @@ Discourse::Application.routes.draw do
   get "user-badges/:username" => "user_badges#username"
 
   post "user_avatar/:username/refresh_gravatar" => "user_avatars#refresh_gravatar"
-  get "letter_avatar/:username/:size/:version.png" => "user_avatars#show_letter", format: false, constraints: { hostname: /[\w\.-]+/ }
-  get "user_avatar/:hostname/:username/:size/:version.png" => "user_avatars#show", format: false, constraints: { hostname: /[\w\.-]+/ }
+  get "letter_avatar/:username/:size/:version.png" => "user_avatars#show_letter", format: false, constraints: { hostname: /[\w\.-]+/, size: /\d+/ }
+  get "user_avatar/:hostname/:username/:size/:version.png" => "user_avatars#show", format: false, constraints: { hostname: /[\w\.-]+/, size: /\d+/ }
 
   get "highlight-js/:hostname/:version.js" => "highlight_js#show", format: false, constraints: { hostname: /[\w\.-]+/ }