Fix for #2663: fix for original/96px-size avatars getting saved with bad permissions, causing failure to see images if background queues are different user from web server.

The original-size file is now forced to 0644 (all-readable), which should help. Not sure this is 100% ideal, but it's better than 0600! (The other sizes were being created in other code and had sane read perms already.) Watch out for similar issues in Twitter bridge etc; avatar import code should get cleaned up and consolidated.
2010-09-07 16:49:05 -07:00 · 2010-09-07 16:49:05 -07:00 · f2574fdd01
parent 51b272d078
commit f2574fdd01
1 changed files with 8 additions and 0 deletions
--- a/plugins/OStatus/classes/Ostatus_profile.php
+++ b/plugins/OStatus/classes/Ostatus_profile.php
@ -1065,6 +1065,14 @@ class Ostatus_profile extends Memcached_DataObject
                                     null,
                                     common_timestamp());
        rename($temp_filename, Avatar::path($filename));
+        // @fixme hardcoded chmod is lame, but seems to be necessary to
+        // keep from accidentally saving images from command-line (queues)
+        // that can't be read from web server, which causes hard-to-notice
+        // problems later on:
+        //
+        // http://status.net/open-source/issues/2663
+        chmod(Avatar::path($filename), 0644);
+
        $self->setOriginal($filename);

        $orig = clone($this);