Prepare to be yelled at and brace for the tide of bug reports: I had hoped we would not have to do this, but it seems that we have to.

-Route all avatar downloads through download.php - adrien
-Change the way inline attachments are delivered
-Fixes a few (unreported) bugs, notably avatar upload during group generation
-#10079


git-svn-id: file:///svn/phpbb/trunk@7429 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/install/convertors/functions_phpbb20.php

@@ -1419,7 +1419,7 @@ function phpbb_import_avatar($user_avatar)
 	else if ($convert_row['user_avatar_type'] == 1)
 	{
 		// Uploaded avatar
-		return import_avatar($user_avatar);
+		return import_avatar($user_avatar, false, $convert_row['user_id']);
 	}
 	else if ($convert_row['user_avatar_type'] == 2)
 	{

phpBB/install/database_update.php

@@ -1087,11 +1087,14 @@ if (version_compare($current_version, '3.0.b5', '<='))
 	}
 	unset($sql_in);
 
+	set_config('avatar_salt', md5(mt_rand()));
+
 	$sql = 'UPDATE ' . ACL_OPTIONS_TABLE . ' SET is_local = 0 WHERE auth_option = \'m_warn\'';
 	$db->sql_query($sql);
 
 	$sql = 'UPDATE ' . MODULES_TABLE . ' SET module_auth = \'acl_m_warn && acl_f_read,$id\' WHERE module_basename = \'warn\' AND module_mode = \'warn_post\'';
 	$db->sql_query($sql);
+
 	$no_updates = false;
 }
 

phpBB/install/install_convert.php

@@ -1457,7 +1457,7 @@ class install_convert extends module
 		}
 		else
 		{
-			$sync_batch -= $batch_size;
+			$sync_batch--;
 		}
 
 		$url = $this->save_convert_progress('&sync_batch=' . $sync_batch);

phpBB/install/install_install.php

@@ -1269,7 +1269,11 @@ class install_install extends module
 			'UPDATE ' . $table_prefix . "config
 				SET config_value = '" . $db->sql_escape($admin_name) . "'
 				WHERE config_name = 'newest_username'",
-
+			
+			'UPDATE ' . $table_prefix . "config
+				SET config_value = '" . md5(mt_rand()) . "'
+				WHERE config_name = 'avatar_salt'",
+				
 			'UPDATE ' . $table_prefix . "users
 				SET username = '" . $db->sql_escape($admin_name) . "', user_password='" . $db->sql_escape(md5($admin_pass1)) . "', user_ip = '" . $db->sql_escape($user_ip) . "', user_lang = '" . $db->sql_escape($default_lang) . "', user_email='" . $db->sql_escape($board_email1) . "', user_dateformat='" . $db->sql_escape($lang['default_dateformat']) . "', user_email_hash = " . (crc32($board_email1) . strlen($board_email1)) . ", username_clean = '" . $db->sql_escape(utf8_clean_string($admin_name)) . "'
 				WHERE username = 'Admin'",

phpBB/install/schemas/schema_data.sql

@@ -44,6 +44,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_max_width',
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_min_height', '20');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_min_width', '20');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_path', 'images/avatars/upload');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_salt', 'phpbb_avatar');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_contact', 'contact@yourdomain.tld');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_disable', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_disable_msg', '');