Prepare to be yelled at and brace for the tide of bug reports: I had hoped we would not have to do this, but it seems that we have to.

-Route all avatar downloads through download.php - adrien -Change the way inline attachments are delivered -Fixes a few (unreported) bugs, notably avatar upload during group generation -#10079 git-svn-id: file:///svn/phpbb/trunk@7429 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-05-06 15:45:34 +02:00 · 2007-04-30 10:46:17 +00:00 · 2007-04-30 10:46:17 +00:00 · 42251d008c
commit 42251d008c
parent dc747b8d99
19 changed files with 443 additions and 43 deletions
--- a/phpBB/develop/adjust_avatars.php
+++ b/phpBB/develop/adjust_avatars.php
@ -0,0 +1,142 @@
+<?php
+/**
+* Corrects avatar filenames to match the new avatar delivery method.
+*
+* You should make a backup from your users table and the avatar directory in case something goes wrong
+*/
+die("Please read the first lines of this script for instructions on how to enable it");
+
+set_time_limit(0);
+
+define('IN_PHPBB', true);
+$phpbb_root_path = './../';
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+include($phpbb_root_path . 'common.'.$phpEx);
+
+// Start session management
+$user->session_begin();
+$auth->acl($user->data);
+$user->setup();
+
+$echos = 0;
+ 
+if (!isset($config['avatar_salt']))
+{
+	$cache->purge();
+	if (!isset($config['avatar_salt']))
+	{
+		die('database not up to date');
+	}
+	die('database not up to date');
+}
+
+// let's start with the users using a group_avatar.
+$sql = 'SELECT group_id, group_avatar
+	FROM ' . GROUPS_TABLE . 
+	' WHERE group_avatar_type = ' . AVATAR_UPLOAD;
+
+// We'll skip these, so remember them
+$group_avatars = array();
+
+echo '<br /> Updating groups' . "\n";
+
+$result = $db->sql_query($sql);
+
+while ($row = $db->sql_fetchrow($result))
+{
+	
+	$new_avatar_name = adjust_avatar($row['group_avatar'], 'g' . $row['group_id']);
+	$group_avatars[] = $new_avatar_name;
+	
+	// failure is probably due to the avatar name already being adjusted
+	if ($new_avatar_name  !== false)
+	{
+		$sql = 'UPDATE ' . USERS_TABLE . "
+			SET user_avatar = '$new_avatar_name'
+			WHERE user_avatar = '{$row['group_avatar']}' 
+			AND user_avatar_type = " . AVATAR_UPLOAD;
+		$db->sql_query($sql);
+		
+		$sql = 'UPDATE ' . GROUPS_TABLE . "
+			SET group_avatar = '$new_avatar_name'
+			WHERE group_id = {$row['group_id']}";
+		$db->sql_query($sql);
+	}
+	else
+	{
+		echo '<br /> Failed updating group ' . $row['group_id'] . "\n";
+	}
+	
+	if ($echos > 200)
+	{
+		echo '<br />' . "\n";
+		$echos = 0;
+	}
+
+	echo '.';
+	$echos++;
+
+	flush();
+}
+$db->sql_freeresult($result);
+
+$sql = 'SELECT user_id, username, user_avatar, user_avatar_type
+	FROM ' . USERS_TABLE . ' 
+	WHERE user_avatar_type = ' . AVATAR_UPLOAD . ' 
+	AND ' . $db->sql_in_set('user_avatar', $group_avatars, true);
+	
+$result = $db->sql_query($sql);
+ 
+echo '<br /> Updating users' . "\n";
+
+while ($row = $db->sql_fetchrow($result))
+{
+	 
+	$new_avatar_name = adjust_avatar($row['user_avatar'], $row['user_id']);
+	
+	// failure is probably due to the avatar name already being adjusted
+	if ($new_avatar_name  !== false)
+	{
+		$sql = 'UPDATE ' . USERS_TABLE . "
+			SET user_avatar = '$new_avatar_name'
+			WHERE user_id = {$row['user_id']}";
+		$db->sql_query($sql);
+	}
+	else
+	{
+		echo '<br /> Failed updating user ' . $row['user_id'] . "\n";
+	}
+	
+	if ($echos > 200)
+	{
+		echo '<br />' . "\n";
+		$echos = 0;
+	}
+
+	echo '.';
+	$echos++;
+
+	flush();
+}
+
+$db->sql_freeresult($result);
+
+echo 'FINISHED';
+
+// Done
+$db->sql_close();
+
+function adjust_avatar($old_name, $midfix)
+{
+	global $config, $phpbb_root_path;
+	
+	$avatar_path = $phpbb_root_path . $config['avatar_path'];
+	if (@file_exists($avatar_path . '/' . $old_name) && @is_writable($avatar_path . '/' . $old_name))
+	{
+		$new_name = $config['avatar_salt'] . '_' . $midfix . '.' . substr(strrchr($old_name, '.'), 1);
+		@rename($avatar_path . '/' . $old_name, $avatar_path . '/' . $new_name);
+		return $midfix . '.' . substr(strrchr($old_name, '.'), 1);
+	}
+	return false;
+}
+?>
--- a/phpBB/download.php
+++ b/phpBB/download.php
@ -14,9 +14,87 @@
 define('IN_PHPBB', true);
 $phpbb_root_path = './';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
+
+if (isset($_GET['avatar']))
+{
+	require($phpbb_root_path . 'config.' . $phpEx);
+	require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
+	require($phpbb_root_path . 'includes/cache.' . $phpEx);
+	require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
+	require($phpbb_root_path . 'includes/constants.' . $phpEx);
+
+	$db = new $sql_db();
+	$cache = new cache();
+
+	// Connect to DB
+	if (!@$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, false))
+	{
+		exit;
+	}
+
+	$config = $cache->obtain_config();
+	$filename = $_GET['avatar'];
+	$avatar_group = false;
+	if ($filename[0] === 'g')
+	{
+		$avatar_group = true;
+		$filename = substr($filename, 1);
+	}
+	
+	// '==' is not a bug - . as the first char is as bad as no dot at all
+	if (strpos($filename, '.') == false)
+	{
+		header('HTTP/1.0 403 forbidden');
+		if (!empty($cache))
+		{
+			$cache->unload();
+		}
+		$db->sql_close();
+		exit;
+	}
+  
+	$ext 		= substr(strrchr($filename, '.'), 1);
+	$filename	= intval($filename);
+	
+	if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
+	{
+		// no way such an avatar could exist. They are not following the rules, stop the show.
+		header("HTTP/1.0 403 forbidden");
+		if (!empty($cache))
+		{
+			$cache->unload();
+		}
+		$db->sql_close();
+		exit;
+	}
+
+	if (!$filename)
+	{
+		// no way such an avatar could exist. They are not following the rules, stop the show.
+		header("HTTP/1.0 403 forbidden");
+		if (!empty($cache))
+		{
+			$cache->unload();
+		}
+		$db->sql_close();
+		exit;
+	}
+ 
+	send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext);
+ 
+	if (!empty($cache))
+	{
+		$cache->unload();
+	}
+	$db->sql_close();
+	exit;
+}
+
+// implicit else: we are not in avatar mode
 include($phpbb_root_path . 'common.' . $phpEx);

 $download_id = request_var('id', 0);
+$mode = request_var('mode', '');
 $thumbnail = request_var('t', false);

 // Start session management, do not update session page.
@ -158,6 +236,12 @@ else if (($display_cat == ATTACHMENT_CATEGORY_NONE || $display_cat == ATTACHMENT
 	$db->sql_query($sql);
 }

+if ($mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && strpos(strtolower($user->browser), 'msie') !== false)
+{
+	wrap_img_in_html(append_sid('./download.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
+}
+else
+{
 	// Determine the 'presenting'-method
 	if ($download_mode == PHYSICAL_LINK)
 	{
@ -175,8 +259,93 @@ else
 		send_file_to_browser($attachment, $config['upload_path'], $extensions[$attachment['extension']]['display_cat']);
 		exit;
 	}
+}


+/**
+* A simplified function to deliver avatars
+* The argument needs to be checked before calling this function.
+*/
+function send_avatar_to_browser($file)
+{
+	global $config, $phpbb_root_path;
+	$prefix = $config['avatar_salt'] . '_'; 
+	$img_dir = $config['avatar_path'];
+	$browser = $_SERVER['HTTP_USER_AGENT'];
+
+	// Adjust img_dir path (no trailing slash)
+	if (substr($img_dir, -1, 1) == '/' || substr($img_dir, -1, 1) == '\\')
+	{
+		$img_dir = substr($img_dir, 0, -1) . '/';
+	}
+	$img_dir = str_replace(array('../', '..\\', './', '.\\'), '', $img_dir);
+	if ($img_dir && ($img_dir[0] == '/' || $img_dir[0] == '\\'))
+	{
+		$img_dir = '';
+	}
+	$file_path = $phpbb_root_path . $img_dir . '/' . $prefix . $file;
+
+	if ((@file_exists($file_path) && @is_readable($file_path)) || headers_sent())
+	{
+		header('Pragma: public');
+
+		$image_data = (getimagesize($file_path));
+		header('Content-Type: ' . image_type_to_mime_type($image_data[2]));
+
+		if (strpos(strtolower($browser), 'msie') !== false)
+		{
+			header('Content-Disposition: attachment; ' . header_filename($file));
+			if (strpos(strtolower($browser), 'msie 6.0') !== false)
+			{
+				header('Expires: -1');
+			}
+			else
+			{
+				header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
+			}
+		}
+		else
+		{
+			header('Content-Disposition: inline; ' . header_filename($file));
+			header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
+		}
+
+		$size = @filesize($file_path);
+		if ($size)
+		{
+			header("Content-Length: $size");
+		}
+
+		readfile($file_path);
+		flush();
+	}
+	else
+	{
+		header('HTTP/1.0 404 not found');
+	}
+}
+
+/**
+* Wraps an url into a simple html page. Used to display attachments in IE.
+* this is a workaround for now; might be moved to template system later
+* direct any complaints to 1 Microsoft Way, Redmond
+*/
+function wrap_img_in_html($src, $title)
+{
+	echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-Strict.dtd">';
+	echo '<html>';
+	echo '<head>';
+	echo '<meta http-equiv="content-type" content="text/html; charset=UTF-8" />';
+	echo '<title>' . $title . '</title>';
+	echo '</head>';
+	echo '<body>';
+	echo '<div>';
+	echo '<img src="' . $src . '" alt="' . $title . '" />';
+	echo '</div>';
+	echo '</body>';
+	echo '</html>';
+}
+
 /**
 * Send file to browser
 */
@ -240,7 +409,19 @@ function send_file_to_browser($attachment, $upload_dir, $category)

 	// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
 	header('Content-Type: ' . $attachment['mimetype']);
+ 
+	if (strpos(strtolower($user->browser), 'msie') !== false)
+	{
+		header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
+		if (strpos(strtolower($user->browser), 'msie 6.0') !== false)
+		{
+			header('expires: -1');
+		}
+	}
+	else
+	{
 		header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
+	}
 	
 	if ($size)
 	{
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@ -983,7 +983,7 @@ class acp_attachments
 						'PHYSICAL_FILENAME'	=> basename($row['physical_filename']),
 						'ATTACH_ID'			=> $row['attach_id'],
 						'POST_IDS'			=> (!empty($post_ids[$row['attach_id']])) ? $post_ids[$row['attach_id']] : '',
-						'U_FILE'			=> append_sid($phpbb_root_path . 'download.' . $phpEx, 'id=' . $row['attach_id']))
+						'U_FILE'			=> append_sid($phpbb_root_path . 'download.' . $phpEx, 'mode=view&amp;id=' . $row['attach_id']))
 					);
 				}
 				$db->sql_freeresult($result);
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@ -355,7 +355,7 @@ class acp_groups
 						}
 					}

-					if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']) || $group_row['group_avatar'] != $submit_ary['avatar'])) || $delete)
+					if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']))) || $delete)
 					{
 						if (isset($group_row['group_avatar']) && $group_row['group_avatar'])
 						{
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@ -1620,7 +1620,7 @@ class acp_users
 				
 						'S_IN_MESSAGE'		=> $row['in_message'],

-						'U_DOWNLOAD'		=> append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $row['attach_id']),
+						'U_DOWNLOAD'		=> append_sid("{$phpbb_root_path}download.$phpEx", 'mode=view&amp;id=' . $row['attach_id']),
 						'U_VIEW_TOPIC'		=> $view_topic)
 					);
 				}
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -2878,16 +2878,18 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
 				$display_cat = ATTACHMENT_CATEGORY_NONE;
 			}

-			$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&amp;f=' . (int) $forum_id);
+			$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&amp;f=' . (int) $forum_id . '&amp;mode=view');

 			switch ($display_cat)
 			{
 				// Images
 				case ATTACHMENT_CATEGORY_IMAGE:
 					$l_downloaded_viewed = 'VIEWED_COUNT';
+					$inline_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&amp;f=' . (int) $forum_id);

 					$block_array += array(
 						'S_IMAGE'		=> true,
+						'U_INLINE_LINK'		=> $inline_link,
 					);

 					$update_count[] = $attachment['attach_id'];
--- a/phpBB/includes/functions_convert.php
+++ b/phpBB/includes/functions_convert.php
@ -630,7 +630,10 @@ function import_smiley($source, $use_target = false)
 	return $result['target'];
 }

-function import_avatar($source, $use_target = false)
+/*
+* 
+*/
+function import_avatar($source, $use_target = false, $user_id = false)
 {
 	if (empty($source) || preg_match('#^https?:#i', $source) || preg_match('#blank\.(gif|png)$#i', $source))
 	{
@ -644,8 +647,14 @@ function import_avatar($source, $use_target = false)
 		$convert->p_master->error(sprintf($user->lang['CONV_ERROR_NO_AVATAR_PATH'], 'import_avatar()'), __LINE__, __FILE__);
 	}
 	
+	if ($use_target === false && $user_id !== false)
+	{
+		$use_target = $config['avatar_salt'] . '_' . $user_id . '.' . substr(strrchr($source, '.'), 1);
+	}
+	
 	$result = _import_check('avatar_path', $source, $use_target);
-	return $result['target'];
+
+	return ((!empty($user_id)) ? $user_id : $use_target) . '.' . substr(strrchr($source, '.'), 1);
 }

 /**
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@ -1117,7 +1117,7 @@ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank
 */
 function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $alt = 'USER_AVATAR')
 {
-	global $user, $config, $phpbb_root_path;
+	global $user, $config, $phpbb_root_path, $phpEx;

 	if (empty($avatar) || !$avatar_type)
 	{
@ -1129,7 +1129,7 @@ function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $
 	switch ($avatar_type)
 	{
 		case AVATAR_UPLOAD:
-			$avatar_img = $phpbb_root_path . $config['avatar_path'] . '/';
+			$avatar_img = $phpbb_root_path . "download.$phpEx?avatar=";
 		break;

 		case AVATAR_GALLERY:
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@ -745,7 +745,7 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data)
 				$hidden .= '<input type="hidden" name="attachment_data[' . $count . '][' . $key . ']" value="' . $value . '" />';
 			}

-			$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . (int) $attach_row['attach_id'], false, ($attach_row['is_orphan']) ? $user->session_id : false);
+			$download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'mode=view&amp;id=' . (int) $attach_row['attach_id'], false, ($attach_row['is_orphan']) ? $user->session_id : false);

 			$template->assign_block_vars('attach_row', array(
 				'FILENAME'			=> basename($attach_row['real_filename']),
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@ -81,7 +81,7 @@ class filespec
 	* @param string $prefix Prefix applied to filename
 	* @access public
 	*/
-	function clean_filename($mode = 'unique', $prefix = '')
+	function clean_filename($mode = 'unique', $prefix = '', $user_id = '')
 	{
 		if ($this->init_error)
 		{
@ -110,6 +110,10 @@ class filespec
 				$this->realname = $prefix . md5(unique_id());
 			break;

+			case 'avatar':
+				$this->realname = $prefix . $user_id . '.' . $this->extension;
+			break;
+			
 			case 'unique_ext':
 			default:
 				$this->realname = $prefix . md5(unique_id()) . '.' . $this->extension;
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@ -1489,6 +1489,8 @@ function validate_email($email, $allowed_email = false)
 	return false;
 }

+
+
 /**
 * Remove avatar
 */
@ -1499,15 +1501,16 @@ function avatar_delete($mode, $row)
 	// Check if the users avatar is actually *not* a group avatar
 	if ($mode == 'user')
 	{
-		if (strpos($row['user_avatar'], 'g' . $row['group_id'] . '_') === 0 || strpos($row['user_avatar'], $row['user_id'] . '_') !== 0)
+		if (strpos($row['user_avatar'], 'g') === 0 || (((int)$row['user_avatar'] !== 0) && ((int)$row['user_avatar'] !== (int)$row['user_id'])))
 		{
 			return false;
 		}
 	}
 	
-	if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . basename($row[$mode . '_avatar'])))
+	$filename = get_avatar_filename($row[$mode . '_avatar']);
+	if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . $filename))
 	{
-		@unlink($phpbb_root_path . $config['avatar_path'] . '/' . basename($row[$mode . '_avatar']));
+		@unlink($phpbb_root_path . $config['avatar_path'] . '/' . $filename);
 		return true;
 	}

@ -1613,7 +1616,8 @@ function avatar_upload($data, &$error)
 		$file = $upload->remote_upload($data['uploadurl']);
 	}
 	
-	$file->clean_filename('real', $data['user_id'] . '_');
+	$prefix = $config['avatar_salt'] . '_';
+	$file->clean_filename('avatar', $prefix, $data['user_id']);

 	$destination = $config['avatar_path'];

@ -1638,7 +1642,29 @@ function avatar_upload($data, &$error)
 		$error = array_merge($error, $file->error);
 	}

-	return array(AVATAR_UPLOAD, $file->get('realname'), $file->get('width'), $file->get('height'));
+	return array(AVATAR_UPLOAD, $data['user_id'] . '_' . substr(time(), -5) . '.' . $file->get('extension'), $file->get('width'), $file->get('height'));
+}
+
+/**
+* Generates avatar filename from the database entry
+*/
+function get_avatar_filename($avatar_entry)
+{
+	global $config;
+
+	
+	if ($avatar_entry[0] === 'g')
+	{
+		$avatar_group = true;
+		$avatar_entry = substr($avatar_entry, 1);
+	}
+	else
+	{
+		$avatar_group = false;
+	}
+	$ext 			= substr(strrchr($avatar_entry, '.'), 1);
+	$avatar_entry	= intval($avatar_entry);
+	return $config['avatar_salt'] . '_' . (($avatar_group) ? 'g' : '') . $avatar_entry . '.' . $ext;
 }

 /**
@ -1858,7 +1884,7 @@ function avatar_process_user(&$error, $custom_userdata = false)
 				$userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;

 				// Delete old avatar if present
-				if ($userdata['user_avatar'] && $sql_ary['user_avatar'] != $userdata['user_avatar'] && $userdata['user_avatar_type'] != AVATAR_GALLERY)
+				if ($userdata['user_avatar'] && empty($sql_ary['user_avatar']) && $userdata['user_avatar_type'] != AVATAR_GALLERY)
 				{
 					avatar_delete('user', $userdata);
 				}
@ -1966,6 +1992,10 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
 		if (!$group_id)
 		{
 			$group_id = $db->sql_nextid();
+			if ($sql_ary['group_avatar_type'] == AVATAR_UPLOAD)
+			{
+				group_correct_avatar($group_id, $sql_ary['group_avatar']);
+			}
 		}

 		// Set user attributes
@ -2016,6 +2046,30 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
 	return (sizeof($error)) ? $error : false;
 }

+
+/**
+* Changes a group avatar's filename to conform to the naming scheme
+*/
+function group_correct_avatar($group_id, $old_entry)
+{
+	global $config, $db, $phpbb_root_path;
+
+	$group_id		= (int)$group_id;
+	$ext 			= substr(strrchr($old_entry, '.'), 1);
+	$old_filename 	= get_avatar_filename($old_entry);
+	$new_filename 	= $config['avatar_salt'] . "_g$group_id.$ext";
+	$new_entry 		= 'g' . $group_id . '_' . substr(time(), -5) . ".$ext";
+	
+	$avatar_path = $phpbb_root_path . $config['avatar_path'];
+	if (@rename($avatar_path . '/'. $old_filename, $avatar_path . '/' . $new_filename))
+	{
+		$sql = 'UPDATE ' . GROUPS_TABLE . '
+			SET group_avatar = \'' . $db->sql_escape($new_entry) . "'
+			WHERE group_id = $group_id";
+		$db->sql_query($sql);
+	}
+}
+
 /**
 * Group Delete
 */
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@ -544,7 +544,7 @@ class ucp_groups
 								}
 							}

-							if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']) || $group_row['group_avatar'] != $submit_ary['avatar'])) || $delete)
+							if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']))) || $delete)
 							{
 								if (isset($group_row['group_avatar']) && $group_row['group_avatar'])
 								{
--- a/phpBB/install/convertors/functions_phpbb20.php
+++ b/phpBB/install/convertors/functions_phpbb20.php
@ -1419,7 +1419,7 @@ function phpbb_import_avatar($user_avatar)
 	else if ($convert_row['user_avatar_type'] == 1)
 	{
 		// Uploaded avatar
-		return import_avatar($user_avatar);
+		return import_avatar($user_avatar, false, $convert_row['user_id']);
 	}
 	else if ($convert_row['user_avatar_type'] == 2)
 	{
--- a/phpBB/install/database_update.php
+++ b/phpBB/install/database_update.php
@ -1087,11 +1087,14 @@ if (version_compare($current_version, '3.0.b5', '<='))
 	}
 	unset($sql_in);

+	set_config('avatar_salt', md5(mt_rand()));
+
 	$sql = 'UPDATE ' . ACL_OPTIONS_TABLE . ' SET is_local = 0 WHERE auth_option = \'m_warn\'';
 	$db->sql_query($sql);

 	$sql = 'UPDATE ' . MODULES_TABLE . ' SET module_auth = \'acl_m_warn && acl_f_read,$id\' WHERE module_basename = \'warn\' AND module_mode = \'warn_post\'';
 	$db->sql_query($sql);
+
 	$no_updates = false;
 }

--- a/phpBB/install/install_convert.php
+++ b/phpBB/install/install_convert.php
@ -1457,7 +1457,7 @@ class install_convert extends module
 		}
 		else
 		{
-			$sync_batch -= $batch_size;
+			$sync_batch--;
 		}

 		$url = $this->save_convert_progress('&amp;sync_batch=' . $sync_batch);
--- a/phpBB/install/install_install.php
+++ b/phpBB/install/install_install.php
@ -1270,6 +1270,10 @@ class install_install extends module
 				SET config_value = '" . $db->sql_escape($admin_name) . "'
 				WHERE config_name = 'newest_username'",
 			
+			'UPDATE ' . $table_prefix . "config
+				SET config_value = '" . md5(mt_rand()) . "'
+				WHERE config_name = 'avatar_salt'",
+				
 			'UPDATE ' . $table_prefix . "users
 				SET username = '" . $db->sql_escape($admin_name) . "', user_password='" . $db->sql_escape(md5($admin_pass1)) . "', user_ip = '" . $db->sql_escape($user_ip) . "', user_lang = '" . $db->sql_escape($default_lang) . "', user_email='" . $db->sql_escape($board_email1) . "', user_dateformat='" . $db->sql_escape($lang['default_dateformat']) . "', user_email_hash = " . (crc32($board_email1) . strlen($board_email1)) . ", username_clean = '" . $db->sql_escape(utf8_clean_string($admin_name)) . "'
 				WHERE username = 'Admin'",
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@ -44,6 +44,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_max_width',
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_min_height', '20');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_min_width', '20');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_path', 'images/avatars/upload');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_salt', 'phpbb_avatar');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_contact', 'contact@yourdomain.tld');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_disable', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_disable_msg', '');
--- a/phpBB/styles/prosilver/template/attachment.html
+++ b/phpBB/styles/prosilver/template/attachment.html
@ -14,7 +14,7 @@

 		<!-- IF _file.S_IMAGE -->
 		<dl class="file">
-			<dt><img src="{_file.U_DOWNLOAD_LINK}" alt="{_file.DOWNLOAD_NAME}" onclick="viewableArea(this);" /></dt>
+			<dt><img src="{_file.U_INLINE_LINK}" alt="{_file.DOWNLOAD_NAME}" onclick="viewableArea(this);" /></dt>
 			<!-- IF _file.COMMENT --><dd><em>{_file.COMMENT}</em></dd><!-- ENDIF -->
 			<dd>{_file.DOWNLOAD_NAME} ({_file.FILESIZE} {_file.SIZE_LANG}) {_file.L_DOWNLOAD_COUNT}</dd>
 		</dl>
--- a/phpBB/styles/subsilver2/template/attachment.html
+++ b/phpBB/styles/subsilver2/template/attachment.html
@ -15,7 +15,7 @@
 		<!-- ENDIF -->

 		<!-- IF _file.S_IMAGE -->
-			<img src="{_file.U_DOWNLOAD_LINK}" alt="{_file.DOWNLOAD_NAME}" /><br />
+			<img src="{_file.U_INLINE_LINK}" alt="{_file.DOWNLOAD_NAME}" /><br />
 			<span class="gensmall">{_file.DOWNLOAD_NAME} [ {_file.FILESIZE} {_file.SIZE_LANG} | {_file.L_DOWNLOAD_COUNT} ]</span>
 		<!-- ENDIF -->