#22354 closed defect (bug) (fixed)
Gravatar Shouldn't Use images/blank.gif
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | 3.5 |
| Component: | General | Version: | 3.4.2 |
| Severity: | normal | Keywords: | has-patch |
| Cc: |
Description
There is a very subtle flow-of-control error in pluggable.php:
elseif ( 'blank' == $default )
$default = includes_url('images/blank.gif');
This makes sense when $email has no value, because it will cause the local blank.gif file to be displayed. However...
When $email is not empty, this function is causing the gravatar.com server to make a proxy request to the blank.gif file and display the local file through a remote request. This is not the intended behavior. When the $email value is present, the Gravatar request should simply contain "&d=blank" to get a blank image.
Attachments (4)
Change History (16)
miqrogroove — 7 months ago
comment:1
miqrogroove — 7 months ago
- Keywords has-patch added
comment:2
SergeyBiryukov — 6 months ago
comment:3
Viper007Bond — 6 months ago
I think you should just do this:
elseif ( empty($email) && 'blank' == $default )
It's cleaner and more consistent with the existing code.
comment:4
follow-up:
↓ 5
miqrogroove — 6 months ago
Yes... somewhat related. However, this bug patch is ready to commit and shouldn't wait on new features.
Viper007Bond: Your code is not logically equivalent to mine. Please explain why you would make that additional change?
Viper007Bond — 6 months ago
The fix plus a fix to allow https:// default image URLs as well as bringing the whole function up to modern coding standards
comment:5
in reply to:
↑ 4
Viper007Bond — 6 months ago
Replying to miqrogroove:
Viper007Bond: Your code is not logically equivalent to mine. Please explain why you would make that additional change?
Good catch. My patches should be disregarded.
The whole logic on that block is messy. I'm tempted to say we replace it with a cleaner switch and two ifs.
comment:6
miqrogroove — 6 months ago
I'm still in favor of the original patch if we can get it into beta. I wouldn't attempt a re-write for 3.5 at this point.
- Milestone changed from Awaiting Review to 3.5
This is particularly timely because of http://blog.gravatar.com/2012/10/09/default-image-changes/, which was a change to the Gravatar service about a month ago that could affect the usage of blank.gif. Because of that, moving to 3.5.
SergeyBiryukov — 6 months ago
comment:8
SergeyBiryukov — 6 months ago
miqro-blank-gravatars.diff makes sense to me.
22354.patch is a simplified version without reformatting the block.
comment:9
miqrogroove — 6 months ago
Thanks nacin. Do you want a more involved patch for this? In addition to the concerns from above, I just noticed on http://en.gravatar.com/site/implement/images/ that query strings are disallowed on default images now.
Sergey, yours is fine too.
comment:10
miqrogroove — 6 months ago
Testing shows query strings are still allowed within the d= variable. Disregard that.
comment:11
nacin — 6 months ago
- Owner set to nacin
- Resolution set to fixed
- Status changed from new to closed
In 22566:
comment:12
miqrogroove — 6 months ago
Cool. Thanks everyone!
Related: #21195