#22354 closed defect (bug) (fixed)
Gravatar Shouldn't Use images/blank.gif
Reported by: | miqrogroove | Owned by: | nacin |
---|---|---|---|
Milestone: | 3.5 | Priority: | normal |
Severity: | normal | Version: | 3.4.2 |
Component: | General | Keywords: | has-patch |
Focuses: | Cc: |
Description
There is a very subtle flow-of-control error in pluggable.php:
elseif ( 'blank' == $default ) $default = includes_url('images/blank.gif');
This makes sense when $email has no value, because it will cause the local blank.gif file to be displayed. However...
When $email is not empty, this function is causing the gravatar.com server to make a proxy request to the blank.gif file and display the local file through a remote request. This is not the intended behavior. When the $email value is present, the Gravatar request should simply contain "&d=blank" to get a blank image.
Attachments (4)
Change History (16)
#3
@
12 years ago
I think you should just do this:
elseif ( empty($email) && 'blank' == $default )
It's cleaner and more consistent with the existing code.
#4
follow-up:
↓ 5
@
12 years ago
Yes... somewhat related. However, this bug patch is ready to commit and shouldn't wait on new features.
Viper007Bond: Your code is not logically equivalent to mine. Please explain why you would make that additional change?
@
12 years ago
The fix plus a fix to allow https:// default image URLs as well as bringing the whole function up to modern coding standards
#5
in reply to:
↑ 4
@
12 years ago
Replying to miqrogroove:
Viper007Bond: Your code is not logically equivalent to mine. Please explain why you would make that additional change?
Good catch. My patches should be disregarded.
The whole logic on that block is messy. I'm tempted to say we replace it with a cleaner switch
and two if
s.
#6
@
12 years ago
I'm still in favor of the original patch if we can get it into beta. I wouldn't attempt a re-write for 3.5 at this point.
#7
@
12 years ago
- Milestone changed from Awaiting Review to 3.5
This is particularly timely because of http://blog.gravatar.com/2012/10/09/default-image-changes/, which was a change to the Gravatar service about a month ago that could affect the usage of blank.gif. Because of that, moving to 3.5.
#8
@
12 years ago
miqro-blank-gravatars.diff makes sense to me.
22354.patch is a simplified version without reformatting the block.
#9
@
12 years ago
Thanks nacin. Do you want a more involved patch for this? In addition to the concerns from above, I just noticed on http://en.gravatar.com/site/implement/images/ that query strings are disallowed on default images now.
Sergey, yours is fine too.
#10
@
12 years ago
Testing shows query strings are still allowed within the d= variable. Disregard that.
Related: #21195