Fix for #2663: fix for original/96px-size avatars getting saved with bad permissions, causing failure to see images if background queues are different user from web server.

The original-size file is now forced to 0644 (all-readable), which should help. Not sure this is 100% ideal, but it's better than 0600!
(The other sizes were being created in other code and had sane read perms already.)

Watch out for similar issues in Twitter bridge etc; avatar import code should get cleaned up and consolidated.

1 files changed, 8 insertions, 0 deletions

diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php
index 6a0fd1f3b..19fe5169b 100644
--- a/plugins/OStatus/classes/Ostatus_profile.php
+++ b/plugins/OStatus/classes/Ostatus_profile.php
@@ -1065,6 +1065,14 @@ class Ostatus_profile extends Memcached_DataObject
                                      null,
                                      common_timestamp());
         rename($temp_filename, Avatar::path($filename));
+        // @fixme hardcoded chmod is lame, but seems to be necessary to
+        // keep from accidentally saving images from command-line (queues)
+        // that can't be read from web server, which causes hard-to-notice
+        // problems later on:
+        //
+        // http://status.net/open-source/issues/2663
+        chmod(Avatar::path($filename), 0644);
+
         $self->setOriginal($filename);
 
         $orig = clone($this);