search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
44.08k stars 5.41k forks source link

avatar_default.png broken on some pages #28945

Closed JanRomero closed 6 months ago

JanRomero commented 7 months ago

Description

New users who have not uploaded a custom avatar are shown with a broken image in our installation. The HTML generated for the big image on the user profile looks like this, which is clearly wrong:

/avatars/%2Fassets%2Fimg%2Favatar_default.png?size=512 As you can see, the path contains escaped forward slashes and is wrongly prefixed with “/avatars”.

In the install directory the image is set up under /custom/public/assets/img/avatar_default.png. I’m pretty sure that’s correct, because it is shown nicely on anonymous commits, where the generated HTML looks as expected.

Our config in app.ini looks like this. This is the entire section and it’s reflected in the admin panel. We don’t have any other avatar settings in the UI or in app.ini that I’m aware of.

[picture]
DISABLE_GRAVATAR = true
ENABLE_FEDERATED_AVATAR = false

If this is indeed a bug, I imagine it lives here, but I’m only browsing the source on github and don’t know what I’m doing: https://github.com/go-gitea/gitea/blob/534917d57670d82703567131e2b33fd945e6f8cb/models/avatars/avatar.go#L60

Thank you very much! Sorry if this is a misconfiguration on my end.

Screenshots

Gitea Version

1.21.4

Can you reproduce the bug on the Gitea demo site?

No

Operating System

Windows

Browser Version

Any

wxiaoguang commented 7 months ago

It seems that you manually filled incorrect value to user's Avatar database column.

You should keep the user's Avatar database column empty if they doesn't have an avatar.

If you filled anything into user's Avatar database column , that value will be used as an existing avatar: "/avatars/" + escape(user.Avatar), then that's what you saw.

KN4CK3R commented 7 months ago

Looked at this too and there must be something invalid in the database. The field should just contain a hash and not some path.

JanRomero commented 7 months ago

Hi, thanks for the quick replies. You’re right, the database column contains “/assets/img/avatar_default.png” for new users. They are created automatically on their first visit by the SPNEGO auth source, so I guess the problem lies there?

If I remove my avatar as an existing user, I get a hash in the database showing as some auto-generated geometry in the frontend (I feel like I should get avatar_default.png, but as long as it’s not a broken image I don’t mind).

wxiaoguang commented 7 months ago

the database column contains “/assets/img/avatar_default.png” for new users. They are created automatically on their first visit by the SPNEGO auth source, so I guess the problem lies there?

It looks like a bug ...... as old as #8463

KN4CK3R commented 7 months ago

Yep, that's wrong: Avatar: avatars.DefaultAvatarLink(),

@wxiaoguang You or me?

wxiaoguang commented 7 months ago

Too late in my timezone, will go to bed 🤣 feel free to propose a fix 🙏

JanRomero commented 7 months ago

Awesome, you guys are really fast! Appreciate it! Sorry I didn’t post the relevant details immediately.

wxiaoguang commented 6 months ago

wait for backport