From 4aee11e54b5179667fdfbaee8bd239c1bd6d9f6e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Doursenaud?= <rdoursenaud@gpcsolutions.fr>
Date: Mon, 8 Jun 2015 17:00:43 +0200
Subject: [PATCH] Make default avatar images public to allow Gravatar proxying

Fix #2985
---
 htdocs/admin/company.php                      |   2 +-
 htdocs/core/class/html.form.class.php         |  13 +++++---
 htdocs/public/theme/common/index.php          |  29 ++++++++++++++++++
 htdocs/{ => public}/theme/common/nophoto.jpg  | Bin
 .../theme/common/user_anonymous.png           | Bin
 htdocs/{ => public}/theme/common/user_man.png | Bin
 .../{ => public}/theme/common/user_woman.png  | Bin
 htdocs/public/theme/index.php                 |  29 ++++++++++++++++++
 htdocs/viewimage.php                          |   2 +-
 9 files changed, 68 insertions(+), 7 deletions(-)
 create mode 100644 htdocs/public/theme/common/index.php
 rename htdocs/{ => public}/theme/common/nophoto.jpg (100%)
 rename htdocs/{ => public}/theme/common/user_anonymous.png (100%)
 rename htdocs/{ => public}/theme/common/user_man.png (100%)
 rename htdocs/{ => public}/theme/common/user_woman.png (100%)
 create mode 100644 htdocs/public/theme/index.php

diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php
index 1a75a199dc6..02cba5cd912 100644
--- a/htdocs/admin/company.php
+++ b/htdocs/admin/company.php
@@ -385,7 +385,7 @@ if ($action == 'edit' || $action == 'updateedit')
     }
     else
     {
-        print '<img height="30" src="'.DOL_URL_ROOT.'/theme/common/nophoto.jpg">';
+        print '<img height="30" src="'.DOL_URL_ROOT.'/public/theme/common/nophoto.jpg">';
     }
     print '</td></tr></table>';
     print '</td></tr>';
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 394b77b9768..c236df18199 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -5122,19 +5122,22 @@ class Form
             }
             else
 			{
-				$nophoto='/theme/common/nophoto.jpg';
+				$nophoto='/public/theme/common/nophoto.jpg';
 				if (in_array($modulepart,array('userphoto','contact')))	// For module thar are "physical" users
 				{
-					$nophoto='/theme/common/user_anonymous.png';
-					if ($object->gender == 'man') $nophoto='/theme/common/user_man.png';
-					if ($object->gender == 'woman') $nophoto='/theme/common/user_woman.png';
+					$nophoto='/public/theme/common/user_anonymous.png';
+					if ($object->gender == 'man') $nophoto='/public/theme/common/user_man.png';
+					if ($object->gender == 'woman') $nophoto='/public/theme/common/user_woman.png';
 				}
 
 				if (! empty($conf->gravatar->enabled) && $email)
                 {
+	                /**
+	                 * @see https://gravatar.com/site/implement/images/php/
+	                 */
                     global $dolibarr_main_url_root;
                     $ret.='<!-- Put link to gravatar -->';
-                    $ret.='<img class="photo'.$modulepart.'" alt="Photo found on Gravatar" title="Photo Gravatar.com - email '.$email.'" border="0"'.($width?' width="'.$width.'"':'').($height?' height="'.$height.'"':'').' src="http://www.gravatar.com/avatar/'.dol_hash($email,3).'?s='.$width.'&d='.urlencode(dol_buildpath($nophoto,2)).'">';	// gravatar need md5 hash
+                    $ret.='<img class="photo'.$modulepart.'" alt="Gravatar avatar" title="'.$email.' Gravatar avatar" border="0"'.($width?' width="'.$width.'"':'').($height?' height="'.$height.'"':'').' src="https://www.gravatar.com/avatar/'.dol_hash(strtolower(trim($email)),3).'?s='.$width.'&d='.urlencode(dol_buildpath($nophoto,2)).'">';	// gravatar need md5 hash
                 }
                 else
 				{
diff --git a/htdocs/public/theme/common/index.php b/htdocs/public/theme/common/index.php
new file mode 100644
index 00000000000..0d25c726b33
--- /dev/null
+++ b/htdocs/public/theme/common/index.php
@@ -0,0 +1,29 @@
+<?php
+/* Copyright (C) 2009 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2015 Raphaël Doursenaud   <rdoursenaud@gpcsolutions.fr>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ *     	\file       htdocs/public/theme/common/index.php
+ *		\ingroup    core
+ *		\brief      A redirect page to an error
+ *		\author	    Laurent Destailleur
+ */
+
+require '../../../master.inc.php';
+
+header("Location: ".DOL_URL_ROOT.'/public/error-404.php');
+
diff --git a/htdocs/theme/common/nophoto.jpg b/htdocs/public/theme/common/nophoto.jpg
similarity index 100%
rename from htdocs/theme/common/nophoto.jpg
rename to htdocs/public/theme/common/nophoto.jpg
diff --git a/htdocs/theme/common/user_anonymous.png b/htdocs/public/theme/common/user_anonymous.png
similarity index 100%
rename from htdocs/theme/common/user_anonymous.png
rename to htdocs/public/theme/common/user_anonymous.png
diff --git a/htdocs/theme/common/user_man.png b/htdocs/public/theme/common/user_man.png
similarity index 100%
rename from htdocs/theme/common/user_man.png
rename to htdocs/public/theme/common/user_man.png
diff --git a/htdocs/theme/common/user_woman.png b/htdocs/public/theme/common/user_woman.png
similarity index 100%
rename from htdocs/theme/common/user_woman.png
rename to htdocs/public/theme/common/user_woman.png
diff --git a/htdocs/public/theme/index.php b/htdocs/public/theme/index.php
new file mode 100644
index 00000000000..1d8c522741d
--- /dev/null
+++ b/htdocs/public/theme/index.php
@@ -0,0 +1,29 @@
+<?php
+/* Copyright (C) 2009 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2015 Raphaël Doursenaud   <rdoursenaud@gpcsolutions.fr>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ *     	\file       htdocs/public/theme/index.php
+ *		\ingroup    core
+ *		\brief      A redirect page to an error
+ *		\author	    Laurent Destailleur
+ */
+
+require '../../master.inc.php';
+
+header("Location: ".DOL_URL_ROOT.'/public/error-404.php');
+
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index 9e22bb94cc2..f9f2b54b292 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -173,7 +173,7 @@ else					// Open and return file
     // This test is to avoid error images when image is not available (for example thumbs).
     if (! dol_is_file($original_file))
     {
-        $original_file=DOL_DOCUMENT_ROOT.'/theme/common/nophoto.jpg';
+        $original_file=DOL_DOCUMENT_ROOT.'/public/theme/common/nophoto.jpg';
         /*$error='Error: File '.$_GET["file"].' does not exists or filesystems permissions are not allowed';
         dol_print_error(0,$error);
         print $error;