-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
2.7.3, 2.8.1
-
MOODLE_27_STABLE, MOODLE_28_STABLE
-
MDL-48245-master
-
While working on MDL-48023 it has been discovered that the profile image is served to the user using the two constraints below:
- $CFG->forcelogin
- $CFG->forceloginforprofileimage
The current code and the description of the above parameters don't match with the expected behavior which is: only $CFG->forceloginforprofileimage should prevent a public accessibility to the user icon.
This is a bug regarding to these descriptions and, moreover, the current code prevents to give profile images a "public" access for the reasons already given in MDL-48023 and in https://moodle.org/mod/forum/discuss.php?d=274619#p1180502.
- has a non-specific relationship to
-
MDL-48394 Hiding user_pictures causes markup validation failure
- Closed
-
MDL-26508 Protect user profile images to be restricted to users of an enrolled course
- Closed
- has been marked as being related by
-
MDL-43850 User images do not display in forum post e-mails when "Force users to log in" is enabled
- Peer review in progress
-
MDL-26508 Protect user profile images to be restricted to users of an enrolled course
- Closed
- is blocked by
-
MDL-48023 Performance issue. "Cache-control: private" on public static files
- Closed