XF 1.4 Avatars of banned members getting removed from the filesystem

imthebest

Well-known member
Hi,

I have noticed that avatars from banned members are getting removed from the filesystem. At first I was thinking that they were getting removed (S, M and L versions) at the moment when the ban was executed (be it from a warning action or by using the spam cleaner) however I have noticed that the removal from the filesystem happens some hours later but unfortunately I'm not exactly sure how many hours later or if it is done by a cron job.

At first I was thinking that the culprit was the add-on Special Avatar for Banned Members by @Chris D however he has already told me that his add-on does nothing to the avatar files.

So I'm not sure what could be causing this. What should I check?

Thanks,
Super120
 
I can say almost certainly that there is nothing in the core XF code that deletes avatars routinely.

There is a "deleteAvatar" method in the Avatar model - this is what we would use. I've looked at all code which calls this, and it is only where you would expect it to be called, e.g. if it is explicitly expected to delete an avatar.

With this in mind it is likely an add-on which is doing this -- but not mine :) Mine doesn't delete avatars either. My add-0n just looks at a different URL to display the special avatar.
 
How I can find the culprit add-on? In vBulletin I was able to look at something called 'hooks' so for example if an add-on was causing issues with private messaging then I only reviewed the add-ons that made use of the 'private_messaging" hook (vBulletin provided an option in the ACP to see the list of hooks used by each add-on).

Is there something similar in XenForo?
 
Not really no. Though you could search all your PHP files for any that contain the text "deleteAvatar" to see if that brings up anything outside of the XenForo directory. Though there would be no guarantee that an add on would actually use that method to delete an avatar.
 
Already tried that (searching for "avatar" inside the /library directory excluding folders XenForo, XenES and xengallery) and after quickly reviewing the results I found nothing that could delete avatars.

But since the removal of the avatars (S, M and L versions) is happening hours later after the ban is executed... is it feasible to code a XF script that will monitor the removal of avatar files associated to banned members and when it detects that they got removed then write to a log file with details of the PHP file that requested the removal?
 
I'm pretty sure there's nothing like that available in PHP that would be able to monitor file access with such detail.

You'd maybe be looking for something available at the OS or server level.

However, I'd still be somewhat surprised if an add-on was to blame. It would seem to be somewhat obscure functionality to have running without your prior knowledge.
 
Oookay! I believe I have an idea of what is happening and hope it is the cause of the problem otherwise I'll get crazy.

I have configured my forum to add banned members to a specific usergroup and this usergroup has the permission "Upload an avatar" defined as "Not Set (No)" and "Maximum large avatar file size (bytes)" set to "0". The permissions for the regular members usergroup (the primary usergroup) is "Upload an avatar" defined as "Allow" and "Maximum large avatar file size (bytes)" set to "10240".

I guess that what is happening is that XenForo gets confused and thinks "Hey! Why this member which doesn't have permissions to upload an avatar actually have one? This is bad, I'm going to delete his avatar files :sneaky:"

Please tell me that my guess is true :(
 
In directory library/Sabre/Sabre/DAV (and subdirectories) I found some deletion-related stuff:

Code:
    /**
     * HTTP Delete
     *
     * The HTTP delete method, deletes a given uri
     *
     * @return void
     */
    protected function httpDelete() {

        $uri = $this->getRequestUri();
        $node = $this->tree->getNodeForPath($uri);
        if (!$this->broadcastEvent('beforeUnbind',array($uri))) return;
        $node->delete();

        $this->httpResponse->sendStatus(204);
        $this->httpResponse->setHeader('Content-Length','0');

    }

Code:
    /**
     * Delete the current file
     *
     * @return void
     */
    public function delete() {

        unlink($this->path);

    }

But Sabre comes as part of XenForo so I guess this is also not a problem, right?
 
@imthebest Did you find what was causing the avatars to get deleted? It is happening on my forum and I am unable to find what is causing it. Sad part is that I am unable to replicate the issue on my development site so I am wondering it must be some setting in some addon which is different between my dev vs live site.

The banned member's avatar image files are deleted from the directory leaving a broken image link on the page. Wondering if I can use some debugging tools to log all script executions to see what is causing these avatars to get deleted, I have exactly the same addons in dev and live site yet it does not happen on the dev site. Only difference is that I don't have elastic search on dev site.
 
Hi Chris, Yes I use the Banned User Avatar addon, but the same add-on is also on my dev site where the issues does not seem to occur.

Seems like all size avatars are being deleted l, m and s size, when the user is banned. and the small avatars are not getting replaced by the special avatar for banned, but l and m avatars are getting replaced with a special avatar for banned users (In unban the user, their original avatar is broken - file does not exist). Can't seem to figure which addon or setting could be deleting their avatar on user ban.
 
Top Bottom