| Topic: | No way easy to remove pictures of deleted users |
| Severity: | Minor |
| Versions affected: | < 1.9.4, < 1.8.8 |
| Reported by: | Howard Miller |
| Issue no.: | MDL-17065 |
| Solution: | update to latest releases, weeklies or replace /user/pix.php; workaround is to remove images before deleting users or delete from shell/ftp; fix was not backported into 1.7.x and 1.6.x branches |
Description:
Spammers or other vandals might upload unwanted images as avatars. After deleting users there was no easy way to remove those images. Solution was to ignore images of deleted users. See tracker for details.
Note:
Exploits would be probably targeted at wikis, databases and glossaries because admins usually delete forums posts because they are easy to stop (==linked from profile).
Final solution should be implementation in 2.0 - full purging of user accounts after delete which would remove all user data.