Hide user avatar for blocked and unconfirmed users
1 unresolved thread
1 unresolved thread
Compare changes
Files
2+ 3
− 1
@@ -47,7 +49,7 @@ def gravatar_icon(user_email = '', size = nil, scale = 2)
Follow-up to #341325 (closed) and !75032 (merged) (merged).
We should mask the user avatar for blocked or unconfirmed users to avoid it being used for spam. You can see in screenshots below this also masks the Gravatar for a user, so they can't even show spam via that external service when they're blocked in GitLab.
Admin users are always able to see the user avatar regardless of status.
Numbered steps to set up and validate the change are strongly suggested.
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.