Avoid user enumeration by using avatar image url

2021-06-05 15:50:43 -07:00
parent 728ba61450
commit cc6f1db846
3 changed files with 8 additions and 2 deletions
--- a/tests/units/Formatter/UserMentionFormatterTest.php
+++ b/tests/units/Formatter/UserMentionFormatterTest.php
@@ -29,7 +29,7 @@ class UserMentionFormatterTest extends Base
        $expected = array(
            array(
                'value' => 'someone',
-                'html' => '<div class="avatar avatar-20 avatar-inline"><img src="?controller=AvatarFileController&amp;action=image&amp;user_id=1&amp;hash=5acc03af0274414544b9615fb223d925&amp;size=20" alt="Someone" title="Someone"></div> someone <small aria-hidden="true">Someone</small>',
+                'html' => '<div class="avatar avatar-20 avatar-inline"><img src="?controller=AvatarFileController&amp;action=image&amp;user_id=1&amp;hash=871b0146d6689014b79b878c7b120151&amp;size=20" alt="Someone" title="Someone"></div> someone <small aria-hidden="true">Someone</small>',
            ),
            array(
                'value' => 'somebody',