From f9faaaf7123347535511964481c7dce539f945e2 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Wed, 29 Jun 2022 14:45:37 +0200
Subject: [PATCH] Ensure that avatars are world-readable in
 UserProfileAction::setAvatar()

Fixes #4769
---
 .../install/files/lib/data/user/UserProfileAction.class.php  | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/wcfsetup/install/files/lib/data/user/UserProfileAction.class.php b/wcfsetup/install/files/lib/data/user/UserProfileAction.class.php
index fa9ad668d7..250a933b02 100644
--- a/wcfsetup/install/files/lib/data/user/UserProfileAction.class.php
+++ b/wcfsetup/install/files/lib/data/user/UserProfileAction.class.php
@@ -621,6 +621,11 @@ class UserProfileAction extends UserAction implements IPopoverAction
 
             \rename($this->parameters['fileLocation'], $avatar->getLocation(null, false));
 
+            // Fix the permissions of the file in case the source file was created with restricted
+            // permissions (e.g. 0600 instead of 0644). Without this the file might not be readable
+            // for the web server if it runs with a different system user.
+            FileUtil::makeWritable($avatar->getLocation(null, false));
+
             // Create the WebP variant or the JPEG fallback of the avatar.
             $avatarEditor = new UserAvatarEditor($avatar);
             if ($avatarEditor->createAvatarVariant()) {
-- 
2.20.1