From d535e1ce6d1b46792803a03e7bba9e4c25e02041 Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Thu, 13 Dec 2018 16:32:35 +1100
Subject: [PATCH] SECURITY: do not delete avatars uploads when deleting
 accounts

We rely on the clean up uploads job to do this safely
---
 app/models/user_avatar.rb | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/app/models/user_avatar.rb b/app/models/user_avatar.rb
index 69d0ff7764..d3ef9c13bc 100644
--- a/app/models/user_avatar.rb
+++ b/app/models/user_avatar.rb
@@ -3,8 +3,8 @@ require_dependency 'upload_creator'
 
 class UserAvatar < ActiveRecord::Base
   belongs_to :user
-  belongs_to :gravatar_upload, class_name: 'Upload', dependent: :destroy
-  belongs_to :custom_upload, class_name: 'Upload', dependent: :destroy
+  belongs_to :gravatar_upload, class_name: 'Upload'
+  belongs_to :custom_upload, class_name: 'Upload'
 
   def contains_upload?(id)
     gravatar_upload_id == id || custom_upload_id == id
@@ -50,7 +50,6 @@ class UserAvatar < ActiveRecord::Base
                 user.update!(uploaded_avatar_id: upload_id)
               end
 
-              gravatar_upload&.destroy!
               self.gravatar_upload = upload
               save!
             end