Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Remove Change Picture popup

When viewing my profile and hovering over my Avatar I see an option pop up to Change the Picture. What file is controlling this as I have disable image changing and don't want the link to appear. At the moment if I click on the link I get a message "Editing user photos has been disabled" but it would be cleaner just to remove the link altogether. I have tried messing about in class.profilecontroller.php without any luck.




  • Managed to find a line in userphoto.php that controls this. Now to try and work out a clean way to overwrite it rather than just editing the file directly :confounded:

  • R_JR_J Ex-Fanboy Munich Admin

    Use the CssEdit plugin and do it with css. This might work:

    .PhotoWrap:hover a.ChangePicture {
        display: none;
  • LincLinc Detroit Admin

    Set Garden.Profile.EditPhotos to false in your config.

  • Thanks guys. This was already set to false in my config but that still shows the link. The CSS method looks simplest so I will probably go with that. Thanks for the tip.

  • LincLinc Detroit Admin
    edited December 2016

    @alan0209 said:
    Thanks guys. This was already set to false in my config but that still shows the link.

    It would show it to you, as the administrator. Not everyone else.

    Relevant code from userphotomodule:
    $this->CanEditPhotos = Gdn::session()->checkRankedPermission(c('Garden.Profile.EditPhotos', true)) || Gdn::session()->checkPermission('Garden.Users.Edit');

  • Hmm I did try just changing that to "$this->CanEditPhotos = false" and but was still seeing the link :confused:

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    @alan0209 said:
    Hmm I did try just changing that to "$this->CanEditPhotos = false" and but was still seeing the link :confused:

    You don't understand the answer..

    Linc gave you a configuration to add to your config.php not to change the plugin

    Just add this line to the config.php , then only you will be able to see the link if you are the admin.


  • Thanks vrijvlinder

    Yes I do understand the answer (I think...) :) The line in config.php was set from the beginning (before I made this post). The issue was admins still saw the popup over the avatar and I wanted to remove it site-wide for all users. Linc said that the relevant code controlling that was the line above in the userphotomodule. I said that I had already tried forcing CanEditPhotos to false and that I still saw the popup (possibly down to caching issues?). It has been removed via CSS now anyway so no longer an issue.



  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    @alan0209 said:

    I wanted to remove it site-wide for all users.

    Admins are not Users... they are supposed to have all powers... The super admin has a higher power.

    Hiding it with css is like sweeping the dirt under the rug. If someone lift the rug they will see the dirt. Specially when it comes to forms, that is not advisable. Because a smart coder will know how to access it.

    There are two configurations involved here, the permission to edit their profile, and permission to edit Photo.

  • LOL sorry if my terminology isn't Vanilla specific :) My day job is in infrastructure admin and there admins are definitely users (the most dangerous type with elevated privileges :)) I agree with your view on CSS which is why I also edited the line in userphoto.php to remove the functionality altogether. At the end of the day this is ugly though as it will need checking after every update. I would prefer a cleaner solution but don't really have the time just now to learn enough about Vanilla to work one out :( Still it is only a single line I have to change so not too much hardship after the next update

    Thanks for the input


Sign In or Register to comment.