%# BEGIN BPS TAGGED BLOCK {{{
%#
%# COPYRIGHT:
%#
%# This software is Copyright (c) 1996-2025 Best Practical Solutions, LLC
%#                                          <sales@bestpractical.com>
%#
%# (Except where explicitly superseded by other copyright notices)
%#
%#
%# LICENSE:
%#
%# This work is made available to you under the terms of Version 2 of
%# the GNU General Public License. A copy of that license should have
%# been provided with this software, but in any event can be snarfed
%# from www.gnu.org.
%#
%# This work is distributed in the hope that it will be useful, but
%# WITHOUT ANY WARRANTY; without even the implied warranty of
%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
%# General Public License for more details.
%#
%# You should have received a copy of the GNU General Public License
%# along with this program; if not, write to the Free Software
%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
%# 02110-1301 or visit their web page on the internet at
%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
%#
%#
%# CONTRIBUTION SUBMISSION POLICY:
%#
%# (The following paragraph is not intended to limit the rights granted
%# to you to modify and distribute this software under the terms of
%# the GNU General Public License and is only of importance to you if
%# you choose to contribute your changes and enhancements to the
%# community by submitting them to Best Practical Solutions, LLC.)
%#
%# By intentionally submitting any modifications, corrections or
%# derivatives to this work, or any other work intended for use with
%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
%# you are the copyright holder for those contributions and you grant
%# Best Practical Solutions,  LLC a nonexclusive, worldwide, irrevocable,
%# royalty-free, perpetual, license to use, copy, create derivative
%# works based on those contributions, and sublicense and distribute
%# those contributions and any derivatives thereof.
%#
%# END BPS TAGGED BLOCK }}}
<%perl>
$m->comp('/Elements/HttpResponseHeaders', MaxAgeSeconds => 24 * 3600 * 30);
my $user_id;
my $arg = $m->dhandler_arg;    # get rest of path
my $sig;
if ( $arg =~ m{^(\d+)-(\w+)} ) {
    $user_id = $1;
    $sig     = $2;
}
else {
    Abort("Invalid user id", Code => HTTP::Status::HTTP_BAD_REQUEST);
}

my $UserObj = RT::User->new( $session{'CurrentUser'} );
my ($ok, $msg) = $UserObj->Load($user_id);

unless ( $ok ) {
    RT->Logger->error("Unable to load user with $user_id: $msg");
    Abort("User could not be loaded", Code => HTTP::Status::HTTP_NOT_FOUND);
}

Abort( "User image could not be loaded", Code => HTTP::Status::HTTP_NOT_FOUND )
    unless $sig eq ( $UserObj->ImageSignature // '' );

my $content = $UserObj->Image;
my $content_type = $UserObj->ImageContentType;

$r->headers_out->{'X-Content-Type-Options'} = 'nosniff' if RT->Config->Get('StrictContentTypes');
$r->content_type($content_type);
$m->clear_buffer();
$m->out($content);
$m->abort;
</%perl>
<%attr>
AutoFlush => 0
</%attr>
