2 files changed, 24 insertions, 11 deletions

diff --git a/pages/avatar/edit.php b/pages/avatar/edit.php
index eef8f8f8b..56aede887 100644
--- a/pages/avatar/edit.php
+++ b/pages/avatar/edit.php
@@ -10,8 +10,18 @@ elgg_set_context('profile_edit');
 
 $title = elgg_echo('avatar:edit');
 
-$content = elgg_view('core/avatar/upload', array('entity' => elgg_get_page_owner_entity()));
-$content .= elgg_view('core/avatar/crop', array('entity' => elgg_get_page_owner_entity()));
+$entity = elgg_get_page_owner_entity();
+if (!elgg_instanceof($entity, 'user') || !$entity->canEdit()) {
+	register_error(elgg_echo('avatar:noaccess'));
+	forward(REFERER);
+}
+
+$content = elgg_view('core/avatar/upload', array('entity' => $entity));
+
+// only offer the crop view if an avatar has been uploaded
+if (isset($entity->icontime)) {
+	$content .= elgg_view('core/avatar/crop', array('entity' => $entity));
+}
 
 $params = array(
 	'content' => $content,
diff --git a/pages/avatar/view.php b/pages/avatar/view.php
index 904a57610..10d81fef1 100644
--- a/pages/avatar/view.php
+++ b/pages/avatar/view.php
@@ -3,6 +3,7 @@
  * View an avatar
  */
 
+// page owner library sets this based on URL
 $user = elgg_get_page_owner_entity();
 
 // Get the size
@@ -13,15 +14,17 @@ if (!in_array($size, array('master', 'large', 'medium', 'small', 'tiny', 'topbar
 
 // If user doesn't exist, return default icon
 if (!$user) {
-	$url = "_graphics/icons/user/default{$size}";
+	$url = "_graphics/icons/default/{$size}.png";
 	$url = elgg_normalize_url($url);
 	forward($url);
 }
 
+$user_guid = $user->getGUID();
+
 // Try and get the icon
 $filehandler = new ElggFile();
-$filehandler->owner_guid = $user->getGUID();
-$filehandler->setFilename("profile/" .  $user->getGUID() . $size . ".jpg");
+$filehandler->owner_guid = $user_guid;
+$filehandler->setFilename("profile/{$user_guid}{$size}.jpg");
 
 $success = false;
 
@@ -32,20 +35,20 @@ try {
 		}
 	}
 } catch (InvalidParameterException $e) {
-	elgg_log("Unable to get profile icon for user with GUID $entity->guid", 'ERROR');
+	elgg_log("Unable to get avatar for user with GUID $user_guid", 'ERROR');
 }
 
 
 if (!$success) {
-	$url = "_graphics/icons/user/default{$size}.gif";
+	$url = "_graphics/icons/default/{$size}.png";
 	$url = elgg_normalize_url($url);
 	forward($url);
 }
 
-header("Content-type: image/jpeg");
-header('Expires: ' . date('r', time() + 864000));
-header("Pragma: public");
-header("Cache-Control: public");
+header("Content-type: image/jpeg", true);
+header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+6 months")), true);
+header("Pragma: public", true);
+header("Cache-Control: public", true);
 header("Content-Length: " . strlen($contents));
 
 echo $contents;