Fix admin photo rotation.

2 files changed, 26 insertions, 11 deletions

diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm
index 848871f69..7c985fdfc 100644
--- a/perllib/FixMyStreet/App/Controller/Admin.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin.pm
@@ -4,8 +4,9 @@ use namespace::autoclean;
 
 BEGIN { extends 'Catalyst::Controller'; }
 
+use Path::Class;
 use POSIX qw(strftime strcoll);
-use Digest::MD5 qw(md5_hex);
+use Digest::SHA1 qw(sha1_hex);
 use mySociety::EmailUtil qw(is_valid_email);
 use if !$ENV{TRAVIS}, 'Image::Magick';
 
@@ -1080,7 +1081,7 @@ sub get_token : Private {
 
     my $secret = $c->model('DB::Secret')->search()->first;
     my $user = $c->forward('get_user');
-    my $token = md5_hex(($user . $secret->secret));
+    my $token = sha1_hex($user . $secret->secret);
     $c->stash->{token} = $token;
 
     return 1;
@@ -1235,21 +1236,38 @@ sub rotate_photo : Private {
     my ( $self, $c ) =@_;
 
     my $direction = $c->req->param('rotate_photo');
-
     return unless $direction =~ /Left/ or $direction =~ /Right/;
 
-    my $photo = _rotate_image( $c->stash->{problem}->photo, $direction =~ /Left/ ? -90 : 90 );
+    my $photo = $c->stash->{problem}->photo;
+    my $file;
+
+    # If photo field contains a hash
+    if ( length($photo) == 40 ) {
+        $file = file( $c->config->{UPLOAD_DIR}, "$photo.jpeg" );
+        $photo = $file->slurp;
+    }
+
+    $photo = _rotate_image( $photo, $direction =~ /Left/ ? -90 : 90 );
+    return unless $photo;
 
-    if ( $photo ) {
-        $c->stash->{rotated} = 1;
-        $c->stash->{problem}->photo( $photo );
+    my $fileid;
+    if ( !$file ) {
+        $fileid = sha1_hex($photo);
+        $file = file( $c->config->{UPLOAD_DIR}, "$fileid.jpeg" );
+    }
+
+    $c->stash->{rotated} = 1;
+    $file->spew( $photo );
+    unlink glob FixMyStreet->path_to( 'web', 'photo', $c->stash->{problem}->id . '.*' );
+
+    if ( $fileid ) {
+        $c->stash->{problem}->photo( $fileid );
         $c->stash->{problem}->update();
     }
 
     return 1;
 }
 
-
 =head2 check_page_allowed
 
 Checks if the current catalyst action is in the list of allowed pages and
diff --git a/perllib/FixMyStreet/App/Controller/Photo.pm b/perllib/FixMyStreet/App/Controller/Photo.pm
index fa4baf045..279623922 100644
--- a/perllib/FixMyStreet/App/Controller/Photo.pm
+++ b/perllib/FixMyStreet/App/Controller/Photo.pm
@@ -102,10 +102,7 @@ sub output : Private {
     File::Path::make_path( FixMyStreet->path_to( 'web', 'photo', 'c' )->stringify );
     File::Slurp::write_file( FixMyStreet->path_to( 'web', $c->req->path )->stringify, \$photo );
 
-    my $dt = DateTime->now()->add( years => 1 );
-
     $c->res->content_type( 'image/jpeg' );
-    $c->res->header( 'expires', DateTime::Format::HTTP->format_datetime( $dt ) );
     $c->res->body( $photo );
 }