The rest_get_avatar_urls of the REST API currently only takes an email address instead of a user or comment object, making get_avatar_url think its handling an anonymous commenter.

Trac: https://core.trac.wordpress.org/ticket/40030

Currently the plugin always assumes a network de-/activation on multisite environments. This is not always correct.

Starter: https://developer.wordpress.org/plugins/privacy/

Replace passing the full plugin file path (for hooks) with a constant AVATAR_PRIVACY_PLUGIN_FILE.

Avatar Privacy still needs a logo/icon for the WP.org plugin repository. Since I'm not much of a designer, help would be very welcome :-)

Unit tests are desperately needed:

• Runtime infrastructure
• Main plugin components
• Upload handlers
• Network tools
• Plugin integrations
• Avatar handlers
• Default icons
• Image tools

Image_Stream currently does not implement ::stream_metadata and ::unlink, making EWWWIO fail (only affects PNG images).

Refactor Avatar_Privacy\Components\Avatar_Handling to reduce complexity.

Currently the option values are hardcoded in various places.

Add a Gutenberg blog to show a user's avatar.

https://wordpress.org/plugins/ultimate-member/

• Component: Do away with the Core parameter of run.
• Icon_Provider:
  • Use dependency injection for generators.
  • Try to use lazy initialization to reduce the memory footprint.

Several people have requested to re-add an option to display gravatars by default (essentially changing Avatar Privacy behavior to "opt-out"). Currently, the same result can be achieved by using the filter hook avatar_privacy_gravatar_use_default :

add_filter( 'avatar_privacy_gravatar_use_default', '__return_true' );

Add a checkbox to the user profile to allow registered users to comment with their Gravatar without necessarily being logged in. (This disables a safety feature to prevent fraudulent Gravatar disclosure.)

Disable native profile picture upload and use WP User Manager's if present and activated. Requested by @seanking2919 in the WordPress.org support forums.

Some people like to integrate user profiles and avatar uploads into their frontend. We should provide both a shortcode and an underlying template function (and maybe even a Gutenberg block).

See https://wp-cli.org/ for details.

Include Cat Avatars by @Deevad. Source: https://framagit.org/Deevad/cat-avatar-generator/

Use comment_form_fields hook instead comment_form_default_fields for better theme compatibility.

Optionally, allow for a redirect to retireve a user avatar when then avatar is publicly shared that survives even when the image is changed.

For example /avatar/username.png

I wouldn't want this for my commenters, but for myself, I would want to share this.

This might be doable concurrently with #75

Some people like to add target="_blank" to the Gravatar.com links.

Reported by Frank Kunert in https://code.mundschenk.at/avatar-privacy/#comment-576

We don't actually need WordPress 5.1. Now that proper PHP validation is in Core, 2.3.0 can drop PHP 5.2 compatibility. Until then, people should be able to update to 2.2.x to prevent later data compatibility issues.

Apparently, bbPress calls get_avatar with mail addresses instead of a user ID. Workaround needs to be investigated. Reported by Martin Stehle on WP.org.

Currently the plugin does not properly clean up everything on multisite.

See https://wordpress.org/support/topic/there-was-an-error-uploading-the-avatar-specified-file-failed-upload-test/

After #16, @Deevad has also created a Bird avatar generator.

Include RoboHash SVG avatars.

Caveats:

• @nimiq has released an SVG version of Robohash (written in JS), supposedly all released under the MIT license.
• The original images at Robohash.org were licensed under CC-BY 3.0.
• The true license status of the SVG version is unclear.
• Efforts regarding the re-licensing of the PNG version can befound at e1ven/Robohash#33.

New installations of the plugin on a multisite environment incorrectly enable the use of global tables.

Use the humbug/php-scoper package to prevent incorrect dependency versions (from other WordPress plugins) from being loaded.

Only set the cookie when the default WordPress cookies are also set.

When a site is deleted in a multisite environment, our custom tables should also be dropped.

The features of #110 should be made available as a Gutenberg block.

Remove the compatibility layer during plugin initialization (needs WordPress 5.2).

• Code coverage
• Performance of PNG filling operations
• Inconsistent IDs for form checkboxes

The user meta key use_gravatar should be prefixed, i.e. avatar_privacy_use_gravatar.

Add an option to upload custom default icons (PNG/JPEG only at the moment).

The milestone 1.2.0 has been changed to 2.0.0 due to extensive refactoring of the PHP code. Both the inline documentation and changelogs need to be updated.

The static method reset_avatar_default() should be a non-static one in the \Avatar_Privacy\Data_Storage\Options class.

• Store user avatars and custom default icons in the Media Library.
• Migrate legacy images to the Media Library.

Integrate with https://wordpress.org/plugins/wpdiscuz/

Hi there. Activating this plugin displays the following error:

Fatal error: Cannot use isset() on the result of an expression (you can use "null !== expression" instead) in /wp-content/plugins/avatar-privacy/includes/avatar-privacy/components/class-images.php on line 330

This is PHP 5.6.36

User_Avatar_Upload, Gravatar_Cache and Icon_Provider should have common interface.

When the default is changed by the administrator, the plugin checks for the existence of gravatars even in the spam folder of the comments pages in the backend. For faster rendering, the checks should be disabled (with a filter to re-enable them).

Sometimes, gravatar.com is overloaded and returns a Varnish error message, but still signals success via HTTP status code 200. We should check the actual MIME type before caching the result.

• Decide whether the version should be 2.3.0 or 3.0.0.
• Decide whether WordPress 5.2 will be required.
• Clean up README.
• Clean up CHANGELOG.

Generators and and Generated_Icons should use dependency injection as well.