Delete contact image does not remove the file
Summary: Contact images are not deleted from the server when they are 'deleted' through the front end.
Steps to recreate:
- Edit a contact and upload a contact image, save
- Look in the site directory for contact images - the file is there
- Edit the contact and choose 'Delete contact image'
- Refresh the directory, the file is still there (and still accessible over the web - even to anonymous users)
Technical: The function that deletes the contact image only removes the database reference: https://github.com/civicrm/civicrm-core/blob/7432a41c4cccb22ab035aea2c5ed4780617f3676/CRM/Contact/BAO/Contact.php#L1066-L1077
What should happen: Recognisable portraits are special personal information according to GDPR legislation. Deleting a portrait, whether at a user's request or to remove it, or if it's done by a user through a profile, should also remove that file from the server.
How to make it happen: Make the deleteContactImage function also remove the file from the server.
How to make it happen retrospectively: It would be feasible to create an extension(?) that would scrape through the user image directory and delete all files that aren't referenced in in the image_url of the civicrm_contact table, or the civicrm_file table? This has previously been suggested in this StackExchange response: https://civicrm.stackexchange.com/a/24206/124