Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse""

This reverts commit 20780a1eeed56b321daf18ee6bbfe681a51d1bf4.

* SECURITY: re-adds accidentally reverted commit:
  03d26cd6: ensure embed_url contains valid http(s) uri
* when the merge commit e62a85cf was reverted, git chose the 2660c2e2 parent to land on
  instead of the 03d26cd6 parent (which contains security fixes)

app/models/user_avatar.rb

@@ -5,6 +5,14 @@ class UserAvatar < ActiveRecord::Base
   belongs_to :gravatar_upload, class_name: 'Upload'
   belongs_to :custom_upload, class_name: 'Upload'
 
+  @@custom_user_gravatar_email_hash = {
+    Discourse::SYSTEM_USER_ID => User.email_hash("info@discourse.org")
+  }
+
+  def self.register_custom_user_gravatar_email_hash(user_id, email)
+    @@custom_user_gravatar_email_hash[user_id] = User.email_hash(email)
+  end
+
   def contains_upload?(id)
     gravatar_upload_id == id || custom_upload_id == id
   end
@@ -12,14 +20,14 @@ class UserAvatar < ActiveRecord::Base
   def update_gravatar!
     DistributedMutex.synchronize("update_gravatar_#{user_id}") do
       begin
-        self.update!(last_gravatar_download_attempt: Time.now)
+        self.update!(last_gravatar_download_attempt: Time.zone.now)
 
         max = Discourse.avatar_sizes.max
 
         # The user could be deleted before this executes
         return if user.blank? || user.primary_email.blank?
 
-        email_hash = user_id == Discourse::SYSTEM_USER_ID ? User.email_hash("info@discourse.org") : user.email_hash
+        email_hash = @@custom_user_gravatar_email_hash[user_id] || user.email_hash
         gravatar_url = "https://#{SiteSetting.gravatar_base_url}/avatar/#{email_hash}.png?s=#{max}&d=404&reset_cache=#{SecureRandom.urlsafe_base64(5)}"
 
         # follow redirects in case gravatar change rules on us