diff --git a/avatar.php b/avatar.php
index 17417a470eb..f983f62f8b1 100644
--- a/avatar.php
+++ b/avatar.php
@@ -6,6 +6,11 @@
 
 require_once 'lib/base.php';
 
+if (!\OC_User::isLoggedIn()) {
+	header("HTTP/1.0 403 Forbidden");
+	\OC_Template::printErrorPage("Permission denied");
+}
+
 $mode = \OC_Avatar::getMode();
 if ($mode === "none") {
 	exit();
diff --git a/settings/templates/personal.php b/settings/templates/personal.php
index e047ff9dcc9..8d0667f9564 100644
--- a/settings/templates/personal.php
+++ b/settings/templates/personal.php
@@ -96,6 +96,7 @@ if($_['passwordChangeSupported']) {
 			<div class="inlineblock button" id="removeavatar"><?php p($l->t('Remove my image')); ?></div>
 		<?php elseif ($_['avatar'] === "gravatar"): ?>
 			<em><?php p($l->t('Your profile image is provided by gravatar, which is based on your Email.')); ?></em>
+			<div class?"inlineblock button" id="overridegravatar"><?php p($l->t('Use my local avatar instead')); ?></div>
 		<?php else: ?>
 			<em><?php p($l->t('Your profile image is provided by a custom service, ask your administrator, on how to change your image.')); ?></em>
 		<?php endif; ?>