Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unexpected behaviour when uploading same filename in different subsites (same folder) #462

Open
baukezwaan opened this issue Apr 20, 2021 · 3 comments
Open

Unexpected behaviour when uploading same filename in different subsites (same folder) #462

baukezwaan opened this issue Apr 20, 2021 · 3 comments
Labels
affects/v4 impact/medium type/bug

Comments

@baukezwaan
Copy link

Files on subsite specific folders will overwrite other files that already exists in the folder, when in use on another subsite.

Steps to reproduce:

  • Create two subsites: subsite A and subsite B
  • Switch to subsite A
    • In the Assets-section create an Uploads folder for subsite A (select this in Permission-dropdown)
    • Navigate to folder (observe this is ID 1)
    • Upload an image of a cat in the Uploads folder named animal.jpg
    • Publish the image
    • Go to the file system and check the image in public\assets\Uploads (probably a cat)
  • Switch to subsite B
    • In the Assets-section create an Uploads folder for subsite B (select this in Permission-dropdown)
    • Navigate to folder (observe this is ID 3 - different then subsite A folder A)
    • Upload an image of a dog in the Uploads folder named animal.jpg
    • Publish the image
    • Go to the file system and check the image in public\assets\Uploads (spoiler: a dog!)
  • Switch back to subsite A
    • see the file of the cat cannot be found

So the database and protected assets do not have a problem with images with the same name + folder. But once the are being published, the file is overwitten without warning. And information is being leaked from one subsite to another.
@michalkleiner
Copy link
Contributor

Nice find!

I guess the proper solution here would be a subsites-aware flysystem adapter of sorts, reflecting the subsite in the public file URL, or a handler that would serve the file dynamically by PHP based on the current subsite, without exposing the file directly from the filesystem itself.

@normann
Copy link

normann commented May 6, 2021

No matter what, this seems very severe, the bottom line here is the CMS should not allow users to created folders/files with the same file path across different subsites / main site, because in the file system there is only one location for such folders/files to sit on. Could anyone from the core team on this, please?
Some of our clients are currently suffering from this problem.

@micschk
Copy link
Contributor

micschk commented Sep 23, 2022

An alternative solution/fix may be to remove the Subsites extension from File altogether (depending on use-case).

# Remove subsites from File as it tends to be confusing to authors (and may produce filename collisions)
SilverStripe\Assets\File::remove_extension(SilverStripe\Subsites\Extensions\FileSubsites::class);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
affects/v4 impact/medium type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@michalkleiner @normann @baukezwaan @micschk @emteknetnz