Details
-
Improvement
-
Resolution: Won't Fix
-
Major
-
None
-
15.10.5
-
None
-
Unknown
-
Description
The files (images) uploaded while editing a wiki page outside a real-time session are not saved (permanently) right away. Instead, we create temporary attachments, that are saved only when the edited wiki page is saved. These temporary attachments are stored in the user HTTP session, bound to the document reference of the edited page for which they were uploaded.
This doesn't work well with real-time editing (which is why temporary attachments are currently disabled for real-time editing) because:
- when a user uploads a file it will be saved temporary only in their user session so it won't be available to the other users participating in the real-time editing session
- the temporary attachments are stored permanently only when the page is saved by the user that uploaded them, for which we don't have any guarantee because the user that saves is chosen more or less randomly on autosave (from those that have made changes), so there is a chance that the user who uploaded the file leaves the editing session before saving, thus removing their unsaved temporary attachments
- as MichaelHamann noted, there is also a security risk here, because the user that uploaded the file should become its author so that we can properly check rights for instance when displaying that file inline in the browser
Attachments
Issue Links
- is related to
-
-
- Closed
-