Files uploaded as `ImageField` items may overwrite each other
Currently files being uploaded into an ImageField
element (e.g. logo
or avatar
for a Gestalt
) are not checked for unique filenames. They are simply uploaded with their given filename.
This creates several problems:
- Multiple files with the same name can be uploaded. They overwrite each other (e.g.
logo.png
). - Since the storage for
ImageField
items is shared with the new generic file upload storage, it is possible to overwrite a specific existing files (on purpose) simply by uploading a file with exactly the wanted target filename (sixteen characters, ...).
Thus we should probably implement one of the following approaches:
- A) migrate the
ImageField
items to the new file storage infrastructure - B) move the avatar and logo files (and all other uses of the
ImageField
) to separate subdirectories below the media directory (e.g.media/avatar/
).- This would at least solve the issue of overwriting files in the generic file storage. But it would still be possible to overwrite the logo/avatar images of other people or groups due to filename clashes.
(B) is probably out of question, since the problems are only partially fixed. (A) is probably the way to go.