Added a check for the existence of a file when uploading it #15232
Conversation
|
It was only after I submitted the PR that I noticed that this had already been fixed but not merged - 6b4cf38 ¯_(ツ)_/¯ |
|
The code of @webinmd checks the renaming of files too. Thats better. But the name of the new method is somehow strange. |
|
@Jako I redid the PR, check when you have time. |
|
Would it make sense to have a system (or media source) setting to allow the original overwrite behavior? I personally use the overwrite method quite a bit to replace files, so this would add an extra step. |
|
I added a check for the file because the same check already exists when renaming the file or category. And it is strange that it was not there when the file was uploaded. Replacing a file without alerting - the behavior is not normal. |
|
There were other suggestions for fileloader behavior - #14566 |
|
I guess this is an improvement over silently overwriting. Would be ideal to later add a checkbox or setting to allow the previous behavior, but I can see how it could be perceived as a bug (instead of a feature, hah). |
| * @param string $objectName The object name displayed in the error message | ||
| * @return bool | ||
| */ | ||
| public function checkObjectExist($objectPath, $objectName) { |
There was a problem hiding this comment.
If I see a method like this I expect it to return true if the object already exists.
There was a problem hiding this comment.
I agree with Joshua, this should definitely return true if the object exists.
There was a problem hiding this comment.
I don't see the issue: It returns true, if the file or the path exists.
There was a problem hiding this comment.
That's because @Ruslan-Aleev force-pushed his changes after my comment 😋
| * @param string $objectName The object name displayed in the error message | ||
| * @return bool | ||
| */ | ||
| public function checkObjectExist($objectPath, $objectName) { |
There was a problem hiding this comment.
I agree with Joshua, this should definitely return true if the object exists.
| return false; | ||
| } | ||
| $this->addError('name',sprintf($this->xpdo->lexicon('file_err_ae'),$newName)); | ||
| if (!$this->checkObjectExist($newPath,$newName)) { |
There was a problem hiding this comment.
After the you adjust the checkObjectExist to return true if the object exists, this will need to change as well - removing the !.
| @@ -875,6 +888,10 @@ public function uploadObjectsToContainer($container,array $objects = array()) { | |||
| $newPath = $this->fileHandler->sanitizePath($file['name']); | |||
| $newPath = $directory->getPath().$newPath; | |||
|
|
|||
| if (!$this->checkObjectExist($newPath,$file['name'])) { | |||
|
@JoshuaLuckers @theboxer I redid PR, please check. |
theboxer
added
pr/ready-for-merging
opengeek
removed
the
pr/ready-for-merging
There was a problem hiding this comment.
I'm concerned that this is an incomplete solution to the problem since it only resolves the bug if working with one of many potential media source implementations. But in order to resolve it appropriately, we would need to add this new method to the interface and expect all implementations to be updated to implement this method. Then we would find ourselves with a change that breaks backwards compatibility. I think this needs to be discussed and considered.
|
To clarify, I have two concerns here. One is that if this is just changing the behavior of a single media source, the extracted method here should not be public in scope. The second is regarding the consistency of behavior across all core and non-core media sources. If the default file media source does not automatically overwrite existing files in this UX, then shouldn't this be consistent for all media sources? |
|
@opengeek All your concerns are valid, but they can't be solved with 2.x. How many different media source implementations do currently exist? The S3 media source implementation in the core is outdated and does not work anymore (at least in Europe). |
|
It improves the situation anyway, doesn't it? |
|
@opengeek I redid PR |
|
I'm not sure what's happening here. Are you changing the behavior so that overwriting existing files is impossible? If so, I don't think we should change this behavior until it can be done properly, offering an option to replace or rename files on uploading. All my clients are used to updating existing files (like PDFs) with new versions without renaming so that links to those files throughout their sites will not get broken. |
This is certainly a valid concern if there is currently no way to replace the files. |
Many (if not all) systems indicate this when uploading existing files rather than overwrite them. By the way, clients point to this too. |
|
Other options have already been discussed #14566, but many users chose the warning option, if the file exist. |
|
If we are changing behavior that existing clients are used to, then we need to account for that. #14566 was discussed for 3.x because it is a significant behavior change. In either case, IMO, this really needs to have an option to warn users before overwriting but allow them to be overwritten if they choose. |
|
I see this was pushed through anyway and incorporated into the new 2.8 update. This is disastrous for all my clients, and I will NOT be upgrading until this is corrected properly. As opengeek said, we need to have an option to overwrite if desired, not just block it entirely. |
|
A PR was merged after discussion, and points raised after that merge did not lead to anyone providing a better pull request that matches the expectation of certain users before the release. Nothing's being "pushed through" - there has simply not been a better PR for review before the release. A full revert would not make it better overall. Users that want to overwrite existing files will first need to delete them explicitly rather than that happening magically and without any form of user feedback or interaction. It's not impossible to do so. I certainly understand some of your users may be accustomed to this and would welcome additional improvements that make it an optional checkbox of sorts in the upload window. Or a system setting that toggles it, perhaps, as proposed earlier in the thread. |
Here you are substituting concepts. This PR was merged 7 days before you wrote your comment (look at the dates).
Is it really for all, and is it really a disaster? Clients will make more clicks, yes, but no more.
You decide. But this now works properly. The fact that it was possible to overwrite the file without informing the user is just incorrect behavior and it has been fixed. |
|
@Rainbowtiger How about this: if you plant some trees (let's say 100) at https://ecologi.com/modmore I'll prepare a pull request today to add a setting to disable the overwrite behavior and do what I can to get that into 2.8.1 for you. 🌴 |
|
@Mark-H if you are going to do PR, then I would leave 3 options for setting:
And the setting should also affect renaming existing files. |
|
This pull request has been mentioned on MODX Community. There might be relevant details there: https://community.modx.com/t/version-2-8-is-out-i-wont-be-upgrading/3166/2 |
I'm not sure what you mean by "substituting concepts".
Yes, it is. Most of my clients are NOT very tech-savvy, so anything creating difficulties for them is not good.
I disagree. "Properly" would be having the option to overwrite, just like all file systems do. This change is only half of a "proper" fix. No doubt, it's better for some people. My point is that it's not better for ALL people. It gets rid of one deficiency, but creates another.
Unfortunately, I'm not enough of a programmer to create pull requests. |
Great idea! 100 trees have been purchased! ([email protected]) |
A system toggle is so easy to add, I just wonder why that wasn't included for this pull request. There was plenty of feedback on other threads relating to this topic before this final request was merged. I do hope this topic continues and gets included in 3.0 with all the finished functionality. I'm not sure if there are still open issues around this slated for 3.0, or whether they were all closed because of this merge. |
I planted 100 trees! |
|
I'll get coding in about an hour or two. ;) |
…ith same name on upload + fix self-xss with payload in the file name As discussed in https://community.modx.com/t/version-2-8-is-out-easy-replacement-of-files-pdf-images-is-axed/3166 and the discussion in modxcms#15232, some people are used to being able of replacing files simply by uploading them with the same name. That behavior was removed in modxcms#15232 (v2.8.0-pl) to prefer a stricter check where users are presented with an error when a file already exists with the same name. The new setting, enabled by default, allows users to return to that old behavior and bypassing the check on upload. (The check is still in use, and valid, when renaming files. This is because the renameObject method on the media source will also fail if the target file already exists, so it makes sense to keep that there with the nice error.) Also noticed the `file_err_ae` error message used the unescaped objectname for rendering the error, which could lead to a self-xss. Tidied that up.
|
Tadaa: #15285 Thanks for all the trees, folks. Good day for the forest. |
|
You've got to tell me how you signed up to have a modmore Ecologi page. I'd love to do that as well. |
|
And now, I'm interpreting "upload a file through the tree" in a completely different way! |
|
It's a business profile: https://ecologi.com/business - only takes a few minutes to set up. The basic idea is you subscribe based on the number of employees to get a number of trees planted (and CO2 offsets) monthly based on that. Renews automatically, and honestly is pretty cheap as far as "business costs" go. It's fun to see the forest grow and read about the projects they're supporting too - definitely recommend it. They also have personal profiles which I think work mostly the same as business profiles, but are more suited for individual people. Plus, I like asking for trees as an alternative to monetary donations for.. well, things like this ;) |
|
@Mark-H Nice project and needed. Well, now you can do a good job and develop MODX! |
|
I signed up! Planted 72 more trees. |
Slightly off-topic, but my bank also plants trees for every 100 euro I spend using one of my cards. I love planting trees! 🌳 |
What does it do?
Added a check for the existence of a file when uploading it.
In the current version, if the file names match, then the file will be overwritten.
This PR fixes that:
p.s. For Amazon source, we can probably add a file existence check too, in line
https://github.com/modxcms/revolution/blob/2.x/core/model/modx/sources/mods3mediasource.class.php#L823
add
but I cannot test it as I don't use sources from Amazon.
Related issue(s)/PR(s)
#8371
#14641