Uploading image to gallery with specific title can prevent other users from ever uploading again



Knowledge Base Software
6 years ago
2 years ago


(Reporter: tgavankar, Assigned: mgoodwin)


Firefox Tracking Flags

(Not tracked)


(Whiteboard: [site:support.mozilla.org])



6 years ago
If you go to gallery and upload an image and title it "Draft for user tgavankar" where you change tgavankar to any nickname, the ajax upload no longer works for the gallery page for the user who's username you put there (until that uploaded/saved image is deleted). The upload causes a MySQL error: IntegrityError: (1062, "Duplicate entry 'en-US-Draft for user tgavankar' for key 'gallery_image_locale_title'").

This can also happen by accident and affect a single user because if the user leaves after selecting an image (ajax upload goes through) but never hits save on the popup dialogue, when they return to the upload box, it is autopopulated with the autosaved draft text (that causes this bug).

1. Log in as User1
2. Go to en-US/gallery
3. Click upload new media link.
4. Add some image and set the title to "Draft for user User2", description to "Autosaved draft"
5. Save image.
6. Log in as User2 and notice that you are unable to upload images from the gallery upload page.
The current draft system for uploaded images is... not great. It was an expedient solution to the problem at the time. I think it's worth investing in fixing it properly.
Group: core-security → websites-security
Whiteboard: [site:support.mozilla.org]
Can we verify that this still happens?
Assignee: nobody → mgoodwin

Comment 3

5 years ago
(In reply to James Socol [:jsocol, :james] from comment #2)
> Can we verify that this still happens?

Apparently this is now fixed.
Last Resolved: 5 years ago
Resolution: --- → FIXED
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in before you can comment on or make changes to this bug.