Skip to content

Uploaded files should be stored in a temporary folder until the comment/issue/mr containing it is saved

Summary

We came to a pretty weird case today with an user starting creating an issue on a repository group-a/project1 : he wrote things, uploaded files, and were ready to create the issue but he realised he was not on the right project, so he copy/pasted all the description (including the links to the already uploaded files links) on a new issue within repository group-b/another-project and saved the issue on group-b/another-project.

From there, the links to the uploaded files on the group-b/another-project were here, written in the issue, but clicking on it answered with a 404. A quick find on the server helped me find the files, but instead of laying in /var/opt/gitlab/gitlab-rails/uploads/group-b/another-project/securityHash/fileName.ext, they were in /var/opt/gitlab/gitlab-rails/uploads/group-a/project1/securityHash/fileName.ext.

Moving the relevant securityHash folders to the appropriate group-b/another-project did the job : the user can now download its files from its group-b/another-project issue. Bug is no more for me, but I have a shell on the server 😉, and this behavior may not happen to anybody else. Without the shell access it costs copy/pasting links within the original repository (in case you remember the one it was), saving the comment/issue/mr, downloading your files, and uploading them back to the appropriate repository.

Steps to reproduce

  1. begin creating a new issue on a GitLab project-a, write words and upload files in its description, but DO NOT save the issue
  2. fake/mimic yourself realizing you are on the wrong repository (you missed it, C'est la vie)
  3. copy the content of the description (with the uploads/ links) and cancel issue creation
  4. paste it in a new issue but on another GitLab project-b, and save this issue
  5. on this last issue, once saved, GitLab answers the uploaded files links with a 404, and your files are in /var/opt/gitlab/gitlab-rails/uploads/you/project-a/hash/fileName.ext

Expected behavior

Ideally, I mean "in a perfect world":

  1. all uploaded files would go to a temporary folder within uploads configured folder, let's say /var/opt/gitlab/gitlab-rails/uploads/.temp/ (if we are absolutely sure that no namespace can be named .temp)
  2. uploaded files would be moved from .../uploads/.temp/hash/fileName.ext to .../uploads/namespace/project/hash/fileName.ext not before the comment/mr/issue is saved
  3. (icing on the cake) we would include a configurable housekeeper that clean unused uploaded files laying in .temp folder every X hours / days / weeks / months

Actual behavior

  1. uploaded files are automatically saved on the .../uploads/namespace/project/hash/fileName.ext of the namespace/project we are currently browsing in GitLab
  2. this avoid copy/pasting unsaved uploads references
  3. and more importantly this may lead to useless hard disk space being occupied by files which are basically not available to download anywhere! (user abandonned issue/comment/mr)

A hundred bucks on me 💵 🎰 😂 :

  • if there is no existing housekeeper for this cleaning task already (I could for sure be unaware of)
  • and a cross-check between comments database and effective files stored reveal much more than some Mb uselessly attributed!!

Output of checks and logs seems to be irrelevant here, but for sure I can provide all the stuff if I'm wrong and you ask me to 👍