Filelink for ownCloud may leak files to wrong people

Hi,

files can end up with the wrong person in the following example situation:

• User X sends a file work/photo.jpg to user A by mail.
• (This stores photo.jpg in the Mail-attachments folder and gives A a link to access that file.)
• User X sends a different file personal/photo.jpg to user B by mail.
• (This overrides photo.jpg in the Mail-attachments folder and gives B a link to access that file. The link is the same one as before.)
• User A opens their email and clicks on the link.
• (This opens the file photo.jpg in the Mail-attachments folder. But this is the file personal/photo.jpg that was intended for B, not work/photo.jpg.)

Solution (probably): never overwrite files in the Mail-attachment folder (if needed, pick a new file name).

Best wishes, Dominique.