When a user is destroyed, there is no check for and deletion of previously uploaded content. If this data is indexed by the user ID, a vulnerability could be introduced if the stored content is referenced or the content could orphaned resulting in uncollectible garbage.
When a user is destroyed, there is no check for and deletion of previously uploaded content. If this data is indexed by the user ID, a vulnerability could be introduced if the stored content is referenced or the content could orphaned resulting in uncollectible garbage.