When an image was deleted only the database record was set to hidden - the actual files were
left where they were.
This meant that if the URLs were known (e.g. google cache / image search) then the images could still
be displayed.
This fix prefixes the image and thumbnail filenames with a '.' when images are deleted, so that the old URLs no longer work.
We could actually delete the image files, but as "deleting" only hides the database records it makes
more sense to hide the files so we can retrieve them if need be.
To test,
add an image to programmes plant
view the image url and thumb url directly
delete the image
confirm that the image is no longer available at the image and thumb url
confirm that the image actually is available if you prefix the image and thumbnail filenames with a '.'.
When an image was deleted only the database record was set to hidden - the actual files were left where they were.
This meant that if the URLs were known (e.g. google cache / image search) then the images could still be displayed.
This fix prefixes the image and thumbnail filenames with a '.' when images are deleted, so that the old URLs no longer work.
We could actually delete the image files, but as "deleting" only hides the database records it makes more sense to hide the files so we can retrieve them if need be.
To test,