Bug #2748
closedMetaCatServlet.handleUploadAction() can cause data file deletion in the data store
0%
Description
During the upload of data documents to Metacat 1.6.x, data documents that have been previously uploaded can be deleted from Metacat's file storage area when the same file is uploaded on a second attempt. In MetaCatServlet.handleUploadAction(), DocumentImpl.registerDocument() is called after the data file has been created in the filesystem. If for some reason registerDocument() throws an exception (for instance if the docid and revision is already taken), then the data file is deleted, regardless of whether or not it happened in a previous transaction.
This can be critical since an entire Metcat data store could be deleted by calling action=upload on the existing data docids residing in the catalog. The existence of the data files remains registered in the catalog tables, but the file will be physically gone from the data store.
Updated by Jing Tao almost 18 years ago
The reason we added this delete function was: we wanted to intergarte registering data file into db and saving data file into file system as atomic process - if this data file couldn't be registered into xml_document table, we wouldn't keep it in the data file system. Otherwise, this data file couldn't be accessble (data file is in file system, but no record in xml_documents table). But we didn't think about the side-effect. So we should remove this function.
Updated by Chris Jones almost 18 years ago
As a fix to http://bugzilla.ecoinformatics.org/show_bug.cgi?id=2748, I'm applying
the patch sent to me from Mike Frenock when he reported this bug.
This patch changes MetaCatServlet.handleUploadAction() by first setting
a boolean flag on whether the file to be uploaded exists already. If it
doesn't exist, the transaction continues, uploading and registering the
data file. In the event of an Exception during the registration, the file
will be deleted, since the file's existence is not recorded in the database.