Vulnerability in EPiServer.Forms
I have deleted assets (an image )to trash, it goes awayh from assest tab under "For this Block" tab, the file exists in the folder though.
Are you able to see that media item in trash view?
Because, I deleted a media item from Media folder that is not showing in Trash, strange :)
@Praful No, I cannot see the deleted item in trash.
I have noticed this is happening in AlloySite only. I need to dig more into it to figure out what is actually causing this. Deleting any item (page and Media) not moving it into Trash.
But I want to make sure that it is working fine in Empty Episerver site.
Have you tried the "Remove Unrelated Content Assets" and " Remove Abandoned BLOBs" schedule jobs to clear the image from folder? Please try these schedule jobs and let me know if its works.
Hi guys and girls,
Most likely your "issue" is caused because you have not set correct access rights to the trash.
By default with the Alloy sample site the required access rights are set for the 'Administrators' group but when you create the site and the initial user, that user is member of 'WebAdmins' and not 'Administrators' group. So that is the reason why you don't see anything in the trash.
Go to admin view and change the access right for the 'WebAdmins' group, Read, Create, Change, Delete, Publish, Administer for the 'Recycle Bin' node and check the checkbox 'Apply settings for all subitems'. Voila, you can now see the content in the Recycle bin. Please note, that in real solutions you should not give that access right to the WebAdmins group, it should be only used to grant access to the admin view! For example you should have editors group and you could give the rights to that group or you could have 'EmptyTrash' group so only users in that group can permanently delete content.
Default Alloy access rights:
Changed access rights (for demo purposes):
So that's the place to set it up. I was in wrong direction, searching for some config settings. :D
I couldn't guess that, because I was able to access the Recycle Bin. I thought it should not even accessible if permission not given.
As you can see in the default access rights screen shot there is the 'Everyone' group with read access - so one can "access" the recycle bin but the read access is not inherited for children, so thats why you can't see the actual content in this case.
Oh, yeah you are right. That totally make sense to me now.
I set the access right for all the groups to Recycle bin and also tried with scheduled jobs "Remove Abandoned BLOBs" and "Remove Unrelated Content Assets". But it did not work. My blob folder is shared path and I have also set read/write access to all users for that folder.
As suggested by Antti, are you able to see the assets (after performing the steps) in Trash now? If yes then clear your Trash ans run the schedule Job "Remove Abandoned BLOBs".
This will remove the asset from the folder.