Patrick Bass Area: Files, photos, gallery, ansi (audit p5) · Surface: File exchange (/files, /files/{id}/edit) · Dimension: competitor-gap · Severity: minor
Helpdesk KBs and LMS content libraries (Zendesk, Help Scout, Teachable, Thinkific) all support replacing an attachment with a new version while preserving the canonical link and stats. Here a member who uploads a buggy build or a typo'd PDF must delete and re-upload, which breaks every existing link and resets the download counter and credits accounting. A replace/version flow keeps the URL stable and the audit trail intact.
Evidence
FileModController offers editForm/editSubmit/moveForm/moveSubmit/removeForm/removeSubmit (route list) but grep for version|supersede|replace.*file|revision in FileUpload.php and FileModController.php returns nothing — there is no way to swap the stored binary for an updated one while keeping the same file id, URL, and download history.Suggested fix. Add a moderator/owner "Replace file" action that uploads a new binary against the same file_uploads row (re-running ClamAV scan + extension/MIME validation), records the prior stored_name in a file_versions table, and keeps the public id/URL and download_count. Optionally expose a version history on the detail page.
Filed by the automated tenant-app audit and adversarially evidence-verified. Status: verified. Open — not yet actioned.
Patrick Bass
@mobieus
