Revert "Merge branch 'fix-612-request-uri-too-long' into 'development'"
This reverts merge request !1262 (merged)
prepareSampleDownload method sends back a fully qualified file path of those ids. This has 2 problems:
- That temp file could possibly never be deleted. This causes could be an issue if many of them get created and never deleted as it'll slowly fill up our disk.
- The next method
downloadSamplesaccepts a fully qualified file path as an argument. This is a security issue. This is a dead easy target for someone to put whatever file they want, and could possibly result in (in the best case) downloading files that they shouldn't have access to.
I get the point that the requests are getting too long, but this has to be handled in a different way. Possibly storing IDs in the session, or even encoding those ids somehow. If the best way to handle it is the temp file, it should definitely not send the full file path. Maybe just an ID that is constrained somehow.
For now this should be reverted and re-assessed.