Thumbnails of deleted media still show embedded in forum posts

[Sim]

Affected version

XF 1.5.24, XF2.1.9

Because media thumbnails are accessed directly from the server and don't go through any permission checking, if a thumbnail of a media item is embedded in a forum post (for example, using the "Copy URL BB code with thumbnail" code from the gallery), but then the media is subsequently deleted - the thumbnail still shows in the forum post, which may be a problem for inappropriate content - especially on a busy site where the embedded thumbnail might go unnoticed but still cause potential legal issues.

I get that serving thumbnails directly from the server without permission checking is intended for performance when viewing media lists.

My first thought would be to have the thumbnail deleted from the data directory when the media item is deleted - and then if it is undeleted, recreate the thumbnail.

This still poses a problem for moderators who have permission to view deleted media items - they will still need a thumbnail to view the deleted media in the media lists.

So as possible fix for this issue, we could do the following:

1. when a media item is deleted, rename the thumbnail to add "-deleted.jpg" on the end
   
   For example:
   https://xenforo.com/community/data/xfmg/thumbnail/3/3161-ba0335a9caa4baace8429d3fd7cf9bf3.jpg?1593950008 becomes
   https://xenforo.com/community/data/xfmg/thumbnail/3/3161-ba0335a9caa4baace8429d3fd7cf9bf3-deleted.jpg?1593950008
   
   This will solve the issue by breaking the thumbnail image embedded in the forum.
   
   
2. The media list for moderators will need to serve the "-deleted" thumnail for media items that have been deleted.
   
   
3. If the media gets undeleted, simply rename the thumbnail back