[wp-trac] [WordPress Trac] #13425: Image Gallery of Private Post is publicly displayed

Thu Mar 27 04:38:40 UTC 2014

#13425: Image Gallery of Private Post is publicly displayed
--------------------------+-----------------------------
 Reporter:  hakre         |       Owner:
     Type:  defect (bug)  |      Status:  reopened
 Priority:  normal        |   Milestone:  Future Release
Component:  Gallery       |     Version:  3.0
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |     Focuses:
--------------------------+-----------------------------
Changes (by nacin):

 * milestone:  3.9 => Future Release

Comment:

 This goes all the way back to wp_edit_attachments_query(). Images attached
 to private posts are not explicitly private. A side effect of opening up
 galleries in 3.5 meant these could also be used in galleries. But it's
 been around like this for a long time.

 It probably makes sense to block "id" but that really doesn't help much.
 The disclosure of info here is well-established.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/13425#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform