[wp-trac] [WordPress Trac] #36370: Attachments and Attachment pages from a password protected parent page can be see publicly
WordPress Trac
noreply at wordpress.org
Tue Mar 29 14:54:36 UTC 2016
#36370: Attachments and Attachment pages from a password protected parent page can
be see publicly
---------------------------+-----------------------------
Reporter: ticktockphoto | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.4.2
Severity: normal | Keywords:
Focuses: |
---------------------------+-----------------------------
I have a gallery setup behind a password for clients, but have noticed
that images from this wordpress gallery(created using wordpress, not a
plugin) can be seen publicly if you know the URL to an images attachment
page, which does not require a password to view the posts images.
Example: Password protected page is hxxps://www.ticktock.photo/aiden-
joseph-leto-1-month-pictures/ which asks for the password to view its
contents, while hxxps://www.ticktock.photo/aiden-joseph-leto-1-month-
pictures/dsc_3831032316/ is a child attachment page of the password
protected parent, and can be seen without a password.
Not sure if this is how wordpress is supposed to work, or a possible bug,
but in my thinking, any content from the post, including attachments
should fall under the parent pages settings and not be viewable if the
parent page is password protected.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36370>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list