[wp-trac] [WordPress Trac] #37887: Make attachments atomic until a Customizer session is published
WordPress Trac
noreply at wordpress.org
Fri Jan 13 21:14:14 UTC 2017
#37887: Make attachments atomic until a Customizer session is published
-------------------------+-----------------------------
Reporter: fjarrett | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Future Release
Component: Customize | Version: 4.7
Severity: normal | Resolution:
Keywords: needs-patch | Focuses: administration
-------------------------+-----------------------------
Comment (by fjarrett):
Hey @azaozz, thanks for chiming in on this!
> Is there any advantage in hiding uploaded files from other trusted
users? I don't see any.
But the attachment is actually visible to ''the world'', not just trusted
logged-in users.
1. Open the Customizer and upload a new header image
2. Do not click Save & Publish - just exit the Customizer
3. Go to the Media Library and click the image to open the Attachment
Details modal
4. Click "View attachment page" - this is a public URL
Making images public to the world ''without clicking Save & Publish'' is
definitely an unexpected UX.
The current behavior of attachments added during a Customizer session make
the '''Save & Publish''' button a partial truth.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37887#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list