[wp-trac] [WordPress Trac] #5272: WordPress allows anonymous user to see slug for private post by guessing post number
WordPress Trac
noreply at wordpress.org
Tue Nov 17 03:27:23 UTC 2020
#5272: WordPress allows anonymous user to see slug for private post by guessing
post number
-------------------------------------------------+-------------------------
Reporter: tzafrir | Owner:
| SergeyBiryukov
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 5.6
Component: Security | Version: 2.3.1
Severity: normal | Resolution: fixed
Keywords: has-patch needs-testing has-unit- | Focuses:
tests |
-------------------------------------------------+-------------------------
Comment (by peterwilsoncc):
In [changeset:"49622" 49622]:
{{{
#!CommitTicketReference repository="" revision="49622"
Permalinks: Prevent attachment pages 404ing following [49563].
This largely reverts [49563] due to attachment pages returning 404: File
not found errors when they use the `inherit` status.
Permalink changes to attachment pages are retained when they are
descendants of trashed or deleted posts.
Props Toro_Unit, helen, johnbillion, peterwilsoncc.
Fixes #51776.
See #5272.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/5272#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list