[wp-trac] [WordPress Trac] #5272: WordPress allows anonymous user to see slug for private post by guessing post number
WordPress Trac
noreply at wordpress.org
Tue Feb 2 00:38:55 UTC 2021
#5272: WordPress allows anonymous user to see slug for private post by guessing
post number
-------------------------------------------------+-------------------------
Reporter: tzafrir | Owner:
| SergeyBiryukov
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 5.7
Component: Security | Version: 2.3.1
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests needs-dev- | Focuses:
note |
-------------------------------------------------+-------------------------
Changes (by peterwilsoncc):
* status: reopened => closed
* resolution: => fixed
Comment:
In [changeset:"50132" 50132]:
{{{
#!CommitTicketReference repository="" revision="50132"
Canonical: Prevent ID enumeration of private post slugs.
Add check to `redirect_canonical()` to ensure private posts only redirect
for logged in users.
Modifies the `read_post` mata capability to user `get_post_status()`
rather than the post's `post_status` property to allow attachments to
redirect based on the inherited post status.
Introduces `wp_force_ugly_post_permalink()` to unify the check to
determine if an ugly link should be displayed in each of the functions
used for determining permalinks: `get_permalink()`,
`get_post_permalink()`, `_get_page_link()` and `get_attachment_link()`.
Improves logic of `get_attachment_link()` to validate parent post and
resolution of inherited post status. This is an incomplete fix of #52373
to prevent the function returning links resulting in a file not found
error. Required to unblock this ticket.
Props peterwilsoncc, TimothyBlynJacobs.
See #52373.
Fixes #5272.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/5272#comment:30>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list