[wp-trac] [WordPress Trac] #59866: Attachment pages are only disabled for users that are logged in
WordPress Trac
noreply at wordpress.org
Thu Nov 9 13:36:32 UTC 2023
#59866: Attachment pages are only disabled for users that are logged in
-------------------------------------+---------------------
Reporter: joppuyo | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.4.2
Component: Media | Version: 6.4
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+---------------------
Comment (by joppuyo):
I tested @afercia :s patch by applying it to WordPress 6.4 and it actually
makes things worse. This is with `wp_attachment_pages_enabled` set to `0`
1. Upload image `foo.jpeg` to the media gallery
2. Visit `https://example.com/foo` as a logged-in user
3. Attachment page is displayed
1. Upload image `foo.jpeg` to the media gallery
2. Visit `https://example.com/foo` as a logged-out user
3. Attachment page is displayed
1. Create page called `Bar`
2. Upload image `foo.jpeg` to the media gallery
2. Visit `https://example.com/bar/foo/` as a logged-out user
3. Attachment page is displayed
1. Create page called `Bar`
2. Upload image `foo.jpeg` to the media gallery
2. Visit `https://example.com/bar/foo/` as a logged-in user
3. You are redirected to the media file
I don't think the issue is that the capability check is performed against
the attachment or the page. The issue is the capability check itself.
Because anonymous users do not have any capabilities they are never
redirected. The capability check should be removed for non-private posts
so that the functionality works for users that are not logged in.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59866#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list