[wp-trac] [WordPress Trac] #59866: Attachment pages are only disabled for users that are logged in
WordPress Trac
noreply at wordpress.org
Thu Nov 9 15:36:15 UTC 2023
#59866: Attachment pages are only disabled for users that are logged in
-------------------------------------------------+-------------------------
Reporter: joppuyo | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.4.2
Component: Media | Version: 6.4
Severity: normal | Resolution:
Keywords: has-patch needs-testing needs-unit- | Focuses:
tests |
-------------------------------------------------+-------------------------
Comment (by chesio):
Replying to [comment:10 afercia]:
> That said, the logic in [attachment:"59866.diff"] seems wrong as a check
for `read_post` is only necessary for private posts. A new fix will need
to take into account private posts because we don't want users to see
media attached to private posts. See soem similar logic at
https://github.com/WordPress/wordpress-
develop/blob/7287ff52633264b4e16fdaed5697307d4b8ceac1/src/wp-
includes/canonical.php#L776-L796
Please, see my patch:
[https://core.trac.wordpress.org/attachment/ticket/59866/59866-cp.diff
59866-cp.diff].
> However, that's not trivial as a media attachmend can have one parent
but actually be used in other posts as well.
I think this is irrelevant here. An attachment that is also used in a
private post still has its page publicly accessible if it is **attached**
to a public post.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59866#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list