[wp-trac] [WordPress Trac] #59866: Attachment pages are only disabled for users that are logged in
WordPress Trac
noreply at wordpress.org
Thu Jan 25 19:41:41 UTC 2024
#59866: Attachment pages are only disabled for users that are logged in
-------------------------------------------------+-------------------------
Reporter: joppuyo | Owner:
| peterwilsoncc
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 6.4.3
Component: Media | Version: 6.4
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests fixed- | Focuses:
major dev-reviewed |
-------------------------------------------------+-------------------------
Changes (by jorbin):
* status: reopened => closed
* resolution: => fixed
Comment:
In [changeset:"57358" 57358]:
{{{
#!CommitTicketReference repository="" revision="57358"
Media: Redirect inactive attachment pages for logged-out users.
Ensure logged out users are redirected to the media file when attachment
pages are inactive. This removes the read_post capability check from the
canonical redirects as anonymous users lack the permission.
This was previously committed in [57310] before being reverted in [57318].
This update includes a fix to cover instances where revealing a URL could
be considered a data leak and greatly expands the unit tests to ensure
that this is covered along with many other instances.
Follow-up to [56657], [56658], [56711], [57310], [57318].
Reviewed by joemcgill.
Merges [57357] to 6.4 branch.
Props peterwilsoncc, jorbin, afercia, aristath, chesio, joppuyo, jorbin,
lakshmananphp, poena, sergeybiryukov, swissspidy, johnbillion, mukesh27.
Fixes #59866.
See #57913.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59866#comment:45>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list