Changeset 57310 for trunk/src/wp-includes/canonical.php

Timestamp:

01/19/2024 12:42:48 AM (14 months ago)

Author:

peterwilsoncc

Message:

Media: Redirect inactive attachement pages for logged-out users.

Ensure logged out users are redirected to the media file when attachment pages are inactive. This removes the read_post capability check from the canonical redirects as anonymous users lack the permission.

Follow-up to [56657], [56658], [56711].

Props afercia, aristath, chesio, joppuyo, jorbin, lakshmananphp, poena, sergeybiryukov.
Fixes #59866.
See #57913.

File:

• trunk/src/wp-includes/canonical.php (modified) (1 diff)

trunk/src/wp-includes/canonical.php

@@ -551 +551 @@
 
     if ( is_attachment() && ! get_option( 'wp_attachment_pages_enabled' ) ) {
-        $attachment_id = get_query_var( 'attachment_id' );
-
-        if ( current_user_can( 'read_post', $attachment_id ) ) {
-            $redirect_url = wp_get_attachment_url( $attachment_id );
-
-            $is_attachment_redirect = true;
-        }
+        $attachment_id        = get_query_var( 'attachment_id' );
+        $attachment_post      = get_post( $attachment_id );
+        $attachment_parent_id = $attachment_post ? $attachment_post->post_parent : 0;
+
+        /*
+         * If an attachment is attached to a post, it inherits the parent post's status. Fetch the
+         * parent post to check its status later.
+         */
+        if ( $attachment_parent_id ) {
+            $redirect_obj = get_post( $attachment_parent_id );
+        }
+        $redirect_url = wp_get_attachment_url( $attachment_id );
+
+        $is_attachment_redirect = true;
     }