WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 3 weeks ago

#17255 new defect (bug)

More statuses (like draft and/or private) for media files

Reported by: jane Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 3.1
Component: Media Keywords: needs-patch
Focuses: Cc:

Description

It's weird that media files don't carry any concept of pub status. If someone wants to upload files (either attached to a post or directly into the library), they should be able to keep them hidden via 'draft' status just like any other content. The fact that people can link to things that haven't been explicitly published is bizarre.

Media files should have a pub status. If uploaded as post attachment, should inherit publish on post publish. Would then need a workflow for if a post becomes unpublished containing media, as it then lives in library for use by other content, so would need to ask if user wants to unpub media files as well. This would be a big shift, so would make most sense as part of a media redux with a long notice period for plugin and theme authors.

Change History (16)

comment:1 @scribu4 years ago

This is the reason why media doesn't have a "Trash" option either.

comment:2 @greuben4 years ago

  • Keywords 2nd-opinion added

Media files are stored on file system not in database. Having pub status like 'Draft', 'Trash' etc. doesn't make sense as they are still accessible via direct link.

comment:3 @nacin4 years ago

Originally posted in #17254 -- (in turn, these aren't entirely new ideas; they came up during 2.9 development)

We could create a random hash, store the hash in postmeta, and use the hash in the filename. Then on publish we can remove the hash from the filename. Works for draft and trash.

It's certainly not foolproof, but it's an idea.

We could also put them into their own uploads directory (in addition to the hash), that way the entire directory can be locked down in htaccess too.

comment:4 @aaroncampbell4 years ago

  • Cc aaroncampbell added

comment:5 @johnbillion4 years ago

You could prevent a contributor from using draft media anywhere else by rewriting the URLs and requiring that users be logged in to view the file.

For example:

example.com/draft-media/my-uploaded-file.png is actually a rewritten URL that points to a handler script (eg example.com/wp-admin/draft-media-handler.php?file=my-uploaded-file.png) that checks if the user has the correct capabilities to view the file. It serves the file if they have, and serves a 403 if not.

This way the actual file URL is never exposed (draft media could be stored in a hashed directory as nacin suggests) and sharing the draft media URL has limited consequences (only logged in users can see it).

The same system could be used to give media items a private status.

comment:6 @aaroncampbell4 years ago

That's a pretty common solution, but the overhead is pretty severe. Instead of loading an image from the file system when it's requested we load all of WordPress and use it to pass through the image. On a page with 20 images you're loading WordPress 21 times.

comment:7 @scribu4 years ago

I like nacin's suggestion better: put only non-published files in a locked down (and hard to guess) directory and then move them to wp-content/uploads when published.

Although it would yield better performance, it would also be a little more complicated, since direct links to those files (in the post content, for example) would also have to be updated.

comment:8 @pento4 years ago

  • Cc gary@… added

Would something like johnbillion's suggestion be possible, with a lightweight auth lib, instead of all of WordPress?

The primary thing that an admin would want to restrict by is user privileges, so it could just load and check them. To avoid many database hits, the first time could set a cookie with the user privileges (encrypt using AUTH_KEY or something similar, to make sure it can't be faked).

comment:9 @mindctrl3 years ago

  • Cc mindctrl added

comment:10 @lkraav18 months ago

  • Cc leho@… added

comment:11 @brasofilo18 months ago

  • Cc brasofilo@… added

comment:12 @ericlewis10 months ago

My mental model of media in WordPress is similar to uploading to a Dropbox public folder, or an FTP server, or my local filesystem. Either media exists or it doesn't.

I don't see much to gain here, while creating a need for overly decorated UI that most users wouldn't need. What are the good use cases for this?

comment:13 @rezon8dev3 months ago

Use Case: content is posted for review and what is posted is really bad, so the client says if we post that image in this article, we will get sued. But because the way media is handled even though the post was published privately and never made public the media is still there and can be accessed and may have been cached if it was a pdf version of the actual post. I think the concept of value here is published privately and the use case is workflow. This is a fairly important item in my world of 50+ sites being managed. I like the idea of using the hash in the filename and a separate directory for this media to be staged in (before being published publically) and moved to in the case of unpublishing or making a content item private.

comment:14 @wonderboymusic3 weeks ago

  • Summary changed from Draft status for media files to More statuses (like draft and/or private) for media files

comment:15 @wonderboymusic3 weeks ago

  • Keywords needs-patch added; 2nd-opinion removed
  • Milestone changed from Awaiting Review to Future Release

comment:16 @wonderboymusic3 weeks ago

#28796 was marked as a duplicate.

Note: See TracTickets for help on using tickets.