WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 5 months ago

#36803 new defect (bug)

ms-files.php: inconsistent behaviour for upload visibility on archived sites

Reported by: antwortzeit Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.5.2
Component: Media Keywords: needs-patch
Focuses: multisite Cc:
PR Number:

Description

Hey,

i just ran into an odd issue on one of our clients Multisites. I archived the said site and – as you know – it remains accessible for network admins. The matching files however don't. I followed this down to ms-files.php::21ff.

<?php

if ( $current_blog->archived == '1' || $current_blog->spam == '1' || $current_blog->deleted == '1' ) {
        status_header( 404 );
        die( '404 &#8212; File not found.' );
}

You see that ms-files.php checks, if the blog is archived (or spam or deleted) and than throws out a 404. Shouldn't this include a check for network admin users to see the files? Or, if that's not desirable, couldn't we make this check accessible for filters?

Thanks for the good work!

Christian

Change History (3)

This ticket was mentioned in Slack in #core-multisite by flixos90. View the logs.


3 years ago

#2 @SergeyBiryukov
3 years ago

  • Component changed from General to Media
  • Keywords needs-patch added

#3 @jeremyfelt
3 years ago

  • Milestone changed from Awaiting Review to Future Release

Hi @antwortzeit, thanks for taking the time to open a ticket. We should be able to provide some more consistency here.

It looks like the safest way would be to add an is_super_admin() check rather than rely on any other capabilities. Because ms-files.php uses SHORTINIT, some of our other options are limited.

Note: See TracTickets for help on using tickets.