ms-files.php: inconsistent behaviour for upload visibility on archived sites

[antwortzeit]

Hey,

i just ran into an odd issue on one of our clients Multisites. I archived the said site and – as you know – it remains accessible for network admins. The matching files however don't. I followed this down to ms-files.php::21ff.

<?php

if ( $current_blog->archived == '1' || $current_blog->spam == '1' || $current_blog->deleted == '1' ) {
        status_header( 404 );
        die( '404 &#8212; File not found.' );
}

You see that ms-files.php checks, if the blog is archived (or spam or deleted) and than throws out a 404. Shouldn't this include a check for network admin users to see the files? Or, if that's not desirable, couldn't we make this check accessible for filters?

Thanks for the good work!

Christian

[jeremyfelt]

Hi @antwortzeit, thanks for taking the time to open a ticket. We should be able to provide some more consistency here.

It looks like the safest way would be to add an is_super_admin() check rather than rely on any other capabilities. Because ms-files.php uses SHORTINIT, some of our other options are limited.