Security issue : everyone can download post

  • Resolved gerem

    (@gerem)


    1 year, 11 months ago

    Hello,

    I am trying your plugin with custom post.

    I see that, if i have the post ID, i can download every post of my website, even if the the public access of the post if forbidden :

    example :

    Link : https://localhost/office/cabinert-admin-2?action=genpdf&id=84

    office is a custom post.

    Public access is to FALSE

    I think that your plugin has to forbidden the access if the custom post cannot be see for everybody.

    What do you think ?

    And other suggestion : Can you provide hook juste before the download pdf ?

    Because with this hook, we can manage security : only authorize download for the author for example.

Viewing 1 replies (of 1 total)
  • Plugin Author WP Swings

    (@wpswings)

    Hello,

    Thanks for using our plugin,

    Currently our plugins working is only to generate a PDF of any post.

    But thanks for the suggestion we will surely look into it.

    Best Regards,

Viewing 1 replies (of 1 total)
  • The topic ‘Security issue : everyone can download post’ is closed to new replies.