Critical bug: Permissions are not working properly

  • Seems that anyone can download any file if they know the file url, even if the files are marked for Registered Users only.

    Tested this on two separate sites.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Lester Chan

    (@gamerz)

    I can’t reproduce this problem.

    https://lesterchan.net/wordpress/download/23/ Is set to register users only, and I can’t download it in an incognito window.

    If the guy knows the direct file URL, it doesn’t even pass through WP, of course it can’t be blocked.

    • This reply was modified 7 years, 6 months ago by Lester Chan.

    SAME HAPPEN HERE!
    If I have the url I can access and download the file.
    Test scenario (same PC):

    Chrome session where I have my user logged in
    Here I can see all my downloads including the ones flagged as ‘Registered users only’
    Here I can access and download the items flagged for ‘Registered users only’

    Firefox session where I have NO user logged in
    Here I cannot see all my downloads flagged as ‘Registered users only’
    Here I can access and download the items flagged for ‘Registered users only’ if I type or paste files url in the orl bar

    THIS NEEDS TO BE SOLVED IMMEDIATELY!

    P.s. it would be nice to have also the possibility to have ‘VISIBLE AND DOWNLOADABLE for registered users only’. To hide files away from unregistered users

    Claudio

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Critical bug: Permissions are not working properly’ is closed to new replies.