[Plugin: Role Scoper] Problem with access attachment

  • Hi,
    i use WP 2.9 and RS 1.1.2

    Works fine, logged in users see the post, those who aren’t logged in get the “Sorry, you don’t have access”.

    What’s happening is that authorized users see the attachment fine, but if an unauthorized user gets the URL of the file, they can see it, too. Indeed, an unauthorized user can browse the entire uploads directory and see all the files from there.

    .htaccess file:

    # BEGIN Role Scoper
    RewriteEngine On

    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule ^(.*) – [E=HTTP_AUTHORIZATION:%1]

    # END Role Scoper

    Could you help me?

    https://www.ads-software.com/extend/plugins/role-scoper/

Viewing 1 replies (of 1 total)

  • The updated Role Scoper Development Snapshot contains several bug fixes related to the new file filtering mechanism. Can you give it a try and let me know if it corrects your symptoms?

    To force .htaccess regeneration for existing attachments, you will need to go to Roles > Options and disable, then re-enable File Filtering.

    By the way, the RewriteRules for file attachments are now located in wp-content/uploads (or wp-content/blogs.dir/#/files for wp-mu).

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: Role Scoper] Problem with access attachment’ is closed to new replies.