How to block access to Files via Querystring ?attachment_id=123

  • Hi, I have been trying to set up a blog for my research that is to be used by a number of people (I have User Access Management set up on it to control access). The material includes audio from interviews, which I am playing back in posts, using Audio Player with the URL encoded. However, any smart undergrad wanting to try download the file can still type in ?attachment_id=xyz and keep going till they find the audio files. Note that due to the UAM, only people who are logged in can do this, but even still, they shouldn’t be allowed to. I got so far as finding the function “get_attached_file” in the includes/post.php file and I put an echo line in the top of that function saying “dont download”, or equiv, which appears above the link to the audio file, however I cannot figure out how to remove the audio file link from this page.
    Note that you cant access the files directly any other way, that I have found, and I would like to be able to remove the line to the link.

    I tried rewrite rules in the .htaccess file for the uploads, to avoid that kind of URL, but due to limitations I am on an IIS server and that didnt work.

    Any ideas what line of code generates the URL when one enters ?attachment_id=XYZ in the QS? I’m not a PHP ninja, so am having trouble finding it, or knowing if it is possible.

    Thanks

    Liz

Viewing 1 replies (of 1 total)
  • Thread Starter mad_valentine

    (@mad_valentine)

    Lol, just realised that my message that I inserted also affects the display of media in site_admin, so that is no good! Have removed and put post.php back to normal.

Viewing 1 replies (of 1 total)
  • The topic ‘How to block access to Files via Querystring ?attachment_id=123’ is closed to new replies.