/docs is viewable for everybody | ww.wp.xz.cn

Kampagnenmeister
(@kampagnenmeister)

12 years ago

Hi everyone,

I have a quite serious security issue – if you open yourdomain.com/docs all your uploaded documents are visible, even if you are logged out. I tried to change the template/docs/index.php and loop with <?php if ( is_user_logged_in() ) {content here } } ?> but that had only the result, that the page was broken, even if you are loggin in. 🙁

Would somebody try to open /docs and see if the uploaded files are listed? Sorry, I can’t post my link to protect the project.

WordPress 3.9.1
Buddypress Version 2.0.1
Buddypress Docs Version 1.7.0

Greetings from Austria
Kampagnenmeister

https://ww.wp.xz.cn/plugins/buddypress-docs/

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author Boone Gorges
(@boonebgorges)

12 years ago

This is by design. The directory at /docs/ is public. Individual Docs will be hidden from logged-out users if they have the proper access settings.

Thread Starter Kampagnenmeister
(@kampagnenmeister)

12 years ago

Thank you for the information – I was not aware of that.

I found a solution – I simply used
<?php if ( is_user_logged_in() ) { ?>
<div id=”buddypress”>
…
</div><!– /#buddypress –>
<?php } ?>
in the docs-loops.php – and it works for me.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘/docs is viewable for everybody’ is closed to new replies.

2 replies
2 participants
Last reply from: Kampagnenmeister
Last activity: 12 years ago
Status: not resolved