• Resolved katiedraper24

    (@katiedraper24)


    Originally we were having the issue of Documents just showing the broken url in the Filr Library – Which was claimed to be fixed in the last update.

    Now, only the Administrators can view them. No other user role can access these documents. They don’t show at all in the Filr library.

    Is this also a bug?

Viewing 6 replies - 1 through 6 (of 6 total)
  • miguelrode

    (@miguelrode)

    I’m also seeing the libraries coming up empty in production. However when I’m editing the pages and preview them, the documents are there. This is in two different websites.

    Any idea what could be going on?

    miguelrode

    (@miguelrode)

    Tagging @patrickposner for his input. Thanks.

    vanelop42

    (@vanelop42)

    Having the same issues here with libraries appearing empty to all users except admins when they should be public! Any updates?

    Plugin Author patrickposner

    (@patrickposner)

    @katiedraper24 @vanelop42 @miguelrode

    thanks for posting and mentioning me directly!

    I just released version 1.2.4 now and removed the newly introduced capability check for now.

    However, it seems that the security researcher didn’t kept in mind that there are several cases where access of a certain user role lower than admin is required – we have to work on a different solution for this in a future update.

    Thanks for your patience!

    miguelrode

    (@miguelrode)

    Thanks, Patrick, for responding so quickly. It looks like it’s working well now. What is the scenario you’re trying to address? Not sure I understand the logic of making files only accessible to admins.

    Plugin Author patrickposner

    (@patrickposner)

    @miguelrode Honestly, I wouldn’t have introduced this limitation in the first place ??

    This was part of a security concern raised by a researcher from PatchStack.

    The problem is that anyone with admin access to the website can upload files (which is precisely what we want in this case). Still, I understand the general recommendation that restricting it to something like manage_options (administrators) might make sense for most plugins.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Documents not showing in Filr’ is closed to new replies.