Project

General

Profile

Bug #3666

Plugin request: media-vault

Added by Bess Rowen over 4 years ago. Updated over 4 years ago.

Status:
Rejected
Priority name:
Normal
Assignee:
Category name:
WordPress Plugins
Target version:
-
Start date:
2014-11-18
Due date:
% Done:

0%

Estimated time:

Description

I have a question about the Commons from the Doctoral Theatre Student's Association. We're trying to work on that website where we could share pdfs and teaching materials. After looking at the security problems that you alerted us to, Jared Pike found the following plugin that apparently corrects this flaw. He was wondering if we could have access to it? We don't currently, but here is the link: https://wordpress.org/plugins/media-vault/. What would be the next step here if we wanted to put this on our Commons site?

History

#1 Updated by Matt Gold over 4 years ago

  • Category name set to WordPress Themes
  • Status changed from New to Assigned
  • Assignee set to Boone Gorges

Thanks for reporting, Bess! We'll look into this and get back to you soon.

#2 Updated by Boone Gorges over 4 years ago

  • Subject changed from Security Issue Fix? to Plugin request: media-vault
  • Category name changed from WordPress Themes to WordPress Plugins
  • Status changed from Assigned to Reporter Feedback

Thanks for the message, Bess. I'm changing the subject line to clarify the purpose of the ticket somewhat - the privacy of uploaded files is not, strictly speaking, a security issue.

Related issues: #2695, #2697.

I've had a look at how media-vault works, and I don't feel totally confident about it. It makes on-the-fly modifications to our main .htaccess file, which is risky because it controls access to our site in a number of ways, and is not very good practice because that file is not currently writeable by the webserver. (Non-technical description: I'm not confident that media-vault will work with the Commons setup.)

Bess, have you looked at the plugin WP Document Revisions, already installed on the Commons? If your goal is to upload files that will only be available to a certain subset of logged-in users, I think it will probably suit your needs. Could I ask you to activate it on your site and test it, please?

#3 Updated by Boone Gorges over 4 years ago

  • Status changed from Reporter Feedback to Rejected

Going to close this one due to lack of activity, and on the assumption that the WP Document Revisions plugin will do the trick. Bess, if you continue to have issues or questions, don't hesitate to leave a note here or in a new ticket.

Also available in: Atom PDF