WordPress.org

Ready to get started?Download WordPress

Forums

HELP!!! My drafts can be viewed (19 posts)

  1. zapata
    Member
    Posted 7 years ago #

    I used to find my ideas that I used to save as drafts land up on a few other websites. Then someone informed me that it is very easy for anyone to view my saved drafts. I tried it by logging out and entering mywebsitename.com/p?randomNumber - and the draft shows up. I have about 20 - 25 ideas that I save as draft and keep working on them until they are complete.

    Is there anyway drafts cannot be allowed to be viewed by anyone except me? Please help!

  2. Class
    Member
    Posted 7 years ago #

    I haven't tried but perhaps password protecting the drafts would work?

    Drafts shouldn't be viewable IMO, don't know if this is a bug or just an oversight from the devs.

  3. manstraw
    Member
    Posted 7 years ago #

    hmmm, yep, just tested this. kinda not good!

    this should really big considered a bug.

  4. Chris_K
    Member
    Posted 7 years ago #

    Are you logged in when testing?

    See http://trac.wordpress.org/ticket/2697 -- in particular, this response:

    If you are logged in, you can see draft posts for which you have edit privileges in this manner. Make sure aren't logged in. I can't see your drafts using those links.

  5. zapata
    Member
    Posted 7 years ago #

    I logged out and then type in the url of the draft which is fairly easy to decipher by anyone. It goes like this:

    http://www.blogsitename.com/?p=Number

    That led me to the draft that was copied by one of the websites that I had long suspected of somehow managing to steal my ideas.

    You don't have to be logged in to access the draft if you use the above URL.

  6. Chris_K
    Member
    Posted 7 years ago #

    I can't reproduce it when I've logged out on my own blog. Have a harmless draft on yours that you'd be willing to post a link to?

  7. Samuel Wood (Otto)
    Tech Ninja
    Posted 7 years ago #

    I thought this to be a bug too, but when I logged out and closed and reopened my browser, then attempted to view my drafts, I got nothing back but a 404.

    Drafts can only be viewed by users with the priveledges to do so. This is so the preview functionality works in the editor page.

    But, just post a link to a draft and see if anybody else can see it.

  8. manstraw
    Member
    Posted 7 years ago #

    I tested it by logging out, and when I viewed the post, it did not show the edit button, which the theme I'm using does when an author person is logged in. This would seem to indicate I am reading the post without being logged in.

    I'm willing to do a test draft and post the link.

    http://dmcireunion.com/courtyard/84

    Tell me the secret word.

  9. charle97
    Member
    Posted 7 years ago #

    Jaberwocky

    do i win a prize?

  10. Chris_K
    Member
    Posted 7 years ago #

    Far out!

    No why can't I replicate that I wonder? Weird. You might want to revisit that trac link I posted earlier...

  11. manstraw
    Member
    Posted 7 years ago #

    Charle97 wins an absolutely huge prize that is neither huge, nor a prize.

    yep, weird stuff. I wonder if there's a setting somewhere that affects this. or one of my plugins or something ... somehow ...

  12. zapata
    Member
    Posted 7 years ago #

    Sorry guys just logged in to check comments. Heres the draft link :

    http://desitrain.com/?p=340

  13. Chris_K
    Member
    Posted 7 years ago #

    So one of you is 2.0.2, the other is 2.0. I'm on 2.0.2 and still can't reproduce it.

    Plugins maybe? What plugins are zapata and manstraw running?

  14. zapata
    Member
    Posted 7 years ago #

    I'm on 2.0

  15. zapata
    Member
    Posted 7 years ago #

  16. Samuel Wood (Otto)
    Tech Ninja
    Posted 7 years ago #

    The Adhesive one strikes me as unusual specifically because it's messing with the post query. Try disabling it and see if the same thing happens.

    Failing that, disable the rest, one at a time, and see if the problem goes away for any given plugin.

  17. manstraw
    Member
    Posted 7 years ago #

    My plugins are as follows:

    Author Image(s) 0.9
    http://www.coffee2code.com/wp-plugins/

    Adhesive 3.2
    http://www.asymptomatic.net/wp-hacks

    Get Author Profile 0.3
    http://guff.szub.net/get-author-profile

    Photopress 0.9.2
    http://familypress.net/photopress/

    Recent Comments 1.18
    http://mtdewvirus.com/code/wordpress-plugins/

    Subscribe2 2.1.5
    http://www.skippy.net/blog/2005/02/17/subscribe2

    Theme Switcher 0.5
    http://wordpress.org/

    WordPress Database Backup 1.7
    http://www.skippy.net/blog/plugins/

    WP-ContactForm 1.4.3
    http://ryanduff.net/projects/wp-contactform/

    We have four plugins in common. I'll look first to those. I might even turn them all off, and see what happens, but I'll wait to do this when I won't have many visitors. If it was any of them, I might suspect adhesive, only because it affects the post order.

  18. manstraw
    Member
    Posted 7 years ago #

    Ah, Bingo, we have a winner. I disabled Adhesive, and I could no longer see that post.

    I'll check to see if there's an update, and try again. If the errors persists, I guess it's time to let the author know.

    Good work team!

  19. zapata
    Member
    Posted 7 years ago #

    BINGO!!!!!!!! ADHESIVE IS THE CULPRIT!!!!

    *** Bowing to the Gurus of WP ***

    Thank you thank you thank you

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.