That's a bug ,right ? when requesting an private id , It Should not Disclosure anything about private album .
that's what private define for . Just Response status code "404" ,never let others know the private album exist.
about the response code that's not that easy since each type of user users (legitimate ones, administrators, webmaster, uploaders and the ones who really shouldn't get the content) have reasons to know that an album they are trying to reach is forbidden. We could add a local config to change to a 404 but I think a gallery willing to have such a level a privacy would just make a custom plugin to tweak that and numerous other details.
However, what is wrong -and is the goal of the current ticket- is disclosing the permalink which contains an info about the potential content.
see #721
The text was updated successfully, but these errors were encountered: