Forums

WordPress › Support » Multisite

Controlling access to blogs.dir (5 posts)

  1. frisco
    Member
    Posted 9 months ago #

    I am working with a plugin that stores certain site-specific files like uploads, user images, etc in /blogs.dir/3/files/some-folder-name, where 3 is the blog ID.

    These folder locations are part of the plugin setup.

    Is there something in WP multisite that insures that a site admin for blog ID only enters that ID #? Or is that something that the plugin author has to control? Or did I mess something up in my multisite config?

    In my tests, a site admin for blog ID 3 could change the folder locations to that of 4 and using the plugin-provided features, change the files for blog ID 4, even though he's not a user of that site.

  2. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 9 months ago #

    These folder locations are part of the plugin setup.

    Then you need to lock down the plugin better. Or just have it go to the local /files/some-folder-name path, and let WP parse it for you.

  3. Andrea_r
    team pirate
    Posted 9 months ago #

    The plugin shuld just be grabbing the default folder - in this cause it;d be the same folder, but I can't see a good reason as to why they'd make it editable in the backend.

  4. frisco
    Member
    Posted 9 months ago #

    @Ipstenu, if I understand your response correctly, if I am an admin on blog ID 3, and my path is ../files/some-folder-name, WP will put the files in /blogs.dir/3/files/some-folder-name ?

    @Andrea, it is grabbing the default folder for code, and you're probably right that there really isn't a good reason to edit folder locations for things like uploaded files. I'll pass that along to the plugin developer.

    Both, thanks for the ultra-speedy responses.

  5. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 9 months ago #

    if I am an admin on blog ID 3, and my path is ../files/some-folder-name, WP will put the files in /blogs.dir/3/files/some-folder-name ?

    That's how it works in the media folder :) Look at your images on site.com/subsite/ :) You'll see them linked to /files/2011/08/image.jpg - The .htaccess is what parses them.

    I don't know if that would work with images NOT in the media tool, mind, but it's something to test, certainly. I think it should, based on how some BuddyPress plugins worked.

Reply

You must log in to post.

About this Topic

Tags

No tags yet.