WordPress.org

Ready to get started?Download WordPress

Forums

Easy Digital Downloads
[resolved] Download 404 Errors (34 posts)

  1. hevenz
    Member
    Posted 1 year ago #

    Hey There :)

    Been using this software for awhile now and it just got an update which seems to have broken it. Everything was tested and worked fine prior and now customers get 404 errors when clicking the email links to download their purchases, any help would be appreciated. :)

    http://wordpress.org/extend/plugins/easy-digital-downloads/

  2. Can you show me an example link that is returning 404?

  3. hevenz
    Member
    Posted 1 year ago #

  4. hevenz
    Member
    Posted 1 year ago #

    oh and if you want the actual link i'd rather email it instead, i changed the site name and email name ( duh )

  5. Is WP installed in a sub directory?

  6. hevenz
    Member
    Posted 1 year ago #

    yes it is and everything worked fine until the 1.1.8

  7. Is the sub folder name included in the site URL? For example, when going to your site, do you go to mysite.com/wp-folder-name or do you go to mysite.com?

  8. hevenz
    Member
    Posted 1 year ago #

    nope the files are outside of public_html in a folder called digital_downloads so the url is /home/sitemane/digital_downloads. As stated this setup worked fine before until the latest update of edd. :)

  9. The latest update changed how download files are delivered, which is probably why you're seeing 404s.

    Any particular reason why you are placing them outside of the uploads folder?

  10. hevenz
    Member
    Posted 1 year ago #

    because of security? anyone with the name of the file itself can easily share the link with another person the absolute link not the key generated by edd. I'm curious as to why you would change that feature as it's the most secure way to deliver content without it being protected by htaccess?

  11. I don't understand what you mean. The changes that were made made the files more secure, but in order for EDD to protect them, they must be inside uploads/edd.

    Files in any other custom directory will be completely unprotected, unless you add your own security, which, depending on how you do it, could possibly cause problems with EDD serving the downloads.

  12. hevenz
    Member
    Posted 1 year ago #

    if i move the files from non public view as in outside the public_html folder and move it into my wordpress directory where your uploads folder is now located anyone can dechiper the link and share it with anyone as a direct download.

    http://www.mysite.com/mywpdirectory/wp-content/uploads/edd/filenamehere.mp4

    The ONLY other file in this directory is a generic Options -Indexes nested inside your .htaccess file, this will not prevent users from finding these files using say, a spidering program to show the files and folders.

    The way you had this set up before worked perfectly and allowed my files to be outside the pubic view ( the best form of protecting these files ) but the changes you've made have now led this method useless and using your plugin to direct digital download goods is now insecure.

    Make sense?

  13. The method in place now is much more secure than the previous method, which had zero protection.

    The Options -Index prevents bots or users from browsing the folders and locating the files. It does not, as you noted, prevent anyone from accessing the file if they know the exact URL, but the exact URL is never given out.

    If you can provide a better solution, I'm all ears.

    The current method still allows your files to be outside of the root, though I don't quite understand how that would work here because nothing outside the root is accessible via your site's URL, ever. The only way that works is if you provide the system an actual file path to the files, but EDD doesn't (and never has) allowed that.

  14. hevenz
    Member
    Posted 1 year ago #

    Ok now i'm really lost and sorry if i'm being a pain in your....

    but i was calling the files as such :

    /home/userfolder/digital_downloads/filenamehere.mp4 under File URL and it was working fantastic as i tested it several times...until the 1.18 update that is.

    now you say that it needs to be in the uploads/edd folder so i moved the file over as directly and it downloaded but the original worry has arrisen. a simple click on google chrome to show all downloads, reveals that file url which is not protected in the /uploads/edd folder, one can simply copy this url and hand it out to anyone.

    Make sense now?

    Now it seems the only way this plugin works is a http url in the FileURL line instead of an absolute path hich i had working fine before and this new method exposes the url to someone during a download that can now be easily traded.

  15. Ah, I see what you mean by the file path. Giving an absolute path was never intentionally supported (simply for ease of use), it just happened to work earlier. It definitely does not work with the current version, but it's on my todo list to update because I can definitely see that being advantageous for users (such as you) who want to place their files outside of the webroot.

    Can you walk me through the process of how you managed to reveal all the downloads? That is obviously not good if you were able to do that, and (at least in how it was intended) that should not be possible.

  16. hevenz
    Member
    Posted 1 year ago #

    It's pretty easy to do with google chrome, do a test payment as usual with the file you are selling and when you click the link in the email received, simply hit CTRL+J to open your download history in Chrome and viola, your download link(s) without the key encryption.

    Any way to revert to absolute paths as you had enabled before?

    Thanks for the help :)

  17. I've added it to my todo list and it should be available in the next release.

  18. I've just finished the upgrade for supporting full file paths: https://github.com/pippinsplugins/Easy-Digital-Downloads/issues/296

    It will be available in the next update.

  19. hevenz
    Member
    Posted 1 year ago #

    ty for all the hard work :)

    whens the next update? :p

  20. Sometime early next week probably.

  21. hevenz
    Member
    Posted 1 year ago #

    ok thank you the code you have on git can i copy and paste it into the file for the fix?

  22. Yep, feel free.

  23. hevenz
    Member
    Posted 1 year ago #

    hmm after applying the patch and clicking the link after a test payment to download the product, i get a ton of gibberish on the screen like it's opened the file and your reading the mp4 code.

  24. Try using the code from here. You probably grabbed it at just the wrong time when I was doing some testing with it.

  25. hevenz
    Member
    Posted 1 year ago #

    you are the man it seems to work perfect now, thank you i'll be making a donation to your project :)

  26. Glad to help :)

  27. vaibviad
    Member
    Posted 1 year ago #

    HI,
    Pippin
    Wanna ask u one thing ..i am using this plugin... i want to eliminate sharing problem ..I have woocommerce based digital store in which i am first making the person to register and then giving him full access to download digital files..I have done all the products external/affiliate ones..to avoid cart and payment section while purchase as he wud pay the subscription then only he can access shop page..(using membership plugin)... Wanna encrypt the file url inorder to protect it from sharing..from non members..
    Can we do sumthing about this..

  28. vaibviad
    Member
    Posted 1 year ago #

    version 1.2.2

  29. vaibviad
    Member
    Posted 1 year ago #

    You do not have permission to view this file. ...This is error which i am getting when i press the link in mail ...

  30. You're trying to use WooCommerce to sell the products and Easy Digital Downloads to deliver them?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.