WordPress.org

Ready to get started?Download WordPress

Forums

Download Monitor
custom url redirecting instead of rewriting (2 posts)

  1. Steve Taylor
    Member
    Posted 3 years ago #

    Hi,

    A client has noticed something on their site recently, I'm not sure which version of DLM this started happening with but we're currently on 3.3.5.2.

    I'm sure that since we started using the plugin a couple of years ago, if you set a custom download URL, and installed the rule for it in .htaccess, the actual wp-content URL would remain hidden.

    Now, it seems to redirect rather than rewrite, i.e. you click to go to:

    http://example.com/downloads/filename.pdf

    And the file downloads, but this ends up in the browser address bar:

    http://example.com/wp-content/uploades/downloads/2011/03/filename.pdf

    If the file is marked as "Members only", naturally this isn't great - they can grab the URL and post it online, and non-member will be able to download it. We've already got a load of bots harvesting member-only files, presumably from these URLs leaking out.

    I've never seen the "Force download" option before - not sure when it was introduced, but I've never needed it before. Anyway, checking it keeps the custom URL, but the download file comes into the browser as a data string, not a file. Presumably this is an issue with MIME-types on the server. If using this field is currently the only way of maintaining custom URLs, how should the server be configured to use it properly?

    BTW, this issue still seems to be a problem. Any advance? It does seem to work if you save the field in IE, so browser issues are involved; on the other hand, I've never seen the problem with any other form field.

    thanks,

    Steve Taylor

    http://wordpress.org/extend/plugins/download-monitor/

  2. Steve Taylor
    Member
    Posted 3 years ago #

    Hi,

    This is still a major issue.

    I found time to root around, and it seems there have been some changes on the "Force download" issue. As far as I can tell from the comments around line 305 of download.php, you've changed things so Member-Only downloads aren't forced by default - you need the "Force download" flag checked, too.

    To be clear, for as long as I've been using this plugin, I don't recall ever needing to do anything to hide the actual wp-content URL. Surely this is what the RewriteRule in .htaccess does, on its own? Further, even if this has somehow changed, surely Member-Only downloads should be forced with the URL masked, whatever.

    There's mention of some server issues - we never had those before. However, now when I do check "Force download", the file is forced but with the wrong MIME type, resulting in just garbage in the browser.

    I've confirmed through testing that my Member-Only file with Force Download checked is having its headers set by lines 616-622 of download.php. I think the $ctype is being set fine, but even when I hard-code "application/pdf" as the Content-Type, Chrome's network inspector says it's being served as text/html.

    I'm liaising with the server admins about this, but obviously they'll tell me it's a plugin issue, and you'll tell me its a server issue. I'm hoping one or both of you can pitch in a bit and help nail this major issue.

    thanks,

    Steve Taylor

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic