WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin:W3 Total Cache] CDN upload php files (3 posts)

  1. chensihai
    Member
    Posted 3 years ago #

    Version 0.9.2.2

    When upload files to CDN according to "Custom file list:", the program doesn't validate the content type, but upload all the files. Even the file ext is .php.

    This is a security hole, to allow other people to steal the php code from CDN, also slow down the upload process.

    I would like to set wp-content/plugins/* into the "Custom File list", but I only want to upload "*.css; *.js; *.jpg" etc.

    Any help would be appreciated. Thanks.

  2. chensihai
    Member
    Posted 3 years ago #

    one more comment for above post.
    I use amazon S3 as CDN.

    Thanks.

  3. chensihai
    Member
    Posted 3 years ago #

    Find the solution for how to prevent .php files upload to CDN, just add "*.php" to Rejected files.

    It works for click the "Custom file" button to upload the files to CDN.
    But won't work for Cron job update. That's say the cron job update program miss/fail to check the "Rejected files".

    How to fix this?

    Any suggestions are welcomed.
    Thanks.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.