But FileZilla is just an ftp client! I have several ftp-clients and other upload tools – but they all require unix login access and I cannot share that password. WordPress also has an upload feature but it complains that the file is “not safe” and refuses to embed it because it is not a picture(!).
It’s that built-in file attachment feature that I need upgraded: I need something that lets our editor-level users upload zip and doc files (without shell password) and embed download links to the static pages.
I don’t think FileZilla is capable of that. And the tool really needs to work on Windows XP, Linux, MacOS and PalmOS and in public computers in public libraries.
Thanks! I will try the ilfilosofo plugin soon.
I just detected a way of quickly adding OpenOffice support:
edit functions-post.php:
‘doc’ => ‘application/msword’,
‘odt’ => ‘application/vnd.oasis.opendocument.text’,
…
After this one line odt addition, WordPress accepts OpenOffice documents. The only problem is that even if I use “page restriction” plugin, the uploaded file remains publicly available in the uploads folder. There is a “safe files” plugin to solve this little security flaw, though. Next I’ll try it – and then the IlFilosofo.
This seems to work out. Wonderfull!
The plugin was called “secure files” but it is of no use. The file upload feature is severely flawed. The uploads folder is writable for all. The secure files plugin allows the upload folder to be placed outside the document root and hence out of reach of browsers. But it still remains readable/writable by the web server user and hence it can be attacked locally from another account. Security doesn’t seem to be a high priority in WP… The ilfilosofo plugin isn’t going to solve this, either. I need to find something that stores files in the database. THEN I can assign permissions by user classes. Hmmm… DB_Files? I’ll try that next…
[ Oh shit. Even Gallery2 has images in chmod 755 directories. It’s all open for stealing – from ANY another local account. One just needs to create an own plugin and connect to it and take all our images, all our files, all those files we are required to protect… ]
The “DB Files” plugin doesn’t work either:
WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘db_file_use_fileupload” LIMIT 1’ at line 1]
SELECT option_value FROM wp_options WHERE option_name = ”db_file_use_fileupload” LIMIT 1
…and the DB Files development has been ended because the developer thought that this plugin would not be needed anymore :”(
I have no options left, except htaccess files 🙁
Giving up for today.
