WordPress.org

Forums

Download Shortcode
[resolved] [closed] Security issue (7 posts)

  1. Julio Potier
    Member
    Posted 2 years ago #

    Hello

    So, what happen if i do this : "http://www.example.com/wp-content/plugins/download-shortcode/force-download.php?file=../../../wp-config.php ?

    ...

    Ok

    Can you fix this asap and warn users ? Thank you

    http://wordpress.org/extend/plugins/download-shortcode/

  2. bibo_m16
    Member
    Posted 2 years ago #

    The force-download.php should be in the root folder. To the plugin creator: you might want to encrypt the file path (md5?)

  3. Drew Jaynes
    4.2 Release Lead
    Plugin Author

    Posted 2 years ago #

    This issue was addressed and (in my testing) handled in v0.2.

  4. WPSpeak
    Member
    Posted 2 years ago #

    Is this issue has been fixed? Feel insecure to use this plugin

  5. Drew Jaynes
    4.2 Release Lead
    Plugin Author

    Posted 2 years ago #

    Hi Devplus,

    Version 1.0 which was just released adds more robust security for protecting against things like directory traversal and unauthorized file access. It also introduced URL rewrites which have the ability to completely mask the endpoint.

  6. Kariko1975
    Member
    Posted 2 years ago #

    Hi, please help, all did as you wrote, but jpg file opened in new window...
    http://www.barior.com/?p=1715

  7. Drew Jaynes
    4.2 Release Lead
    Plugin Author

    Posted 2 years ago #

    Kariko1975: Please create your own topic so I can better help you solve your issue. Also, I'm receiving a 404 at the URL you supplied.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.