[Plugin: WooCommerce Pay to Upload] File upload security | WordPress.org

Geert De Deckere
(@geertdd)

11 years, 8 months ago

If I’m correct you only check the file extension during upload. Also, the files are stored, with the same name, in the WP upload directory, directly accessible via the browser. This doesn’t look too secure.

The following document offers some thought on the matter:
http://www.net-security.org/dl/articles/php-file-upload.pdf

I’be interesting in talking about this and getting your opinion. Thanks.

http://wordpress.org/extend/plugins/woocommerce-pay-to-upload/

The topic ‘[Plugin: WooCommerce Pay to Upload] File upload security’ is closed to new replies.

In: Plugins
0 replies
1 participant
Last reply from: Geert De Deckere
Last activity: 11 years, 8 months ago
Status: not resolved