A client has noticed something on their site recently, I'm not sure which version of DLM this started happening with but we're currently on 220.127.116.11.
I'm sure that since we started using the plugin a couple of years ago, if you set a custom download URL, and installed the rule for it in .htaccess, the actual wp-content URL would remain hidden.
Now, it seems to redirect rather than rewrite, i.e. you click to go to:
And the file downloads, but this ends up in the browser address bar:
If the file is marked as "Members only", naturally this isn't great - they can grab the URL and post it online, and non-member will be able to download it. We've already got a load of bots harvesting member-only files, presumably from these URLs leaking out.
I've never seen the "Force download" option before - not sure when it was introduced, but I've never needed it before. Anyway, checking it keeps the custom URL, but the download file comes into the browser as a data string, not a file. Presumably this is an issue with MIME-types on the server. If using this field is currently the only way of maintaining custom URLs, how should the server be configured to use it properly?
BTW, this issue still seems to be a problem. Any advance? It does seem to work if you save the field in IE, so browser issues are involved; on the other hand, I've never seen the problem with any other form field.