[Plugin:W3 Total Cache] CDN upload php files | WordPress.org

chensihai
(@chensihai)

12 years, 9 months ago

Version 0.9.2.2

When upload files to CDN according to “Custom file list:”, the program doesn’t validate the content type, but upload all the files. Even the file ext is .php.

This is a security hole, to allow other people to steal the php code from CDN, also slow down the upload process.

I would like to set wp-content/plugins/* into the “Custom File list”, but I only want to upload “*.css; *.js; *.jpg” etc.

Any help would be appreciated. Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)

Thread Starter chensihai
(@chensihai)

12 years, 9 months ago

one more comment for above post.
I use amazon S3 as CDN.

Thanks.

Thread Starter chensihai
(@chensihai)

12 years, 9 months ago

Find the solution for how to prevent .php files upload to CDN, just add “*.php” to Rejected files.

It works for click the “Custom file” button to upload the files to CDN.
But won’t work for Cron job update. That’s say the cron job update program miss/fail to check the “Rejected files”.

How to fix this?

Any suggestions are welcomed.
Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘[Plugin:W3 Total Cache] CDN upload php files’ is closed to new replies.

In: Plugins
2 replies
1 participant
Last reply from: chensihai
Last activity: 12 years, 9 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics