One more question:
I find that if I add an attachment, it could be seen from any viewer on the front end.
Directory listing is prevented, but if I have the URL of an attachment file in the uploads/eaccounting directory, I can view the file as a non logged in user.
I have tried modifying the .htaccess file in that directory to just deny from all, but that does not seem to be working.
How can I made attachments for expenses in this plugin not viewable to non-admin users?
- You must be logged in to reply to this topic.