• I included the adds from some of the projects forks and the security fixed for jqueryfiletree in a new package.
    Added a new view type “infobox” to display file icon and some information. Added Editor to custom file type to put a file description (that is also displayed in the infobox type).

    https://github.com/svenbolte/delightful-downloads

    Added german and german formal translations.

    Detailed changelog is in readme.

    As there is no possibility to add the source here i will create a fork on ashleys github project, if possible

Viewing 3 replies - 1 through 3 (of 3 total)
  • Jeff C

    (@12steprecovery)

    Thanks very much for providing a security update for the plugin. Let’s hope that Ashley Rich will accept your pull requests. Or let you take on maintaining the plugin.

    I’d like to submit an Issue on your GitHub page but it’s not available.

    If I enable the Folder Protection in the Advanced Settings (and this was happening before installing your update – but only started fairly recently) the files in the folder are inaccessible to anyone and produce a 403 error when trying to download them – they are also listed as inaccessible when editing the Download itself. The problem is solved if I disable the Folder Protection.

    Great news!
    Thanks for your work in making this plugins safe for use!

    Thread Starter svenbolte

    (@svenbolte)

    If I enable the Folder Protection in the Advanced Settings

    It is working for me correct. My default setting is “enabled” and i inherit the setting on the downloadable files. open in Browser must be set to “no”, so pdf files in a protected folder cannot be shown in browser directly but must be downloaded first.

    It is regardless if you upload the file via sftp or via DDL uploader. In DDL folder only downloads are allowed.
    I mostly use password protection for accessing the file, cos i do not allow wordpress users to sign up.

    If assessing the files in the ddl folder via deep link URL presents a 403 error – which is correct.

    With my fork you can also give your users one day links to download a file without knowing the password.

    All methods work with .htaccess denied for the web users. Access is only allowed by the webserver task.

    If you want a file being viewed in Browser directly, upload it via wordpress to the media library (outside the ddl folder) and public can view in file in browser.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security fix for jqueryfiletree.php applied’ is closed to new replies.