Support » Plugin: WP Job Manager » Uploading file error when submitting and registering at the same time

  • Resolved hivaaaa

    (@hivaaaa)


    Hi,

    Just to let you guys know that after adding the password field in the Submit Job in your previous update, uploading files is not allowed when filling out the forms.
    It says: You must be logged in to upload files using this method.
    So if we want to register and submit a job at the same time we won’t be able to upload files. Is there any way that we can upload files while we’re registering?
    Any ideas?

    Thanks!
    Hiva

Viewing 8 replies - 1 through 8 (of 8 total)
  • Hi Hiva,

    I’m having the same issue.
    Were you able to find a solution?

    I’m not sure why this change was made since all new applicants are by definition new and want to submit there resume and cannot be therefore logged in to do so.

    Hope a fix is coming or at least an option in the backend to decide whether or not to have this requirement.

    Jerome

    No not yet, still waiting for the team to reply or find a solution.
    Maybe they could do a 2 step wizard for submit-job page. First page for filling out the standard info, second page for uploading files, or something like that.

    Plugin Author jonryan

    (@jonryan)

    @hivaaaa and @jerco8 You need to have Automatically Generate Username from Email Address checked and make sure Use WordPress’ default behavior and email new users link to set a password checked as well.

    @jonryan thanks for your reply. I tested that but unfortunately didn’t work for me.
    I have to set a password for it till it allows me the upload, because it says I have to be logged in.
    Did you try it out in your end and worked for you?

    Thanks,

    I have the same problem and found out that since version 1.26.2, the application extension for WP Job Manager, disabled the use of built-in Ajax uploader for guests. as you can read here

    WP Job Manager 1.26.2
    This release focused on preventing the use of Ajax file upload endpoint for visitors who aren’t logged in. Now, when using endpoint in their templates, themes will run a check with job_manager_user_can_upload_file_via_ajax().

    Also, if you take a look on github
    You’ll see the following code:

    public function upload_file() {
    		if ( ! job_manager_user_can_upload_file_via_ajax() ) {
    			wp_send_json_error( __( 'You must be logged in to upload files using this method.', 'wp-job-manager' ) );
    			return;

    In terms of security, there’s probably a good reason why the developers at WPJM did this.

    I found the following code from Myles McNamara that you can add to the function.php and override the security protection.

    // NOTE: this overrides security protection added in WP Job Manager, only use this if you know what you're doing!!
    add_filter( 'job_manager_user_can_upload_file_via_ajax', '__return_true' );

    If you want to learn more about the Vulnerability of Unrestricted File Upload, Here’s a great doc: https://www.owasp.org/index.php/Unrestricted_File_Upload

    Plugin Author jonryan

    (@jonryan)

    @jerco8 and @hivaaaa this was done on purpose to prevent files being uploaded by unregistered users as described above in the security issue. If I’m misunderstanding something please start a new post referencing this one.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Uploading file error when submitting and registering at the same time’ is closed to new replies.