Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author thomstark

    (@thomstark)

    Sure. I wasn’t aware of this and I clearly do not have time to maintain this these days. Can I bring you on as a contributor or what do you think?

    Thread Starter Daan Oostindiën

    (@daanzk)

    It will take me some time to get up to speed, if other programmers are quicker, be my guest.

    Not to discredit @amarthakur88 but the user was created today and this is the only post. Be careful who you trust.

    Thread Starter Daan Oostindiën

    (@daanzk)

    Alternatives? I don’t know.

    For what its worth, this fixes the current vulnerability:

    Add:
    if($class) $class = sanitize_html_class($class);
    To:
    lib/cls/class.fileup.php on line 20. Right below the two extract(); calls

    While you’re add it @thomstark maybe you can add me to the developers and I can attempt to make this plugin PHP 8.x proof.

    is this fix still available, because I need to make my websites with this plugin safer

    I would love to have this back. I would even consider paying for it if I knew it was going to be updated regularly for security so I don’t keep getting hacked. There’s nothing else with this functionality.

    I hope there will be a workaround. It works nicely with S2Member and I don’t want to change all my site.

    i would strongly urge you to remove it now. My site was hacked several times before I realized it was because of this plug in. It sucks because I was unable to find a replacement and have to do it by hand.

    There is an alternative but much simplier https://wpdemo.dovi42.hu/download-from-files-en/

    @jjanthony : thanks for the alert. The site where I use the plugin is quite “hidden” – it’s a private site to share files for my work – but I’m concerned in security.

    Thread Starter Daan Oostindiën

    (@daanzk)

    @li-an I wont trust a plugin that is not available through the regular WordPress Plugin Directory. If you are serious about this project, please make it available.

    I had low-key started working on fixing the File Away plugin. Just re-writing and moving code. Unfortunately I now must admit my defeat… the code from this plugin is too much of a mess to even understand the simplest functions. It’ll be much, much quicker just to start over new.

    With the original author not responding this plugin is dead anyway.

    There are a lot of plugins not available on depot and without any issue – think premium plugins. But I can understand perfectly your concern.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Vulnerability’ is closed to new replies.