Sure. I wasn’t aware of this and I clearly do not have time to maintain this these days. Can I bring you on as a contributor or what do you think?
It will take me some time to get up to speed, if other programmers are quicker, be my guest.
Not to discredit @amarthakur88 but the user was created today and this is the only post. Be careful who you trust.
Alternatives? I don’t know.
For what its worth, this fixes the current vulnerability:
Add:
if($class) $class = sanitize_html_class($class);
To:
lib/cls/class.fileup.php
on line 20. Right below the two extract();
calls
While you’re add it @thomstark maybe you can add me to the developers and I can attempt to make this plugin PHP 8.x proof.
is this fix still available, because I need to make my websites with this plugin safer
I would love to have this back. I would even consider paying for it if I knew it was going to be updated regularly for security so I don’t keep getting hacked. There’s nothing else with this functionality.
I hope there will be a workaround. It works nicely with S2Member and I don’t want to change all my site.
i would strongly urge you to remove it now. My site was hacked several times before I realized it was because of this plug in. It sucks because I was unable to find a replacement and have to do it by hand.
There is an alternative but much simplier https://wpdemo.dovi42.hu/download-from-files-en/
@jjanthony : thanks for the alert. The site where I use the plugin is quite “hidden” – it’s a private site to share files for my work – but I’m concerned in security.
@li-an I wont trust a plugin that is not available through the regular WordPress Plugin Directory. If you are serious about this project, please make it available.
I had low-key started working on fixing the File Away plugin. Just re-writing and moving code. Unfortunately I now must admit my defeat… the code from this plugin is too much of a mess to even understand the simplest functions. It’ll be much, much quicker just to start over new.
With the original author not responding this plugin is dead anyway.
There are a lot of plugins not available on depot and without any issue – think premium plugins. But I can understand perfectly your concern.