WordPress.org

Support

Support » Plugins and Hacks » Amazon S3 Uploads » WARNING – Do not use this plugin!

WARNING – Do not use this plugin!

  • There is a flaw in the code of this plugin that can result in ALL of the WP images being deleted from your S3 bucket! A malformed URL can trigger a DB error that initiates an “update” on all images in the S3, which results in the deletion of the images.

    It’s fairly simple to fix the error if you know PHP, but as long as you are using unmodified code, your site is vulnerable.

    http://wordpress.org/extend/plugins/amazon-s3-uploads/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author atvdev

    @atvdev

    I’m sorry for the inconvenience. If you have versioning enabled you can retrieve your files as it says here
    http://blog.cloudberrylab.com/2010/01/how-to-manage-amazon-s3-versioning-with.html

    Hi atvdev,

    Thanks! Unfortunately versioning hadn’t been enabled on that bucket…doh!

    It’s a fairly easy fix, and it’s unlikely to happen accidentally, but it is possible. We’re still not sure if it was just a weird image name that one of our editors added, or if it was done on purpose (our access logs were removed just as we started investigating….it was a comedy of errors!)

    If you’d like details on how to reproduce the error just let me know. I emailed you last week so you should have my address.

    Plugin Author atvdev

    @atvdev

    Hello,
    yes I have seen your emails and I have decided to leave the files with “+” in name as is, on the local server.

    So there is no more special_rewrite. Generally, in the last update I tried to remove any interference with the wordpress basic db.

    I apologize for your data loss…

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘WARNING – Do not use this plugin!’ is closed to new replies.
Skip to toolbar