Uploaded file is overwritten

I am using the free version of the plugin.
I know that my problem can be solved using the pro version. Unfortunately I can not afford it.

If I upload a file named Example.pdf in a item called Example in a category named 2021 it is created fine.
If I then upload a file also called Example.pdf in an item called Example 2 in a category 2022 the first file is overwritten with the last one and both items access the same file.

Can this be avoided in the free version?
Is there a hook to be used if it is not accessible in the UI?
So I for example can rename the uploaded file and add a unique name to it.

/Erik

What do you mean with upload files renaming locally?
My problem is that I do not know that I have already uploaded a file with the same name.
It would have been nice with a warning so I could rename the file to something unique.

/Erik

Yes I have understood that but I think that giving an error saying that this file already exists is not a PRO feature.
I have no demand for any other option. Just stop users from damage already uploaded files.

Previously I thought that your directory structure was something like the medialibrary structure, but now I have found out that you only have one single directory.

I have looked into the code and found one thing that is a bit strange.
If I check “Sanitize Filename” then the code checks if the file exists with the original filename.
It does not exist and then the file is Sanitized and stored with the sanitized name.
Next time I upload a file with the same name, the file still not exists, and then the name is sanitized and the old file is overwritten.

If I instead choose not the have the filenames sanitized I will get a timestamp and wpdm added to the file name and the other file is not overwritten. A better idea is to sanitize the filename before checking if it exists.

In the file download-manager\src\Admin\Menu\Packages.php
Change this code:
if(file_exists(UPLOAD_DIR.$name) && get_option(‘__wpdm_overwrrite_file’,0)==1){
@unlink(UPLOAD_DIR.$name);
}
if(file_exists(UPLOAD_DIR.$name) && !isset($_REQUEST[“chunks”]))
$filename = time().’wpdm_’.$name;
else
$filename = $name;

/$filename = esc_html($filename);

if(get_option(‘__wpdm_sanitize_filename’, 0) == 1)
$filename = sanitize_file_name($filename);
else {
$filename = str_replace([“/”, “\\”], “_”, $filename);
}

To this:
if(get_option(‘__wpdm_sanitize_filename’, 0) == 1){
$filename = sanitize_file_name($name);
}else {
$filename = str_replace([“/”, “\\”], “_”, $name);
}

if(file_exists(UPLOAD_DIR.$filename) && get_option(‘__wpdm_overwrrite_file’,0)==1){
@unlink(UPLOAD_DIR.$filename);
}
if(file_exists(UPLOAD_DIR.$filename) && !isset($_REQUEST[“chunks”])){
$filename = time().’wpdm_’.$filename;
}

It works for me without sanitize the filename.
I think that this is a bug and that you should change the code as suggested above.

Now I have been out skiing cross country and been thinking of the problem.
I have found out that this a critical error that you have to fix at once.

If you not move the code:
if(get_option(‘__wpdm_sanitize_filename’, 0) == 1){
$filename = sanitize_file_name($name);
}else {
$filename = str_replace([“/”, “\\”], “_”, $name);
}

The file exists check you will always have an overwrite of the file if the code changes the value of $filename
In the PRO version as I think that you have much the same server code the checkbox about Overwrite file is obsolete.
It does not matter how the user checks it or not, overwrite is the case.
In the free version where that checkbox does not exist it is always overwrite too.

This behaviour can cause much damage to the user that thinks that he is uploading a new file not replacing an existing one.
Your file exist check checks against a filename that will never exist.

I do not think that you understand what I am saying.
I am a programmer by profession and I think I am pretty good at it! 😉

Your code is not doing what you think it is doing and therefore you have an critical error, both in the free as well as the program.
Lets try once again…

Say I submit a fil named: 01. My File.pdf

This code checks if that file exists and if the option __wpdm_overwrrite_file is set to 1. 1 is overwrite.
If the file exists it is removed.

if(file_exists(UPLOAD_DIR.$name) && get_option(‘__wpdm_overwrrite_file’,0)==1){
@unlink(UPLOAD_DIR.$name);
}

Now you check once more if the file exists. If it did exist in the if-statement above it will not exist now, but if it did not exist
and chunks is not set you will create a new filename, that looks something like this “165123456pdm_01. My File.pdf”.
if(file_exists(UPLOAD_DIR.$name) && !isset($_REQUEST[“chunks”]))
$filename = time().’wpdm_’.$name;
else
$filename = $name;

Now you have a value in $filename that is eigther “165123456pdm_01. My File.pdf” or “01. My File.pdf”

/$filename = esc_html($filename);

In the next if sentence you check if to sanitize the filename.

if(get_option(‘__wpdm_sanitize_filename’, 0) == 1)
$filename = sanitize_file_name($filename);
else {
$filename = str_replace([“/”, “\\”], “_”, $filename);
}
After this if sentences the $filename variable may have changed depending on if it has been sanitized or not. It may have changed if not sanitized too, but in a different way.
I might look something like this “165123456pdm_01_My_File.pdf” or maybe “01_My_File.pdf”.
The format in the sentence about is hypothetic, I would just like to point out that the value of $filename may have changed and it is the value the $filename now is assigned to that is the name of the saved file.

As both “165123456pdm_01_My_File.pdf” and “01_My_File.pdf” differs from the value, “01. My File.pdf” you did perform a file exists check that check has no impact on the stored file what so ever. This will lead to that you might overwrite an existing file without knowing it. And it does not matter how the user of the PRO version have checked the overwrite checkbox. The behaviour of the free version is also always overwrite. I do not know if that is your intension but a pretty dangerous default value.

So I still do not think that the free version neigther the PRO version is working in a acceptable way with the current code.

One more clarification:
You will never get a file named “165123456pdm_01. My File.pdf” if the later sanitize of else part of that if changes the name of the file.

You perform a file exists check against “01. My File.pdf” but you store the file with the name “01_My_File.pdf”
The next time I submit a file named “01. My File.pdf” it will still not exist and then you once again store the file as “01_My_File.pdf”.
A non detected overwrite! 🙁
Both in the free as well as in the PRO version

However if the sanitize or else part does not change the file name and the file is stored as “01. My File.pdf”.
The next time the file exists part will find that the file exists and then the file will be stored as “165123456wpdm_01. My File.pdf”

So please read my posts and your code very carefully and then you will hopefully understand what the problem is.

The code is in the file download-manager\src\Admin\Menu\Packages.php in the uploadFile function lines 131 – 145

Are there any updates regarding the progress of this bug?

A new version released but still the same critical error! 🙁

I can see that you have made a number of releases of the Download Manager but this error still exists in the code!
Why?
Do you not understand what the problem is?

Are you totally ignoring this bug?

Hello!

I am using the free version numbered 3.2.55.
As described many times before in this thread you are not understanding your own code.
I am a programmer since more than 30 years and the bug is a really beginners bug.

In the file src/Admin/Menu/Packages.php in the method upload file on the row 130 you have the following code:
if(file_exists(UPLOAD_DIR.$name) && !isset($_REQUEST[“chunks”]))
$filename = time().’wpdm_’.$name;
else
$filename = $name;

//$filename = esc_html($filename);
if(get_option(‘__wpdm_sanitize_filename’, 0) == 1)
$filename = sanitize_file_name($filename);
else {
$filename = str_replace([“/”, “\\”], “_”, $filename);
}

As it looks to me that you are not able to understand your own code, yes I am really pissed of by now, i will once again explain what it does to you!

This lines of code checks if there is already a file in the upload directory with the name $name. If it is you timestamp the file to stor and ad a wpdm_ part of the name. If it does not exist you will give the $filename variable the value of $name.
if(file_exists(UPLOAD_DIR.$name) && !isset($_REQUEST[“chunks”]))
$filename = time().’wpdm_’.$name;
else
$filename = $name;

In this part of the code you are sanitizeing the filename that option is clicked or change some non wanted characters. This will result in that you might change the value of the variable $filename. The check if the file did exist above is a total waste of time because you are not storing the file by the value you checked if it did exist.
if(get_option(‘__wpdm_sanitize_filename’, 0) == 1)
$filename = sanitize_file_name($filename);
else {
$filename = str_replace([“/”, “\\”], “_”, $filename);
}

The solution is pretty simple, just change the order, first sanitize then check if the file with the sanitized name exist.
$filename = $name;
if(get_option(‘__wpdm_sanitize_filename’, 0) == 1)
$filename = sanitize_file_name($filename);
else {
$filename = str_replace([“/”, “\\”], “_”, $filename);
}

if(file_exists(UPLOAD_DIR.$filename) && !isset($_REQUEST[“chunks”]))
$filename = time().’wpdm_’.$filename;

Please implement that change now! I reported the bug six months ago!