Forum Replies Created
Fixed after Update (cant updated over WP itself)
Hello,
Thanks a lot, so I can work with it 🙂
Best regards
Hello,
It is the responsibility of the admin if he embeds XSS code or not, no one else has access to edit the templates.
How can this fake security measure be circumvented? Does it help to edit the template directly in the filesystem?
An insolence what an update does without informing paying customers. Another update that has massively limited the operation and has caused a bad user experience. This was definitely the last time that I let this plugin damage the reputation of my website. There are other download plugins.
Hi,
It is not the frontend page, it is the backend where users can edit their own profile.
wp-admin/profile.php
Br
Hi,
No, I am talking about the fields that WPDM adds as user fields as shown in this screenshot.
Br
Hi,
It is a pity that there is no insight that this is a bug. I would like to summarize the problems one last time. But I don’t expect a solution or understanding of the problem anymore. Probably one will only react to the problem when it comes up in the case of a recession.
1. restricting folder access was not a problem until recently, suddenly it is? This is probably a bug that one simply does not want to admit.
2. the file size is also not taken over correctly during bulk import.
3. it is logical that I as admin will not upload the wp-config, but there are other users who have access to the wp-admin. Whereby we would also be right at the next problem. WPDM has NO access level to limit the possibilities for uploads and co. No matter how few rights I give a user, anyone who has access to the wp-admin can add uploads. Also a big deficit.
Even if there is no understanding or insight about an obvious bug, I thank you for the answers. I will have to look for another plugin anyway.
Br
Of course.
You set the “File Browser Root Directory” to the root directory of WordPress (Which you did, and which makes it work again).
Now I have a complete list of all files both when adding a new download package via the button “Select from Server” and I can also select files like wp-config.php.
The same behaviour is available for mass import. Here you can also display all files that are in WordPress and import them into a download.
Until 2-3 updates ago it was no problem to set the directory in a way that you can only access e.g. /wp-content/uploads/ with the above mentioned functions.
Hello,
Do you expect a fix for this bug or do I have to find another plugin and cancel my Pro version?
Please send me feedback
br
Hello,
I have tested it on the live system and yes, it works, but this is not a solution. The file browser of the plugin is not allowed to access the root directory of WordPress. This poses a significant security risk, especially since WPDM has no user roles and you can’t restrict access to the plugin.
What was changed in the last 2-3 updates that the directory must point to root? This is clearly a bug.
Br
Hi,
yeah i see, but i dont changed it since the problem happens. I set it to the wp-content folder in my first setup , so restrict the access to dangerous files like wp-config and it works. why its doesnt works since one of the last updates?
br
Hi, It looks good in the test-env.
Can u please explain what u have changed, that i can adjust it in the livesystem.
Best regards
Hi Guys,
Thanks for Reply. I hide the first thumbnail and author-row with custom-css from the WPDM-custom css (thanks for this hook).
Works perfect now
Br Alex
Thanks for your replay. On the most devices i also got a clean loading. Dont know why safari is warning there.
Thanks for checking
Its not from another plugin, cause the error happend in the WPDM .js file.
Pichoster remove direct-image, but i can watch it here ► https://prntscr.com/qgydz9
Br
Perfect, thank u very much.