Home

Mike Mooney

Forum Replies Created

Viewing 11 posts - 1 through 11 (of 11 total)
Feb 15, 2025 at 5:05 pm in reply to: WPDM not respecting permissions – direct download available to anon users #203642

Mike Mooney
Participant

I fully understand – my issue is that you clearly dont understand the issue – no matter how many times I explain it – with detailed use cases.

THE ISSUE ISN’T HIDING THE URL!!! THE ISSUE IS THAT THE DOWNLOAD URL – WHICH PROTECTS NON .EXE FILES WITH THE CORRECT FILE PERMISSIONS – ISNT DOING THE SAME FOR .EXE DOWNLOADS!!!!!!!

Can you please pass this issue over to a developer who has the skillset to resolve the bug please!! You do not understand the problem at all and keep palming me off with answers that are not relevant.

Feb 15, 2025 at 11:32 am in reply to: WPDM not respecting permissions – direct download available to anon users #203635

Mike Mooney
Participant

This is not a suitable solution – you’ve simply altered the configuration to hide the bug!!! Not really an acceptable solution given:

1) I need that to open in a new window – thats why that setting was in place …
2) The URL (and others containing the .exe bug) have already been made available …

Can you please pass this issue over to a developer who has the skillset to resolve the bug please. Security through obscurity is NOT a viable software engineering solution

https://en.wikipedia.org/wiki/Security_through_obscurity#Criticism

Feb 14, 2025 at 10:43 am in reply to: WPDM not respecting permissions – direct download available to anon users #203615

Mike Mooney
Participant
This reply has been marked as private.
Feb 13, 2025 at 6:27 pm in reply to: WPDM not respecting permissions – direct download available to anon users #203590

Mike Mooney
Participant

Use case

OK then please explain that when accessing this link – logged out – to a URL functions as intended – a permission denied .txt is served – respecting the permissions set against the package in the WPDM interface (.zip file in package)

https://stoneridge-tachographs.com/importers/download/optimo-linx-upgrader-4-8-2000-3322-to-7-0-3000-4051/?wpdmdl=8420&refresh=67a3641682a271738761238

And this does not (.exe file in package)

https://stoneridge-tachographs.com/importers/download/optimo-dell-7-7-2000-4152/?wpdmdl=11164&refresh=67a35a62488641738758754

This has absolutely nothing to do with the masking of the URL – the issue would be present for both surely? The script/hook/process that intercepts the download – and prevents access to the file based on permissions – isn’t working for packages containing .exe files – highlighted by the very specific use case provided. It’s a bug – not a config issue – not a masking issue – a bug.

Can you please take a look

Feb 13, 2025 at 4:07 pm in reply to: WPDM not respecting permissions – direct download available to anon users #203580

Mike Mooney
Participant

Hi there

This URL has the issue

https://stoneridge-tachographs.com/importers/download/optimo-dell-7-7-2000-4152/?wpdmdl=11164&refresh=67a35a62488641738758754

To be clear

– The url should not be accessible / permit download if the user isn’t logged in (it currently can and shouldn’t)
– The bug seems to be for packages that contain .exe files only

Im not sure how much clearer I need to be

Regards

Mike

Feb 6, 2025 at 9:33 am in reply to: WPDM not respecting permissions – direct download available to anon users #203399

Mike Mooney
Participant
This reply has been marked as private.
Feb 5, 2025 at 4:56 pm in reply to: WPDM not respecting permissions – direct download available to anon users #203380

Mike Mooney
Participant

This is the masked HTML for the buggy .exe package – the file can be downloaded without any user role / direct

Download

Its irrelevant whether its masked – accessing the link directly from either should prevent download if permissions are set

This is the masked HTML for a working .zip package – permission is denied unless logged in

Download

BOTH packages require the user to have the ‘Subscriber’ role

Feb 5, 2025 at 1:17 pm in reply to: WPDM not respecting permissions – direct download available to anon users #203370

Mike Mooney
Participant

The downloads are masked – heres a working version of .zip file

https://stoneridge-tachographs.com/importers/download/optimo-linx-upgrader-4-8-2000-3322-to-7-0-3000-4051/?wpdmdl=8420&refresh=67a3641682a271738761238

Feb 5, 2025 at 1:15 pm in reply to: WPDM not respecting permissions – direct download available to anon users #203369

Mike Mooney
Participant

This only seems to effect files with the .exe extension

Aug 29, 2019 at 8:45 am in reply to: File copy failed – File Manager Add-on Bug #111733

Mike Mooney
Participant

Line 422 – uses realpath($new_path) – should be $new_path (realpath checks for existence of the file and returns false)

Aug 29, 2019 at 8:31 am in reply to: File copy failed – File Manager Add-on Bug #111731

Mike Mooney
Participant

Seems when I var_dump realpath($old_path) and realpath($new_path) in wpdm-filemanager/classes/fileManager.php line 422 realpath($new_path) is false (which is why im guessing it fails)

Viewing 11 posts - 1 through 11 (of 11 total)