added RowsInterface to upload field & security for public download URL.

GravityKit / GravityExport-Lite

GravityExport Lite. Export all Gravity Forms entries to Excel (.xlsx) via a secret (shareable) url.

https://gfexcel.com

GNU General Public License v2.0

12 stars 8 forks source link

added RowsInterface to upload field & security for public download URL. #162

Closed doekenorg closed 1 year ago

doekenorg commented 1 year ago

Working on #161 I noticed Uploaded files of multiple uploads were not split properly when GravityExport's multirow combiner is active.

This PR also adds some security regarding the download url. Because the export download are public the files export is vulnerable for enumeration attacks on the download folder.

rafaehlers commented 1 year ago

@doekenorg @zackkatz I got this same error when testing this PR/Build: https://github.com/GravityKit/GravityExport-Lite/pull/162/commits/695bbbe890373722a2250a82baedc4aa429fe596

https://www.dropbox.com/s/ziwgck8ihw24f7m/gf-entries-in-excel-2.0.0-695bbbe.zip?dl=1

I suspect this affects all the other builds/PRs from this repo.

doekenorg commented 1 year ago

It looks like there isn't a composer install -o run anywhere in the deploy process, which is why these files can't be found. @mrcasual is there something missing?

rafaehlers commented 1 year ago

Works good!