Disallow access to directories that are absolutely not needed by DLM

WPChill / download-monitor

A WordPress plugin which provides an intuitive UI for uploading and managing downloadable files (including support for multiple versions), inserting download links into posts & logging downloads.

http://wordpress.org/extend/plugins/download-monitor/

255 stars 116 forks source link

Disallow access to directories that are absolutely not needed by DLM #1401

Closed razvanaldea89 closed 2 weeks ago

razvanaldea89 commented 5 months ago

Describe the bug Disallow access to directories that are absolutely not needed by DLM, for example the etc directory.

acesuares commented 5 months ago

Also, in Multisite, don't go to the root of the installation, but to the 'root' of the specific blog, if that's possible. And it would be great to be able to all together disable the other path on multisite.

razvanaldea89 commented 1 month ago

A filter has been added where users can add folder names which will be disallowed for file selections or download.

Filter: dlm_restricted_admin_folders, has a default value of empty array.

The other restrictions will be done by Approved Download Paths, which from version 5.0.0 will be multiple and will be defined by users ( defaults to the uploads path and WordPress installation path ).