Hi @m1k3w
I hope you’re well today!
I’m not sure if I correctly understand the goal here so let’s make sure if we are on the same side here.
Do you want the image URL not to be included in CSV export file and/or e-mail notification or rather be included but not be available for anybody who clicks on it but is not logged-in?
If it’s the first one, then:
a) for e-mail notifications you would need to edit notification content and instead of using all_fields tag or all_non_empty_fields tag you’d need to use individual fields tags there and just omit the one for upload field; if you also disable attachment option, no information about uploaded file will be included in e-mail
b) for CSV exports you would need first to filter submissions and “uncheck” the upload field, just like on this example:
https://www.screencast.com/t/DpCIWrOAII83
then apply the filter and after that go to CSV export option and make sure that “Apply Sumbission Filters” option is set
Would that work for you or did I misunderstand the goal here?
Best regards,
Adam
Thread Starter
m1k3w
(@m1k3w)
Sorry i wasn’t clear
I’m happy that the link is in the CSV and email
I guess my problem is that the link in the CSV can be viewed when i’m not logged in. Is there away to only make the link viewable if your logged in
I’m think from the view that if i knew the file structure of WordPress it wouldn’t be hard to find where the media sits and look at the files which normally isnt a issue as its only site imagery
But if the contents from the file uploads is confidential i don’t want people that are not logged into the website to potentially find and view it
i suppose its more of a question of protecting the content in the wp-content folder which is probably a bit out of scope. but if you know any ways of doing this then i would appreciate it
Hello @m1k3w !
I hope you’re doing well today!
In case the files’ content is confidential there may be more at stake and depending on the kind of data, I’d suggest also checking local laws on data protection.
Maybe this snippet would help: https://gist.github.com/wpmudev-sls/639f2b6d711016e74ffa86d3a8e3c0d3
It’s a mu-plugin and installation instructions can be found here: https://ww.wp.xz.cn/support/article/must-use-plugins/
Regarding protecting the files when being logged in, this depends on the server because non-php files are served by the server directly. So protections will need to be applied there as WP code isn’t involved.
My idea, if the site is running on Apache (similar can be done by nginx), is to use a cookie-based rule: https://elwpin.com/2021/02/19/cookie-based-permission-in-htaccess/
And then target the WordPress login cookie: https://kinsta.com/blog/wordpress-cookies-php-sessions/#1-login-cookies
However this greatly depends on the server’s setup and you’ll need to check with the hosting first if this is something that could be added.
Best regards,
Pawel
Hello @m1k3w ,
We haven’t heard from you for a while now, so it looks like you don’t have any more questions for us.
Feel free to re-open this ticket if needed.
Kind regards
Kasia
