Question about security

  • Resolved Daniele Mezzetti

    (@danmezzetti)


    9 years, 4 months ago

    I need a plugin much like this one, but I’m worried that someone could upload a fake image and gain access to the system. Do you have implemented in the plugin some checks to avoid this?
    Thanks

Viewing 1 replies (of 1 total)
  • Plugin Author WP Puzzle

    (@wppuzzle)

    9 years, 4 months ago

    Hi, @danmezzetti!

    The plugin uses core WordPress function media_handle_sideload() that causes _wp_handle_upload(). This function are avoiding fake uploads:

    Handle PHP uploads in WordPress, sanitizing file names, checking extensions for mime type, and moving the file to the appropriate directory within the uploads directory.

    If you try download fake image, comment will be published, but image not will load, because WordPress avoid it. CIR will not show message at this.

    • This reply was modified 9 years, 4 months ago by WP Puzzle.
Viewing 1 replies (of 1 total)

The topic ‘Question about security’ is closed to new replies.