There is a frontend upload procedure to upload photos ( .jpg, ,gif and .png ). See wppa-functions.php line 3964:
// Subroutine to upload one file in the frontend
function wppa_do_frontend_file_upload( $file, $alb ) {
.
.
This function will produce an error on non-image files.
If you install the current development version ( or later version 6.3.7 ) the front-end uploads using this function will be logged, so you can see what file when by who is uploaded.
See the Log list in Photo ALbums -> Settinhgs admin page Table VIII-C1.
Maybe this will help you to find out what is happening.
Jacob, I wasn’t so much worried about what users were doing on the front-end, I was more concerned with what WPPA did on the backend, and transparent to human actions, whether by administrator or front-end user.
We’re sorting through malware encroachment that has us looking at any page with a name that implies upload capability.
In my question, I was looking for a simple yes or no really. Does WPPA employ any form of download from WPPA or other server, adding to server-side content, transparently to admin or user, and outside the “install or update plugin” action?
Does WPPA employ any form of download from WPPA or other server,
You are confusing me now, i assume you mean upload?
– The Upload page ( Photo Albums -> Upload photos )
– The Import page ( Photo Albums -> Import photos )
– On the Photo Albums -> Settings admin page items Table IX-F4 and F9
If you find any potential vulnerability, please do not mention it here, but mail me: opajaap at opajaap dot nl
