File Uploads Can Be Made More Secure by Validating an Uploaded Fileã¢â‚¬â„¢s _

Details
Reviews
Installation
Support
Development

With this plugin you or other users can upload files to your site from whatever folio, post or sidebar easily and securely.

Simply put the shortcode [wordpress_file_upload] to the contents of whatever WordPress page / mail or add together the plugin'south widget in whatsoever sidebar and you will be able to upload files to any directory within wp-contents of your WordPress site.

You tin add together custom fields to submit additional information together with the uploaded file.

You can utilise it to capture screenshots or video from your webcam and upload it to the website (for browsers that support this feature).

You can even use information technology as a elementary contact (or whatever other type of) form to submit data without including a file.

The plugin displays the listing of uploaded files in a separate top-level menu in Dashboard and includes a file browser to admission and manage the uploaded files (only for admins currently).

Several filters and actions earlier and subsequently file upload enable extension of its capabilities.

The characteristics of the plugin are:

It uses the latest HTML5 technology, notwithstanding it will as well work with old browsers and mobile phones.
It is compliant with the General Information Protection Regulation (GDPR) of the European Matrimony.
It tin be added in posts, pages or sidebars (as a widget).
It can capture and upload screenshots or video from the device'due south camera.
Information technology supports boosted class fields (like checkboxes, text fields, e-mail fields, dropdown lists etc).
Information technology can be used as a simple contact form to submit data (a selection of file can be optional).
It produces notification messages and e-mails.
It supports selection of destination binder from a list of subfolders.
Upload progress tin can be monitored with a progress bar.
Upload process can be cancelled at any time.
It supports redirection to another url later successful upload.
There tin exist more than i instances of the shortcode in the same page or post.
Uploaded files can be added to Media or be attached to the electric current page.
Uploaded files can be saved to an FTP location (ftp and sftp protocols supported).
It is highly customizable with many (more than 50) options.
It supports filters and deportment before and after file upload.
It contains a visual editor for customizing the plugin easily without whatsoever knowledge of shortcodes or programming
It supports logging of upload events or management of files, which can be viewed by admins through the Dashboard.
It includes an Uploaded Files meridian-level carte du jour item in the Dashboard, from where admins can view the uploaded files.
It includes a file browser in the Dashboard, from where admins tin can manage the files.
It supports multilingual characters and localization.

The plugin is translated in the following languages:

Portuguese, kindly provided by Rui Alao
German
French, kindly provided by Thomas Bastide of http://www.omicronn.fr/ and improved by other contributors
Serbian, kindly provided by Andrijana Nikolic of http://webhostinggeeks.com/
Dutch, kindly provided by Ruben Heynderycx
Chinese, kindly provided by Yingjun Li
Spanish, kindly provided past Marton
Italian, kindly provided by Enrico Marcolini https://www.marcuz.it/
Smoothen
Swedish, kindly provided past Leif Persson
Persian, kindly provided by Shahriyar Modami http://chabokgroup.com
Greek

Please annotation that erstwhile desktop browsers or mobile browsers may not back up all of the higher up functionalities. In order to get full functionality use the latest versions browsers, supporting HTML5, AJAX and CSS3.

For additional features, such as multiple file upload, very big file upload, drag and drop of files, captcha, detailed upload progress confined, list of uploaded files, image gallery and custom css delight consider WordPress File Upload Professional.

Please visit the Other Notes section for customization options of this plugin.

Plugin Customization Options

Please visit the support folio of the plugin for detailed clarification of customization options.

Requirements

The plugin requires to accept Javascript enabled in your browser. For Net Explorer you lot also need to take Active-X enabled.
Delight note that old desktop browsers or mobile browsers may not support all of the plugin's features. In lodge to become full functionality use the latest versions of browsers, supporting HTML5, AJAX and CSS3.

First install the plugin using WordPress machine-installer or download the .zip file from wordpress.org and install information technology from the Plugins section of your Dashboard or copy wordpress_file_upload directory within wp-contents/plugins directory of your wordpress site.
Actuate the plugin from Plugins section of your Dashboard.
In order to use the plugin simply become to the Dashboard / Settings / WordPress File Upload and follow the instructions in Plugin Instances or alternatively put the shortcode [wordpress_file_upload] in the contents of whatsoever page.
Open the page on your browser and you will run into the upload form.
You tin alter the upload directory or any other settings hands by pressing the small edit button found at the left-superlative corner of the upload form. A new window (or tab) with pop up with plugin options. If you practice not meet the new window, adjust your browser settings to permit pop-up windows.
Full documentation about the plugin options can be found at https://wordpress.org/plugins/wp-file-upload/other_notes/ or at http://world wide web.iptanus.com/wordpress-plugins/wordpress-file-upload/ (including the Pro version)

A getting started guide can exist institute at http://www.iptanus.com/getting-started-with-wordpress-file-upload-plugin/

Will the plugin work in a mobile browser?: Yeah, the plugins will work in nigh mobile phones (has been tested in iOS, Android and Symbian browsers too as Opera Mobile)
Do I need to have Flash to use then plugin?: No, yous exercise not need Flash to use the plugin.
I get a SAFE Fashion restriction error when I try to upload a file. Is there an alternative?: Your domain has probably turned SAFE MODE ON and you lot take restrictions uploading and accessing files. WordPress File Upload includes an alternative mode to upload files, using FTP access. Simply add together the aspect accessmethod="ftp" inside the shortcode, together with FTP admission information in ftpinfo attribute.
Can I see the progress of the upload?: Yes, you can see the progress of the upload. During uploading a progress bar will appear showing progress info, however this functionality functions just in browsers supporting HTML5 upload progress bar.
Can I upload many files at the same time?: Yes, but non in the gratuitous version. If you want to allow multiple file uploads, delight consider the Professional version.
Where do files go afterwards upload?: Files by default are uploaded within wp-content directory of your WordPress website. To change information technology use attribute uploadpath.
Tin can I see and download the uploaded files?: Administrators can view all uploaded files together with associated field data from the plugin's Settings in Dashboard. The Professional version of the plugin allows users to view their uploaded files, either from the Dashboard, or from a page or postal service.
Are there filters to restrict uploaded content?: Yes, y'all can command allowed file size and file extensions by using the appropriate attribute (see Other Notes section).
Are there whatsoever upload file size limitations?: Aye, there are file size limitations imposed by the web server or the host. If you lot want to upload very large files, please consider the Professional version of the plugin, which surpasses size limitations.
Who can upload files?: Past default all users can upload files. You tin define which user roles are allowed to upload files. Even guests can exist allowed to upload files. If yous want to allow only specific users to upload files, then delight consider the Professional person version of the plugin.
What security is used for uploading files?: The plugin is designed not to expose website sensitive data. It has been tested by experts and verified that protects against CSRF and XSS attacks. All parameters passing from server to client side are encoded and sanitized. For higher protection, like employ of captcha, please consider the Professional version of the plugin.
What happens if connexion is lost during a file upload?: In the costless version the upload will fail. Nevertheless in the Pro version the upload will resume and will continue until the file is fully uploaded. This is particularly useful when uploading very large files.
The plugin does non look nice with my theme. What can I practice?: There is an pick in plugin's settings in Dashboard to relax the CSS rules, so that buttons and text boxes inherit the theme's styles. If additional styling is required, this can be washed using CSS. The Professional person version of the plugin allows CSS rules to be embed in the shortcode.

I've spent nigh month trying to go this to piece of work. It doesn't upload to the specified path. Support is very unresponsive. Requesting a total refund.

Dear plugin author, how on earth could yous hardcode the css into wfu_template.php? WHY? Inline css is a very bad practice. Apart from that, cheers for nice plugin.

Simply doesn't work. I add the shortcode to the page, then exam it. Click on the file upload button, cull the file I want to upload, then click 'Open'. Goes back to the principal page and goose egg at that place. It doesn't show the file I just chose. Can't upload. Waste of fourth dimension.

This plugin seems to exist exactly what I need. Haven't had the chance to use information technology that much yet but will likely consider getting the Professional person Version. It seems to not work with some plugins, for example Elementor, which is fine. Just create a split up page for uploading without such plugins.

It took a bit to wrap my caput effectually all of the configuration possibilities, just it's well worth the learning curve. In one case yous see everything it can do and how to practise it, I tin't imagine very many scenarios this plugin couldn't encompass. If in that location was whatsoever gripe at all, it would exist that the documentation is a flake scattered about. Accept your time to set up this upward properly and y'all'll exist happy you did. Five Stars!

Read all 107 reviews

"WordPress File Upload" is open source software. The post-obit people have contributed to this plugin.

Contributors

nickboss

4.16.3

improved sanitization and escaping of shortcode attributes to avoid XSS attacks
file blazon .svg moved to blacklist to avert XSS attacks coming from scripts inside SVG files
added security check to foreclose uploads within wp-content/plugin directory
improved handling of videoname and imagename file uploader shortcode attributes to avoid directory traversal attacks
improved /lib and /extensions loader to avert arbitrary code execution through injected prototype files
all wfu_blocks.php functions became redeclareable

4.16.two

minor issues fixes in Pro version

four.sixteen.1

corrected $_SESSION variable problem in maintenance purge function

4.16.0

visual editor edit push misalignment fixed
corrected repeat trouble when recording from webcam with sound

4.xv.0

COOKIEHASH bug corrected
credentials in FTP paths are stripped from the paths
corrected File Detais to File Details
regex "/(.)<\/style><script.?>(.)<\/script>(.)/s" changed to "/(.)<\/style>.?<script.?>(.)<\/script>(.*)/south" in functions.php
corrected notice: Undefined index: post in wfu_admin.php when the website has no posts

4.14.4

restored .po files in languages then that users can change translations

iv.fourteen.3

slight alter in wfu_get_filtered_recs to handle cases where b.date_from is cipher
lawmaking improvements to increase loading speed of plugin's file browser
added wfu_mime_content_type() function that uses several methods to get MIME type of a file

iv.14.2

code improved then that upload message colors correctly conform to shortcode color settings
slight modifications to upload bulletin colors while upload is in progress
plugin cookie names adjusted in case COOKIEHASH does not exist
corrected bug of the new plugin updater causing a alarm when there are plugins that exercise not accept their own subdirectory
closing tags removed from all PHP files to avoid "Headers already sent" errors
corrected bug where the uploads counter was showing to non-administrators
wfu_log_action and wfu_process_files functions became redeclarable
removed debug_log from wfu_process_files_queue
consent Aye/No question was added in translation
corrected locale of Greek translation

4.xiv.1

fix webcam play button bug
corrected issue with implode() part of minifier library actualization in websites having PHP > 7.4.2
wfu_admin.php modified to use wfu_ajaxurl() function

four.fourteen.0

minor fixes of bugs and code improvements.

4.13.i

file checking of uploaded files hardened to better handle xss attacks coming through uploaded image files.

four.13.0

corrected security vulnerability where remote lawmaking could exist executed using directory traversal method. Credits to p4w security skillful for identifying the vulnerability.
improved user check algorithm during upload, related to upload parameters assortment
corrected bug where Restricted Folio Loading was working simply for pages, all other post types were loading the plugin files as if there was no restriction

4.12.2

corrected problems where files could not be downloaded in some server environments when dboption user land handler was enabled

4.12.1

corrected bug where files could not be downloaded from Dashboard / Uploaded Files page

iv.12.0

corrected bug where export information file was not deleted later on download
corrected issues in FTP credentials configurator about double backslash (\) issue
added cookies user state handler that has been integrated with dboption as 'Cookies (DBOption)' to comply with WordPress directives not to use session
'Cookies (DBOption)' user state handler has been set equally the default one
added avant-garde option WFU_US_DBOPTION_BASE so that dboption can also work with session
added avant-garde option WFU_US_SESSION_LEGACY to use the old session functionality of the plugin, having session_start() in header
added auto-adjustment of user state handler to 'dboption' during activation (or update) of the plugin
bug "Error: [] cURL error 28" in WordPress Site Health disappears when setting user country handler to 'Cookies (DBOption)' or when WFU_US_SESSION_LEGACY advanced option is fake
added the ability to run PHP processes in queue, which is necessary for correctly handling uploads when user land handler is dboption

iv.eleven.2

added easier configuration of FTP Credentials (ftpinfo) attribute of the uploader shortcode

4.11.i

corrected issues in functions wfu_manage_mainmenu() and wfu_manage_mainmenu_editor() that were echoing and not returning the generated HTML
added fix for compatibility with Fast Velocity Minify plugin

4.11.0

code improved and then that shortcode composer tin can be used past all users who can edit pages (and not only the admins)
added environment variable 'Show Shortcode Composer to Not-Admins' to control whether not-admin users tin can edit the shortcodes
added filtering of get_users() part in gild to handle websites with many users more than efficiently
added notification in shortcode composer if user leaves folio without saving
corrected problems where restricted frontend loading of the plugin was not working for websites installed in localhost due to wrong adding of request uri

four.10.3

added the ability to move one or more files to another folder through the File Browser characteristic in Dashboard surface area of the plugin
improved responsiveness of shortcode composer and Principal Dashboard page of the plugin
bug fix in wfu_revert_log_action

iv.10.2

added wordpress_file_upload_preload_check() function in principal plugin file to avoid conflicts of variable names with WordPress
updated webcam code to address createObjectURL Javascript mistake that prevents webcam characteristic to piece of work in latest versions of browsers

4.10.1

lawmaking modified and then that vendor libraries are loaded only when necessary
improved process of deleting all plugin options
added honeypot field to userdata fields; this is a security feature, in replacement of captchas, invisible to users that prevents bots from uploading files
added attribute 'Consent Denial Rejects Upload' in uploader shortcode Personal Data tab to stop the upload if the consent respond is no, as well equally 'Decline Message' attribute to customize the upload rejection bulletin shown to the user
added aspect 'Practise Non Think Consent Answer' in uploader shortcode Personal Data tab to show the consent question every time (and not but the offset fourth dimension)
attribute 'Preselected Answer' in uploader shortcode Personal Information tab modified to be compatible with either checkbox or radio Consent Format
upload result bulletin adjusted to prove the correct upload status in case that files were uploaded but were non saved due to Personal Data policy
code improved for sftp uploads to handle PECL ssh2 issues #73597

4.x.0

plugin code improved to support files containing unmarried quote characters (') in their filename
corrected bug where plugin was deactivated after update

iv.9.ane

added Maintenance action 'Purge All Data' that entirely erases the plugin from the website and deactivates it
added advanced selection 'Hibernate Invalid Uploaded Files' then that Uploaded Files page in Dashboard tin can show only valid uploads
added advanced selection 'Restrict Front end-Terminate Loading' to load the plugin only on specific pages or posts in order to reduce unnecessary workload on pages not containing the plugin
code improved for better operation of the plugin when the website works behind a proxy
added option in Make clean Log to erase the files together with plugin data

4.ix.0

code farther improved to reduce "Iptanus Server unreachable…" errors
checked Weglot Interpret compatibility; /wp-admin/admin-ajax.php needs to exist added to Exclusion URL listing of Weglot configuration so that uploads can work
several significant additions in the Pro version, including Microsoft OneDrive integration

iv.8.0

added detail in Admin Bar that displays number of new uploads and redirects to Uploaded Files Dashboard folio
code improved in Uploaded Files Dashboard page so that download action direct downloads the file, instead of redirecting to File Browser
added Advanced pick 'WFU_UPLOADEDFILES_COLUMNS' that controls the order and visibility of Uploaded Files Dashboard page columns
added Advanced option 'WFU_UPLOADEDFILES_ACTIONS' that controls the order and visibility of Uploaded Files Dashboard folio file actions
added several filters in Uploaded Files Dashboard page to brand it more customizable
PHP function redeclaration system significantly improved to support arguments by reference, execution after the original role and redeclaration of variables
code improved to reduce "Iptanus Server unreachable…" errors (better performance of verify_peer http context property)
added a link in Iptanus Unreachable Server error message to an Iptanus commodity describing how to resolve it

4.7.0

added Uploaded Files top-level Dashboard carte item, showing all the uploaded files and highlighting the new ones
added Portuguese translation from Rui Alao
checked and verified compatibility with Gutenberg
plugin initialization actions moved to plugins_loaded filter
fixed bug immigration userdata fields when Select File is pressed
File Browser and View Log tables modified to go more responsive specially for small screens

four.half-dozen.2

corrected consent_status warning when updating user profile and Personal Data is off
user fields lawmaking improved for amend data autofill behaviour

iv.6.1

added uploader shortcode attribute 'resetmode' to control whether the upload grade will be reset later on an upload
added pagination in File Browser tab in Dashboard area of the plugin

4.vi.0

corrected slash (/) parse Javascript mistake near 'fakepath' appearring on some situations
added nonces in Maintenance Actions to increase security
improved code in View Log then that no links announced to invalid files
improved code in View Log so that when the admin opens a file link to view file details, 'go back' push button will atomic number 82 back to the View Log page and non to File Browser
improved code in 'Clean Log' button in Maintenance Actions in Dashboard area of the plugin, so that the admin can select the period of clean-up

4.five.ane

lawmaking improved in wfu_js_decode_obj function for improve compatibility with Safari browser
code improved to sanitize all shortcode attributes before uploader form or file viewer is rendered
removed external references to code.jquery.com and cdnjs.cloudflare.com for better compliance with GDPR

4.5.0

added basic compliance with GDPR
added several shortcode attributes to configure personal information consent appearance and behaviour
added area in User Profile from where users tin review and modify their consent condition
added Personal Information choice in Settings that enables personal data operations
added Personal Data tab in plugin'southward area in Dashboard from where administrators tin can consign and erase users' personal data
corrected problems non accepting subfolder dimensions when subfolder element was agile

4.4.0

added alternative user country handler using DB Options tabular array in order to overcome problems with session variables appearing on many web servers

4.iii.iv

all Settings sanitized correctly to prevent XSS attacks – credits to ManhNho for mentioning this problem

four.3.three

all shortcode attributes sanitized correctly to close a serious security hole – credits to ManhNho for mentioning this problem

4.3.2

fixed bug in wfu_before_upload and wfu_after_upload filters that was breaking JS scripts if they contained a endmost subclass ']' symbol

four.3.1

added placeholder pick in available characterization positions of additional fields; characterization will be the placeholder attribute of the field

4.3.0

fixed bug where ftp credentials did not work when username or password contained (:) or (@) symbols
RegExp gear up for wfu_js_decode_obj function for improved compatibility with caching plugins
corrected WFU_Original_Template::get_instance() method because it always returned the original class
View Log page improved so that displayed additional user fields of an uploaded file are not cropped

4.2.0

inverse logic of file sanitizer; dots in filename are by default converted to dashes, in order to avoid upload failures caused when the plugin detects double extensions
corrected bug where a Javascript error was generated when askforsubfolders was disabled and showtargetfolder was agile
added css and js minifier in inline lawmaking
plugin modified so that the shortcodes return correctly either Javascript loads early (in header) or late (in footer)
plugin modified so that Media record is deleted when the associated uploaded file is deleted from plugin's database
corrected bug where some plugin images were not loaded while Relax CSS pick was inactive

4.1.0

changed logic of file sanitizer; dots in filename are by default converted to dashes, in order to avert upload failures acquired when the plugin detects double extensions
added advanced pick WFU_SANITIZE_FILENAME_DOTS that determines whether file sanitizer will sanitize dots or non
timepicker script and style replaced by most recent version
timepicker script and style files removed from plugin and loaded from cdn
json2 script removed from plugin and loaded from WordPress registered script
JQuery UI style updated to latest 1.12.i minified version
added wfu_before_admin_scripts filter earlier loading admin scripts and styles in order to control incompatibilities
removed getElementsByClassName-ane.0.ane.js file from plugin, getElementsByClassName function was replaced by DOM querySelectorAll
corrected bug showing alert "Notice: Undefined variable: page_hook_suffix…" when a non-admin user opened Dashboard
corrected fatal error "func_get_args(): Can't be used every bit a function parameter" appearing in websites with PHP lower than 5.3
added _wfu_file_upload_hide_output filter that runs when plugin should non be shown (e.k. for users not inluded in uploadroles), in club to output custom HTML
corrected bug where email fields were e'er validated, fifty-fifty if validate option was not activated
corrected problems where number fields did not allow invalid characters, even if typehook pick was non activated
corrected problems where email fields were not allowed to be ampty when validate option was activated
corrected fault T_PAAMAYIM_NEKUDOTAYIM appearing when PHP version is lower than 5.3
corrected problems with random upload fails acquired when params_index corresponds to more than than one params

4.0.1

translation of the plugin in Persian, kindly provided past Shahriyar Modami http://chabokgroup.com
corrected problems where notification electronic mail was non sending atachments
corrected issues not cleaning log in Maintenance Actions

4.0.0

huge renovation of the plugin, the UI code has been rewritten to render based on templates
code modified so that it can correctly handle sites where content dir is explicitly defined
corrected bug in Dashboard file editor so that information technology tin work when the website is installed in a subdirectory
corrected warnings showing when editing a file that was included in the plugin's database
added filter in get_posts so that it does not crusade problems when in that location are too many pages/posts
bug fixes so that forcefilename works better and does not strip spaces in the filename
code improved to protect from hackers trying to apply the plugin as email spammer
added advanced variable Strength Email Notifications so that email can be sent fifty-fifty if no file was uploaded
corrected problems not showing sanitized filanames correctly in e-mail
corrected issues so that dates bear witness-upwardly in local time and not in UTC in Log Viewer, File Browser and File Editor
fixed issues showing "Alert: Missing statement 2 for wpdb::prepare()" when cleaning upward the log in Maintenance Actions
corrected bug where when configuring subfolders with visual editor the subfolder dialog showed unknown fault
corrected issues where the Select File push was non locked during upload in instance of classical HTML (no-ajax) uploads
added abolish push button functionality for classic no-ajax uploads
added support for Secure FTP (sftp) using SSH2 library
successmessagecolor and waitmessagecolors attributes are subconscious every bit they are no longer used

3.11.0

added the ability to submit the upload course without a file, only like a contact form
added attribute allownofile in uploader shortcode; if enabled and so the upload form tin exist submitted without option of a file
added wfu_before_data_submit and wfu_after_data_submit filters which are invoked when the upload form is submitted without a file
added avant-garde debug options for more comprehensive and deep troubleshooting
added internal filters for avant-garde hooking of ajax handlers
fixed several security problems
stock-still bug that was generating an error when automatic subfolders were activated and the upload folder did not exist
corrected issues where single quote, double quote and backslash characters in user fields were not saved correctly (they were escaped)
fixed issues where any changes made to the user information (due east.g. through a filter) were non included in the electronic mail message
added unique_id variable in wfu_before_file_check and wfu_after_file_upload filters
inverse column titles in the tables of plugin instances in Principal tab in Dashboard
fixed issues where if a user field was modified from the file editor, custom columns were changing society

3.10.0

an alternative Iptanus server is launched in Google Deject for resolving the notorious fault "file_get_contents(https://services2.iptanus.com/wp-admin/admin-ajax.php): failed to open stream: Connection timed out."
added option 'Apply Culling Iptanus Server' in Settings to switch to the alternative Iptanus Server
added avant-garde option 'Alternative Iptanus Server' that points to an alternative Iptanus Server
added advanced option 'Culling Iptanus Version Server' that points to the alternative Iptanus Server URL returning the latest plugin version
an fault is shown in the Main page of the plugin in Dashboard if Iptanus Server is unreachable
a alarm is shown in the Main page of the plugin in Dashboard if an alternative insecure (http) Iptanus Server is used
alternative fix of error accessing https://services2.iptanus.com for coil (past disabling CURLOPT_SSL_VERIFYHOST) and for sockets by employing a meliorate parser of socket response
added Swedish translation, kindly provided by Leif Persson
improved ftp functionality so that ftp folders can exist created recursively

3.nine.6

added internal filter _wfu_file_upload_output before echoing uploader shortcode html
added power to modify the order of additional user fields in shortcode visual editor

iii.9.five

added environs variable 'Upload Progress Mode' that defines how upload progress is calculated
improved progress bar adding
small-scale bug fixes in AJAX functions mentioned by Hanneke Hoogstrate http://world wide web.blagoworks.nl/

iii.ix.four

added pick to enable admin to change the upload user of a file
code improvements and problems fixes related to file download feature
code improvements related to make clean database function
added Italian translation

3.9.three

added option to allow loading of plugin's styles and scripts on the front-cease only for specific posts/pages through wfu_before_frontpage_scripts filter
stock-still issues where when uploading big files with identical filenames and 'maintain both' option, not all would exist saved separately
two advanced variables were added to allow the admin change the export function separators

3.9.two

added environs variable to enable or disable version check, due to admission bug of some users to Iptanus Services server
added timeout pick to wfu_post_request function
added Spanish translation, kindly provided by Marton

three.nine.one

temporary fix to address upshot with plugin'southward Main page in Dashboard not loading, by disabling plugin version check
correct Safari problem with extra spaces in success bulletin coming from force_close_connection
correct bug where when extension has majuscule messages information technology is rejected

three.9.0

a large number of extensions have been blacklisted for preventing upload of potentially dangerous files
the plugin will non permit inclusion, renaming or downloading of files with blacklisted extensions based on the new list
if no upload extensions are defined or the uploadpattern is as well generic, then the plugin will allow only specific extensions based on a white list of extensions; if the administrator wants to include more than extensions he/she must declare them explicitely
the employ of the wildcard asterisk symbol has go stricter, asterisk will lucifer all characters except the dot (.), then the default . pattern volition allow simply i extension in the filename (and not more every bit happened then far).
added environment variable 'Wildcard Asterisk Mode' for defining the mode of the wildcard asterisk symbol. If information technology is 'strict' (default) and then the asterisk volition not friction match dot (.) symbol. If it is 'loose' and then the asterisk will friction match any characters (including dot).
slight bug fixes and so that wildcard syntax works correctly with square brackets
added maximum number of uploads per specific interval in social club to avoid DDOS attacks
added environment variables related to Denial-Of-Service attacks in guild to configure the behaviour of the DOS attack checker
issues ready of wfu_before_file_upload filter that was not working correctly with files larger than 1MB

3.8.5

added bulk actions feature in File Browser in Dashboard for admins
added delete and include bulk deportment in File Browser
comeback of column sort functionality of File Browser
added surroundings variable 'Utilise Alternative Randomizer' in order to brand cord randomizer function work for fast browsers
uploadedbyuser and userid fields became int to cope with big user ID numbers on some WordPress environments

3.8.4

dublicatespolicy aspect replaced past grammaticaly right duplicatespolicy, however astern compatibility with the old attribute is maintained

3.8.iii

stock-still problems of subdirectory selector that was not initializing correctly after upload
fixed slight widget incompatibility with customiser
fixed bug of drag-n-drop characteristic that was non working when singlebutton functioning was activated

3.8.2

stock-still bug in wfu_after_file_loaded filter that was not working and was overriden by obsolete wfu_after_file_completed filter
added option in plugin's Settings in Dashboard to include additional files in plugin's database
added feature in Dashboard File Browser for admins to include additional files in plugin's database

3.viii.1

stock-still issues with duplicate userdata IDs in HTML when using more than than one userdata occurrences

3.eight.0

added webcam option that enables webcam capture functionality
added webcammode atribute to define capture way (screenshots, video or both)
added audiocapture attribute to define if audio will exist captured together with video
added videowidth, videoheight, videoaspectratio and videoframerate attributes to constrain video dimensions and frame rate
added camerafacing attribute to define the photographic camera source (front or back)
added maxrecordtime attribute to define the maximum tape time of video
added uploadmediabutton, videoname and imagename attributes to define custom webcam-related labels
fixed bug that strips non-latin characters from filename when downloading files

3.vii.3

improved filename sanitization role
added Chinese translation by Yingjun Li

3.seven.2

added option to abolish upload
setting added so that upload does not neglect when site_url and home_url are unlike
added attribute requiredlabel in uploader's shortcode that defines the required keyword
required keyword can at present be styled separately from the user field characterization
add user fields in Media together with file
setting added so that userdata fields are shown in Media Library or not
added Dutch translation by Ruben Heynderycx

3.7.ane

internal code modifications and slight problems corrections

three.7.0

pregnant code modifications to make the plugin pluggable, invisible to users
improver of earlier and after upload filters
correction of small bug in Shortcode Composer of File Viewer

3.6.1

Iptanus Services server for getting version info and other utilities is now secure (https)
fixed bug with wfu_path_abs2rel function when ABSPATH is just a slash
boosted fixes and new features in Professional version

3.6.0

French translation improved
correction of minor bug at wfu_functions.php
code improvements in upload algorithm
wp_check_filetype_and_ext check moved after completion of file
added wfu_after_file_complete filter that runs right later is fully uploaded
improved appearance of plugin'southward area in Dashboard

3.five.0

textdomain changed to wp-file-upload to support the translation feature of wordpress.org
added option in Maintenance Actions of plugin'south area in Dashboard to export uploaded file data
added pagination of non-admin logged user's Uploaded Files Browser
added pagination of front-terminate File Listing Viewer
added pagination of user permissions tabular array in plugin'due south Settings
added pagination of Log Viewer
corrected bug in View Log that was not working when pressing on the link
improvements to View Log feature
improvements to file download function to avoid corruption of downloaded file due to set_time_limit office that may generate warnings
added wfu_before_frontpage_scripts filter that executes right before frontpage scripts and styles are loaded
added functionality to avert incompatibilities with NextGen Gallery plugin

three.iv.1

plugin'due south security improved to reject files that comprise .php.js or similar extensions

3.4.0

added fitmode attribute to make the plugin responsive
added widget "WordPress File Upload Grade", so that the uploader can be installed in a sidebar
changes to Shortcode Composer so that it can edit plugin instances existing in sidebars as widgets
changes to Uploader Instances in plugin's area in Dashboard to show also instances existing inside sidebars
added the ability to define dimensions (width and height) for the whole plugin
dimensioning of plugin's elements improved when fitmode is set to "responsive"
filter and non-object warnings of front end-stop file browser, actualization when DEBUG mode is ON, removed
problems fixed to front-finish file browser to hide Shortcode Composer button for non-admin users
logic changed to front-end file browser to allow users to download files uploaded by other users
code changed to forepart-end file browser to show a bulletin when a user attempts to delete a file that was not uploaded past him/her

3.three.one

bug corrected that was breaking plugin operation for php versions prior to 5.3
added a "Maintenance Actions" section in plugin's Dashboard page
added selection in plugin's "Maintenance Deportment" to completely clean the database log

3.3.0

userdatalabel attribute changed to let many field types
added the following user data field types: unproblematic text, multiline text, number, email, confirmation electronic mail, password, confirmation countersign, checkbox, radiobutton, date, time, datetime, listbox and dropdown list
added several options to configure the new user data fields: label text (to define the characterization of the field), label position (to define the position of the label in relation to the field), required choice (to define if the field needs to be filled before file upload), practise-non-autocomplete option (to forestall the browsers for completing the field automatically), validate option (to perform validity checks of the field earlier file upload depending on its blazon), default text (to ascertain a default value), group id (to grouping fields together such equally multiple radio buttons), format text (to define field formatting depending on the field blazon), typehook option (to enable field validation during typing inside the field), hint position (to define the position of the message that volition exist shown to prompt the user that a required field is empty or is not validated) as well as an choice to define boosted information depending on the field blazon (east.g. define listing of items of a listbox or dropdown list)
Shortcode Composer changed to support the new user information fields and options
placement attribute tin accept more 1 instances of userdata
fixed bug not showing date selector of date fields in Shortcode Composer when working with Firefox or IE browsers
in some cases required userdata input field will turn red if not populated
shortcode_exists and wp_slash fixes for working before 3.vi WordPress version
minor bug fixes

3.2.1

removed 'form-field' class from admin table tr elements
corrected bug that was causing problems in uploadrole and uploaduser attributes when a username or role contained upper-case letter letters
uploadrole and uploaduser attributes logic modified; guests are allowed just if 'guests' word is included in the attribute
modifications to the download functionality script to be more robust
corrected problems that was not showing options below a line item of admin tables in Internet Explorer
several feature additions and problems fixes in Professional person version

3.2.0

added choice in plugin'southward settings to relax CSS rules so that plugin inherits theme styling
modifications in html and css of editable subfolders feature to wait better
modifications in html and css of prompt message when a required userdata field is empty
PLUGINDIR was replaced past WP_PLUGIN_DIR so that the plugin can piece of work for websites where the contents dir is other than wp-content
stock-still bug that was not allowing Shortcode Composer to launch when the shortcode was too large
fixed issues that was causing front-end file list not to work properly when no instance of the plugin existed in the same folio / mail service

3.one.2

of import bug detected and fixed that was stripping slashes from post or page content when updating the shortcode using the shortcode composer

3.one.one

the previous version broke the easy creation of shortcodes through the plugin's settings in Dashboard and information technology has been corrected, together with some improvements

3.i.0

an of import feature (front end-end file browser) has been added in professional version iii.i.0
added port number support for uploads using ftp mode
corrected problems that was non showing correctly in file browser files that were uploaded using ftp mode
eliminated confirmbox warning showing in page when website'due south DEBUG mode is ON
eliminated warning: "Invalid statement supplied for foreach() in …plugins/wordpress-file-upload-pro/lib/wfu_admin.php on line 384"
eliminated warning: "Detect: Undefined index: postmethod in /var/www/wordpress/wp-content/plugins/wordpress-file-upload-pro/lib/wfu_functions.php on line 1348"
eliminated warnings in plugin's settings in Dashboard

3.0.0

major version number has advanced because an important feature has been added in Pro version (logged users can browse their uploaded files through their Dashboard)
several lawmaking modifications in file browser to make the plugin more secure confronting hacking, some functionalities in file browser have slightly changed
new file browser cannot edit files that were not uploaded with the plugin and it cannot edit or create folders
upload path cannot be exterior the wordpress installation root
files with extension php, js, pht, php3, php4, php5, phtml, htm, html and htaccess are forbidden for security reasons

ii.7.6

added functionality in Dashboard to add the plugin to a page automatically
fixed issues that was not showing the Shortcode Composer considering the plugin could non find the plugin case when the shortcode was nested in other shortcodes

2.7.five

added German and Greek translation

2.7.four

added Serbian translation thanks to Andrijana Nikolic from http://webhostinggeeks.com/
problems fix with %blogid%, %pageid% and %pagetitle% that where non implemented in notification emails
in single button operation selected files are removed in instance that a subfolder has not been previously selected or a required user field has not been populated
issues fixed in single file operation that immune selection of multiple files through drag-and-drib
bug fixed with files over 1MB that got corrupted when maintaining files with same filename
dummy (exam) Shortcode Composer button removed from the plugin's Settings equally it is no longer useful
added support for empty (zippo size) files
many lawmaking optimizations and security enhancements
fixed javascript errors in IE8 that were breaking upload performance
code improvements to avoid display of session warnings
added %username% in redirect link
added pick in plugin'due south Settings in Dashboard to select alternative POST Upload method, in guild to resolve errors like "http:// wrapper is disabled in the server configuration past allow_url_fopen" or "Call to undefined function curl_init()"
added filter action wfu_after_upload, where the admin can ascertain additional javascript code to exist executed on user's browser after each file is finished

two.7.iii

important bug fix in Pro version
added wfu_before_email_notification filter
corrected bug not showing correctly special characters (double quotes and braces) in email notifications

2.7.2

important issues ready in Pro version, very slight changes in costless version

two.7.1

fixed bug with faulty plugin instances appearing when Woocommerce plugin is also installed
Upload of javascript (.js) files is not immune for avoiding security issues
fixed bug with medialink and postlink attributes that were not working correctly
when medialink or postlink is activated, the files will be uploaded to the upload folder of WP website
when medialink or postlink is activated, subfolders will be deactivated
added choice in subfolders to enable the list to populate automatically
added option in subfolders the user to exist able to blazon the subfolder
wfu_before_file_check filter tin can modify the target path (non simply the file name)

2.7.0

corrected problems when deleting plugin instance from the Dashboard
corrected problems not finding "loading_icon.gif"

two.vi.0

full redesign of the upload algorithm to become more robust
added improved server-side treatment of large files
plugin shortcodes can exist edited using the Shortcode Composer
added visual editor button on the plugin to enable administrators to modify the plugin settings easily
corrected bug causing sometimes database overloads
slight improvements of subfolder option
improvements to avoid lawmaking breaking in ajax calls when there are php warnings or echo from WordPress environment or other plugins
improvements and bug fixes in uploader when classic (no AJAX) upload is selected
eliminated php warnings in shortcode composer
corrected bug that was not correctly downloading files from the plugin'due south File Browser
added better security when downloading files from the plugin's File Browser
fixed bug not correctly showing the user that uploaded a file in the plugin'southward File Browser
apply of coil to perform server http requests was replaced by native php considering some spider web servers do not take Ringlet installed
corrected bug in shortcode composer where userdata fields were non shown in variables drib down
added feature that prevents page endmost if an upload is on progress
added forcefilename aspect to avoid filename sanitization
added ftppassivemode attribute for enabling FTP passive mode when FTP method is used for uploading
added ftpfilepermissions attribute for defining the permissions of the uploaded file, when using FTP method
javascript and css files are minified for faster loading

two.v.5

fixed serious bug not uploading files when captcha is enabled
fixed bug not redirecting files when email notification is enabled

2.5.4

mitigated result with "Session failed" errors actualization randomly in websites
fixed issues not applying %filename% variable inside redirect link
stock-still bug not applying new filename, which has been modified with wfu_before_file_upload filter, in email notifications and redirects
fixed issues where when two big files were uploaded at the same time and one failed due to failed chunk, then the progress bar would not go to 100% and the file would non be shown as cancelled

2.v.3

stock-still issues not allowing redirection to work
stock-still issues that was including failed files in electronic mail notifications on sure occasions
default value for uploadrole changed to "all"

2.5.2

fixed of import bug in free version not correctly showing message subsequently failed upload

2.5.1

fixed important bug in free version giving the same proper name to all uploaded files
fixed bug in free version non clearing completely the plugin cache from previous file upload

2.5.0

major redesign of upload algorithm to address upload problems with Safari for Mac and Firefox
files are first checked by server before actually uploaded, in social club to avert uploading of large files that are invalid
modifications to progress bar code to make progress bar smoother
restrict upload of .php files for security reasons
fixed bug not showing correctly userdata fields inside electronic mail notifications when using ampersand or other special characters in userdata fields

2.iv.vi

variables %blogid%, %pageid% and %pagetitle% added in email notifications and bailiwick and %dq% in subject field
corrected bug that was breaking Shortcode Composer when using more than than ten attributes
corrected issues that was rejecting file uploads when uploadpattern attribute contained blank spaces
several lawmaking corrections in order to eliminate PHP warning messages when DEBUG manner is on
several code corrections in order to eliminate warning messages in Javascript

2.four.5

correction of bug when using userfields inside notifyrecipients

2.4.4

intermediate update to make the plugin more immune to hackers

2.4.three

correction of bug to allow uploadpath to receive userdata as parameter

2.4.ii

intermediate update to address some vulnerability problems

2.four.1

added filters and deportment before and after each file upload – check below Filters/Actions section for instructions how to apply them
added storage of file info, including user information, in database
added logging of file deportment in database – admins tin can view the log from the Dashboard
admins can automatically update the database to reverberate the current condition of files from the Dashboard
file browser improvements so that more than information about each file (including any user data) are shown
file browser improvements so that files can be downloaded
filelist improvements to display correctly long filenames (Pro version)
filelist improvements to distinguish successful uploads from failed uploads (Pro version)
improvements of chunked uploads and then that files that are not allowed to exist uploaded are cancelled faster (Pro version)
corrected wrong bank check of file size limit for chunked files (Pro version)
added postlink attribute so that uploaded files are linked to the current page (or postal service) as attachments
added subfolderlabel attribute to ascertain the label of the subfolder pick feature
several improvements to subfolder option feature
default value added to subfolder pick characteristic
definition of the subfoldertree attribute in the Shortcode Composer is now washed visually
%userid% variable added inside uploadpath attribute
userdata variables added inside uploadpath and notifyrecipients attributes
uploadfolder_label added to dimension items
user fields feature improvements
user fields label and input box dimensions are customizable
captcha prompt label dimensions are customizable (Pro version)
added gallery attribute to allow the uploaded files to be shown as image gallery beneath the plugin (Pro version)
added galleryoptions attribute to define options of the image gallery (Pro version)
added css attribute and a delicate css editor inside Shortcode Composer to permit better styling of the plugin using custom css (Pro version)
email feature improved in conjunction with redirection
improved interoperability with WP-Filebase plugin
improved functionality of gratuitous text attributes (like notifymessage or css) past allowing double-quotes and brackets within the text (using special variables), that were previously breaking the plugin

2.3.1

added choice to restore default value for each aspect in Shortcode Composer
added support for multilingual characters
correction of bug in Shortcode Composer that was non allowing attributes with singular and plural grade to exist saved
correction of bug that was not changing errormessage attribute in some cases

ii.2.3

correction of bug that was freezing the Shortcode Composer in some cases
correction of bug with successmessage attribute

2.2.2

serious issues fixed that was breaking operation of Shortcode Composer and File Browser when the WordPress website is in a subdirectory

2.2.one

added file browser in Dashboard for admins
added attribute medialink to let uploaded files to be shown in Media
serious problems fixed that was breaking the plugin because of preg_replace_callback function
corrected error in first attempt to upload file when captcha is enabled

2.1.3

variables %pagetitle% and %pageid% added in uploadpath.
issues fixes when working with IE8.
Shortcode Composer saves selected options
Easier treatment of userdata variables in Shortcode Composer
correction of bug that immune debugdata to be shown in non-admin users
reset.css removed from plugin as information technology was causing breaks in theme'southward css
correction of problems with WPFilebase Director plugin

ii.ane.2

Several bug fixes and code reconstruction.
Code modifications and so that the plugin tin can operate even when DEBUG way is ON.
New attribute debugmode added to permit better debugging of the plugin when there are errors.

2.one.i

Bug fixes with broken images when WordPress website is in a subdirectory.
Replacement of glob office considering is not allowed by some servers.

2.0.2

Bug fixes in Dashboard Settings Shortcode Composer.
Correction of of import issues that was breaking folio in some cases.
Minor improvements of user data fields and notification email attributes.

2.0.1

This is the initial release of WordPress File Upload. Since this plugin is the successor of Inline Upload, the whole changelog since the creation of the later on is included.

Proper name of the plugin changed to WordPress File Upload.
Plugin has been completely restructured to allow boosted features.
A new more advanced message box has been included showing data in a more than structured way.
Error detection and reporting has been improved.
An assistants folio has been created in the Dashboard Settings, containing a Shortcode Composer.
Some more options related to configuration of message showing upload results have been added.
Several bug fixes.

1.7.xiv

Userdata aspect inverse to allow the creation of more fields and required ones.
Spanish translation added thanks to Maria Ramos of WebHostingHub.

ane.7.thirteen

Added notifyheaders aspect, in order to allow improve control of notification email sent (due east.yard. allow to send HTML electronic mail).

1.7.12

Added userdata attribute, in social club to allow users to transport additional text data along with the uploaded file.

1.7.11

Added single button functioning (file will be automatically uploaded when selected without pressing Upload Push button).

1.seven.10

Stock-still bug with functionality of attribute filebaselink for new versions of WP-Filebase plugin.

1.7.9

Stock-still trouble with functionality of attribute filebaselink for new versions of WP-Filebase plugin.

1.7.8

More than one roles can at present be divers in attribute uploadrole, separated past comma (,).

1.7.7

Variable %filename% at present works also in redirectlink.

1.seven.6

Changes in ftp functionality, added useftpdomain attribute and then that it can work with external ftp domains as well.
Improvement of classic upload (used in IE or when setting forceclassic to true) messaging functionality.
Minor bug fixes.

1.vii.5

Source modified so that information technology tin work with WordPress sites that are not installed in root.
Added variable %blogid% for utilize with multi-site installations.
Bug fixes related to showing of messages.

ane.7.iv

Replacement of json2.js with some other version.

one.7.iii

CSS way changes to resolve conflicts with various theme CSS styles.

one.7.2

Added variable %useremail% used in notifyrecipients, notifysubject and notifymessage attributes.

i.seven.1

Added capability to upload files outside wp-content folder.
Improved error reporting.

ane.7

Complete restructuring of plugin HTML code, in order to make it more than configurable and customizable.
Appearance of messages has been improved.
Added choice to put the plugin in testmode.
Added selection to configure the colors of success and neglect messages.
Added pick to alter the dimensions of the individual objects of the plugin.
Added option to change the placement of the individual objects of the plugin.
Improved error reporting.
Added localization for error messages.
Small bug fixes.

ane.vi.3

Problems fixes to right incompatibilities of the new ajax functionality when uploadrole is set to "all".

1.6.2

Bug fixes to right incompatibilities of the new ajax functionality with redirectlink, filebaselink and adminmessages.

i.half-dozen.ane

Correction of serious problems that prevented the normal operation of the plugin when the browser of the user supports HTML5 functionality.
Tags added to the plugin WordPress page.

one.vi

Major lifting of the whole code.
Added ajax functionality so that file is uploaded without page reload (works in browsers supporting HTML5).
Added upload progress bar (works in browsers supporting HTML5).
Added choice to allow user to select if wants to use the old form upload functionality.
File will not be saved once more if user presses the Refresh button (or F5) of the page.
Translation strings updated.
Issues fixes for problems when at that place are more than one instances of the plugin in a single folio.

one.5

Added option to notify user about upload directory.
Added selection to let user to select a subfolder to upload the file.

1.4.1

css corrections for bug fixes.

one.4

Added choice to attach uploaded file to notification e-mail.
Added option to customize message on successful upload (variables %filename% and %filepath% tin be used).
Added option to customize color of bulletin on successful upload.
"C:\fakepath\" problem resolved.
warning message most function create_directory() resolved.
css enhancements for compatibility with more themes.

ane.3

Additional variables added (%filename% and %filepath%).
All variables can be used inside bulletin subject and message text.
Added choice to decide how to treat duplicates (overwrite existing file, go out existing file, exit both).
Added choice to decide how to rename the uploaded file, when another file already exists in the target directory.
Added choice to create directories and upload files using ftp access, in order to overcome file owner and Safe Mode restrictions.
Added the capability to redirect to another web page when a file is uploaded successfully.
Added the option to show to administrators additional messages nearly upload errors.
Bug fixes related to interoperability with WP_Filebase

1.2

Added notification by email when a file is uploaded.
Added the ability to upload to a variable folder, based on the name of the user currently logged in.

1.1

Added the option to let anyone to upload files, by setting the attribute uploadrole to "all".

1.0

Initial version.

wasingerclany1963.blogspot.com

Source: https://wordpress.org/plugins/wp-file-upload/