Support for 3’rd Party Plugin

Hi @countrypark,

If the plugin (correctly) uses the wp_check_filetype_and_ext method to verify whether or not an uploaded file should be permanently saved to disk, it will benefit from the changes introduced by LotF, but if it doesn’t, it won’t.

If you let me know which plugin you’re using, I’d be happy to take a look and let you know.

Hi, thanks for the info. I will check with the developers as it’s a premium codecanyon plugin.

Hi, if wp_check_filetype_and_ext function is used, what additional security does the plugin provide?

Hi @countrypark,

WordPress uses the wp_check_filetype_and_ext function to check whether or not an uploaded file is of a type that is allowed to be uploaded to a given site, by a given user.

But the way it is written, it doesn’t work consistently from site-to-site, server-to-server, and tends to reject files that should be allowed, or allow files that should be rejected.

Lord of the Files helps translate the file types detected by PHP into the values WordPress expects, so WordPress can then take the correct action.

In other words, it makes the wp_check_filetype_and_ext function do what WordPress intends it to do. Haha.

Thanks for the clarification, so basically the plugin is made for cases when someone notices he has file upload issues?

Hi @countrypark,

The flip side — WordPress accidentally allowing files it shouldn’t — can be important too, particularly when a site has multiple users of varying technical proficiency.

But otherwise I would recommend deferring to the Golden Rule: don’t install plugins you don’t need to. ??

Unauthenticated file uploads (via a public contact form, etc.) always pose a security risk, but going back to your original question, LotF may not actually be able to help there if the code handling such uploads doesn’t do things the WordPress way.

Thanks for the clarification!