Thank you for your plugin and work invested.
I was wondering if you may have any idea why these errors below may arise after updating a page? We disabled Contact Form 7 but still received the errors. Would knowing other plugins installed help? We have not upgraded to WordPress 4.2 yet.
Notice: Undefined property: stdClass::$wpcf7_contact_form_uploaders in web/content/site/wp-content/plugins/sb-uploader/sb_uploader.php on line 666
Notice: Undefined property: stdClass::$misc_uploaders in web/content/site/wp-content/plugins/sb-uploader/sb_uploader.php on line 666
Notice: Undefined property: stdClass::$notes_uploaders in web/content/site/wp-content/plugins/sb-uploader/sb_uploader.php on line 666
Warning: Cannot modify header information – headers already sent by (output started at web/content/site/wp-content/plugins/sb-uploader/sb_uploader.php:666) in web/content/site/wp-admin/post.php on line 233
Warning: Cannot modify header information – headers already sent by (output started at web/content/site/wp-content/plugins/sb-uploader/sb_uploader.php:666) in web/content/site/wp-includes/pluggable.php on line 1178
]]>Thanks for a brilliant plugin!
I’ve been recommended to use it for my client’s website in order to add more images to the Location pages of my Events Manager plugin set up. It works really well in the back end of the website, but I also need to add this function so the site’s users can upload their own images from the front end of the website. Is there a way I can do this?
I would really appreciate your help or I may have to look around for another plugin with front end compatibility, which I would prefer not to do as it works so well in the WP backend page editor!
]]>With the comment made on screenshots I am forced to install this before I really know what I am getting. What are my users going to see? I can’t just blast another install from a plug on my server as i’m running a professional website on it. Too bad man.
]]>Hi Sean.
Let me say first of all thank you so much creating this great plugin. I have been working on a complex site for the last six months and this is literally the last piece of the jigsaw – I actually let out a small yelp of joy when I found it!
The one problem I have encountered is that when I add an image to the field all is well but and it shows up in the post. Great! However, when I tick ‘remove’ and update the post the image appears to be gone from the field but it still appears in the post, i.e. it hasn’t been fully removed and is still attached.
Any ideas?
Thanks,
Josh
Hey Great Plugin I love it,
I have problem with since there are many files to upload for my custom fields it takes for ever to submit the post…. Is there a way to triger the upload insted right after selecting the files instead of having to wait until submitting the actual post?
If thats not not posible are there any other plugins or work around for this?
Thanks a lot any ideas will be great i need to get this running.
]]>Hi there,
A newbie to wordpress, All I want is to let my registered users upload documents and video to a temporary folder, and before approval of the site editor.
I hope this plug-in can do it in a simple way – shortcode probably.
]]>Hi,
I love the uploader but would love to have it show in the editor. Right now it only gets placed after the text, so I added some metaboxes for text below an image, but because nothing shows until you publish, my users may upload duplicates thinking it is not working. Is there a way I can get it to preview in the editor?
I’m going to have a project to build a mini multi-site. Does this plugin support WP 3.5 multi-site? This plugin is awesome, I hope I can use it on my next project.
Anyway, thank you for this plugin.
]]>I don’t use this plug-in, but noticed someone made the claim about upload shell scripts via your plug-in. I pretty much called it shenanigans, since if you’re a logged in user, who has access to upload files, you would be able to arbitrarily upload any file to begin with, since any logged in use if they have access to the media uploader, could do the same thing. I don’t see it as a true attack, so much as the potential for abuse by lower level users who have login access to the site.
You can read about the supposed vuln disclosure here: https://packetstormsecurity.com/files/119159/WordPress-SB-Uploader-3.9-Shell-Upload.html
In the event a WordPress site left user registration open, and this plug-in is accessible to low level users who can’t even edit pages, but can make blog posts, I could see how it can be abused, but still, a logged in user being able to upload files is not in my eyes a true attack or vulnerability so much as maybe an abuse of their account privileges.
My suggestion though, would be to change your plug-in, to not be available to users with roles lower than admin and editor, as well as making it so no PHP files can be uploaded via your tool, and only proper media such as images, music, video and text documents can be upload. File types I would restrict, PHP, PL, SWF, and so on, so that no one can upload scripts or malicious flash files to the sites, and removing the ability for new registered users from having access if they aren’t part of the admin group role.
]]>First, I want to say thank you this is really a great plugin.
But if I may suggest, I will want the shortcode able to link to original image. For example:
[sbu_post_image width=”200″ link=”original”]
I want it because together with lightbox plugins, it will seem awesome.
Regards,
Handoko.
Hi, I’ve just installed your 3.5 update and now the uploader meta box is not showing up on my Create New Post page (for a custom post type). If I click Screen Options, the meta box is listed and checked, it is just not showing up. So I’m guessing it is probably an issue with how you changed the priority for the meta box. It was working before the update.
]]>Hello and thank you for an excellent plugin,
We use SB Uploader v3.3
Two days ago we received an email from our provider stating:
This is a courtesy notice that we have found and corrected exploitable timthumb.php file on your account While we have corrected these files, we do recommend you ensure all potential exploits are corrected on your account. This is best done by updating all scripts, plugins, modules and themes on your account to the latest version.
The timthumb.php file is a script commonly used in WordPress’s (and other software’s) themes and plugins to resize images. The exploit allows an attacker to arbitrarily upload and create files and/or folders on your account, which can then be used for a number of malicious tasks, including but not limited to defacement, browser high-jacking and infection, data harvesting and more. After a site has been exploited, it may lead to becoming labeled a “Malicious Website” by Google or other security authorities.
Any timthumb.php file below version 1.35, but above version 1.09 is considered vulnerable. To prevent being compromised, we advise you update all instances of timthumb.php to version 2.0, or patch the existing vulnerable files. Note that patching the files requires more in-depth knowledge of the PHP scripting language.The updated version of timthumb.php can be found here:
https://timthumb.googlecode.com/svn/trunk/timthumb.php
We have automatically patched the files for you:
Additional information regarding the compromise can be found at the following two websites, as well as others; note that all external websites in this email are for your reference only.
https://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/
https://redleg-redleg.blogspot.com/2011/08/malware-hosted-newportalsecom.html
As stated above the risk is only temporarily fixed by patching the file.
Can you please look into it and update your files?
Thanks again for your excellent plugin and time,
marikamitsos
Thanks
]]>