File Upload Failed for .php files

  • Hello.

    Here is a snapshot of the error message I get when I try to upload a .php file:

    https://imgur.com/e6kFAPZ

    All other file types are working as they should.

    Here are two variants of the shortcode that I tried:

    [wordpress_file_upload uploadpath="themes/Avada-Child-Theme/" uploadrole="s2member_level3"]

    [wordpress_file_upload uploadpath="themes/Avada-Child-Theme/" uploadrole="s2member_level3" uploadpatterns="*.php"]

    Any help will be greatly appreciated.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nickboss

    (@nickboss)

    Hi, do you really want to allow php files through the form? This is extremely dangerous as a hacker can inject executable files in your website and take control through Web Shells.

    PHP files are blacklisted and not allowed by the plugin. However, if you still want to allow them, there is a way to do it. Do you have the Free or Pro version (instructions change)?

    Regards

    Nickolas

    Thread Starter wpfiend

    (@wpfiend)

    Hi Nickolas.

    Yes, understood about the dangers of php uploads. We just need to use it as a test run for one of our off-site developers.

    We are currently using the Free version.

    Thanks.

    Plugin Author nickboss

    (@nickboss)

    Hi, ok for free version you need to put the following code at the end of functions.php file of your theme:

    global $wfu_extension_blacklist;
if ( isset($wfu_extension_blacklist["php"]) ) unset($wfu_extension_blacklist["php"]);

    You also need to edit the shortcode using the visual editor and set *.php in Allowed File Extensions, or *.*, *.php

    Nickolas

    Thread Starter wpfiend

    (@wpfiend)

    Thanks Nickolas.

    Since we were on a time-crunch, we took out .php from the Disallowed section and added it to the Allowed section in /lib/wfu_security.php

    That seemed to have worked too.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘File Upload Failed for .php files’ is closed to new replies.