Rendering a file downloaded from wp-content

  • Hello
    I cannot seem to find an answer to this question.
    I would like to be able to upload an html or php or js file to an upload directory on WP (such as wp-content) and have authorized users not only download but actually render the files in their browser.

    I know that there are plugins like preventdirectaccess that protect files reasonably, but only allow you to download them, not run them in situ.

    Does anyone have any suggestions as to how I could achieve what I have described above?

    Thanks for your help.

    • This topic was modified 4 years, 11 months ago by Jan Dembowski. Reason: Moved to Fixing WordPress, this is not an Everything else WordPress topic
Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    I’m doubtful there is such a plugin because it creates a significant security risk to execute unknown JS and PHP files. Since HTML can contain JS, even they contain risk. The source folder for such files needs to be securely locked down so only fully authorized users could possibly place a file there. None the less it’s probably worth a bit of searching just in case I’m wrong.

    What you want could accomplished through a custom shortcode which fetches the desired file and returns appropriate content for output. JS files can be wrapped in <style> tags. PHP files can be output buffered and include‘d within the shortcode handler.

    Thread Starter mlapl1

    (@mlapl1)

    @bcworkz – Thank you so much and sorry for my late reply.

    I agree entirely about the security – that’s why I mentioned authorized access only.

    Thank you for the suggestion of a custom shortcode. Although I do code in PHP and JS, I am hardly an expert and know nothing about the internal workings of WP.

    My problem is that I want to run some lessons written with authoring systems such as Lectora or Articulate. I need to upload them and protect them from unauthorized access. LMS plugins currently available either do not allow uploads in a simple way and offer very poor security (especially if you can guess the URL of the file you want). So basically a student would click on a link in WP and would be taken to a fike that would run a lesson. Issues of record-keeping etc would be dealt with by the lesson code, not WP. While there are dedicated LMS systems, there are good reasons for using WP too, especially for appearance and monetization. It may be possible to write a new LMS structure meeting the requirements but WP offers many facilities that are constantly revised and updated, making it a better choice.

    Anyway, thanks so much for your help – I will try and followup somehow or just give up and look at other options.
    Andrew

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Rendering a file downloaded from wp-content’ is closed to new replies.