coholm

@gm_alex
Is there any chance you can figure out why file protection isn’t working for me anymore since updating to 2.2

With file protection I mean not only hiding the link, but also restricting file access when the file link is opened directly

I can also give you access if needed.

• This reply was modified 3 years, 9 months ago by coholm.

@gm_alex still doesn’t work.

Maybe it’s worth mentioning:
I have set up a user group called “Luftfahrtkunden” in UAM and WordPress and linked those two:
https://i.postimg.cc/Hx4z0wpf/uam1.png

In the Media section I wordpress I have checked the box for files that should be protected:
https://i.postimg.cc/nztTQRt4/uam2.png

Have you tried it with a custom user group?

@gm_alex
I tested the update today on my development site.
After doing the update, file restriction doesn’t work anymore.

The .htaccess file showed that the UAM code is commented out

# END WordPress
# BEGIN UAM Custom
# <IfModule mod_rewrite.c>
# <FilesMatch '\.(zip|rar|tar|gz|pdf)'>
# RewriteEngine On
# RewriteBase /
# RewriteRule ^index\.php$ - [L]
# RewriteRule ^([^?]*)$ /index.php?uamfiletype=attachment&uamgetfile=$1 [QSA,L]
# RewriteRule ^(.*)\?(((?!uamfiletype).)*)$ /index.php?uamfiletype=attachment&uamgetfile=$1&$2 [QSA,L]
# RewriteRule ^(.*)\?(.*)$ /index.php?uamgetfile=$1&$2 [QSA,L]
# </FilesMatch>
# </IfModule>
# END UAM Custom

But even after removing the #, file restriction still does not work. Protected files can be opened by anyone. Before running the update, it worked.

EDIT: The version that currently works for me is: Version 2.1.12

• This reply was modified 3 years, 9 months ago by coholm.
• This reply was modified 3 years, 9 months ago by coholm.
• This reply was modified 3 years, 9 months ago by coholm.

@gm_alex I havn’t tested the latest version yet, but I want to thank you for updating the plugin. It’s been very helpfull.

@specialk Thanks for the latest update. Works perfect now

• This reply was modified 3 years, 12 months ago by coholm.

Yes I’m using WP 5.5.1 and the latest version of Yoast.
My subscription for yoast has expired

Thanks for your help. A different plugin was causing the problem.

Has something in the core changed for the above code to not work anymore?
Some script urls are still relative, but some are absolute now.

I have recently updated to wp 5.5

https://img.imageupload.net/2020/08/12/screenshot.png

Oh ok. I thought that the part after the equal sign (=) is the query string.
I’m not sure if you can create a rule that catches all the possibilities after the equal sign that contain www. and .cn

https://whatever.com/produkte?wpv_post_search=www.whatever.com

https://whatever.com/produkte?wpv_view_count=1187&wpv_post_search=www.whatever.cn&wpv_filter_submit=Suchen

https://whatever.com/produktkategorie/mikrofone?wpv_view_count=1187&wpv_post_search=www.whatever.cn&wpv-product_cat%5B%5D=mikrofone&wpv_filter_submit=Suchen

Yes, all the querys only include the url in the format www.whatever.cn
I have just cleared the log, but I can send you a screenshot once it filled up again

• This reply was modified 4 years, 3 months ago by coholm.
• This reply was modified 4 years, 3 months ago by coholm.

I also have the following searched in the log, which seem to be malicious:
Home%2F\\think\\app%2Finvokefunction
index%2F\\think\\app%2Finvokefunction

When I enter these in the search bar, the search is also executed as usual.

Just tested it. (Version: 20200811)
When I enter a search ‘www.abcdefg.cn’ it still gets logged and the search is executed.

These are great news.
I’ll let you know how well it works