Front-end download button

Hi @jurriaankoops

No, because the url IS the front-end download method. I’ve added a shorttag you can use to get the url.

https://www.ads-software.com/support/topic/display-link-in-template/#post-11714399

But what is your use case? Perhaps we can figure something out.

Keep in mind you can always regenerate the url to invalidate the old one.

• This reply was modified 5 years, 4 months ago by Doeke Norg.
• This reply was modified 5 years, 4 months ago by Doeke Norg. Reason: direct link to the correct post

@jurriaankoops you can also add a custom url that redirects to the download url via a .htaccess file, or even in wordpress there are plugins to create such redirects. Perhaps that’s an idea? It doesn’t really mask the url completely because the http request can be followed. But it will obscure it on the front page.

@doekenorg Thanks for your quick reply! We are looking for a (very) safe method to let a logged in user access a download option for gravityform entries, which contain sensitive data. I don’t want an open link which (even in theory) can be guessed.

Ah I see. Well i have secure URLs on my to do list. So it will be implemented in the near future. I think For the first iteration the user needs export rights.

How long can you wait?

That would be awesome! Take your time, I can wait for it.

Cool. Here is the issue so you can follow along when stuff is updated. You can even yell at me there. ??

https://github.com/doekenorg/gf-entries-in-excel/issues/52

Great, thanks. Another security related question:
Do I understand correctly that a downloadlink is generated automatically for every form? If yes: It would be better in my opinion if this is disabled for every form, unless actively turned on. Is this possible?

I will investigate and test your plugin further, but it looks promising! When I am going to use it I will definitely make a donation.

Hi @jurriaankoops,

The url is generated the first time the form settings are opened. So not when you activate the plugin.

Also the hash is randomly generated to prevent any guesswork. It used to be not, but that prevented regenerating and possible guessing when the nonce-salt wasn’t set properly.

Security is high on my priority list. So please let me know all your concerns.

For me that is not secure enough. Once I have openend the settings there is no way to disable the url. I agree it is a very hard to find entrance, and probably safe enough for a lot of sites, but once I know or found it, it gives me access to all the data in that form. I think that functionality as powerful as this should be turned off by default and should be actively turned on by the admin for every form separately and it should be possible to deactivate it at any time.

@jurriaankoops Fair enough.

As part of this update I’ll make the url opt-in. Giving a disable / enable button next to to the reset button. The disabling will delete the hash, and enabling will set it. This means that people who’ve already been using the plugin don’t have to re-activate.

As part of the other update (being a signed in user) I’m thinking of adding a hook overwrite the secure setting. So you can add something along the lines of:

add_filter('gfexcel_download_secured', '__return_true');

Then all forms would be secure. However, if someone would slip a malicious __return_false in another plugin, all forms will be insecure.

How do you feel about this? Is this risk part of the framework? Or should I not implement the hook, and fully rely on a form setting (which, in theory can also be overwritten). I feel like there is no completely secure option, and therefore I’d like my own hook for easy access. There should be some accountability for the user itself, right?

Hi Doeke,

regarding the url opt-in: Do you mean that if the url already exists you can disable it and if it does not already exist you can enable it? That would be best I think. That way you can maintain backward compatiblity so existing users don’t have to re-activate, but new users have to explicitly activate every form. Is this possible?

regarding the other update: If you ask me it is better not to hook a security setting for a powerfull plugin like this. It’s to easy to override. Overriding a form setting is less likely to happen I think, but also possible indeed. Best is probably to add a setting on plugin level, which overrules the individual form setting if active.
I am very security minded, as you probably know right now ;-). It is because I maintain some high level websites which are regurarly pentested. And as you probably know, fines for leaking data can be pretty high ;-).

@jurriaankoops on the opt-in: yes, that is exactly what I’m proposing! ??

And I like your plugin-setting-idea. So that will be on the PHP-level, by setting a constant that can not be overwritten. Nice one. Made a dedicated issue to fix: https://github.com/doekenorg/gf-entries-in-excel/issues/53 ??

Thanks for your input!

Thank you!

Hi @jurriaankoops,

Finally found the time to release the next version that contains ta fix for this.
As of 1.7.0 you have an opt-in url per form, and you can limit the download to logged in users only.

You can force this on every form by adding a constant to your functions.php or some config file.

define('GFEXCEL_SECURED_DOWNLOADS', 1); should be enough.