question on setting for exceptions

  • Resolved alexlii

    (@alexlii)


    6 years, 8 months ago

    Hi @tokkonopapa,

    I am using Hype plugin to upload animation projects https://www.ads-software.com/plugins/tumult-hype-animations/

    and I found it show the uploading is successful, but there is no file uploaded actually.

    The file format of Hype plugin is OAM, but there is no choice in MIME type in IGB.

    You know this plugin is only used by administrator, not for site users.

    should I set excerptions at Admin ajax/post or Plugins area? If yes, which one I should choose please?

    I am actually quite confused by these two settings, would you please let me know what is the difference between Admin ajax/post and Plugins area?

    Thanks

    Alex

    • This topic was modified 6 years, 8 months ago by alexlii.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi again @alexlii,

    and I found it show the uploading is successful, but there is no file uploaded actually.

    Could you try to select “Verify file extension only” at “Prevent malicious file uploading” in “Validation rule settings” section?

    Then you can edit the black list of file extension in “Blacklist of forbidden file extensions“.

    would you please let me know what is the difference between Admin ajax/post and Plugins area?

    Well, “Admin ajax/post” is for request to admin-ajax.php and admin-post.php while “Plugins area” is for request to PHP file in the plugin folder.

    There are many vulnerable plugins/themes which request PHP files directory in their own folder, instead of using request via WordPress core functions. You can find them here.

    Those vulnerable plugins/themes would disclose wp-config.php!!

    I hope those make sense for you.

    Thank you for asking!

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @alexlii,

    and I found it show the uploading is successful, but there is no file uploaded actually.

    I think your situation was the same as the following picture:

    hypeanimation_anim_id is empty

    This issue was not caused by my plugin but by Hype plugin itself. So please ask to help them.

    c.f. Security Recommendation

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘question on setting for exceptions’ is closed to new replies.