How can we improve WooCommerce?

Product Add-ons Limit Upload Size & Only Allow Certain Filetype Extensions

With the Product Add-ons extension there is an extreme security flaw not being able to specify what filetype extensions to be allowed as uploads. Also setting up a max upload size would be beneficial. Currently its default upload size is whatever is specified in the php.ini. So if someone is unable to change that or needs it to to have a 100mb upload limit for personal uploads, then the customers or hackers can flood your server with large files as well as any filetype they want!

This should be a high priority as it is a very popular extension!

8 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    TerranceTerrance shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    declined  ·  Matty CohenAdminMatty Cohen (Chief Product Officer, WooThemes) responded  · 

    Hi all,
    We’ve explored this further and have determined that the features requested here are already present within WordPress.

    Enabling large file uploads is best done at the server level, as mentioned in the original ideas post.

    File type restrictions are handled by WordPress natively. Files uploaded through WooCommerce Product Addons are handled using the wp_handle_upload() function, which checks that the file type is one of the supported file types within WordPress. File type support can be customised via WordPress filters.

    Thanks and regards,
    Matty Cohen.
    Woo Product Lead at Automattic

    5 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • JamesJames commented  ·   ·  Flag as inappropriate

        More than a year and you guys did little to nothing about it. ridiculous. Being that you charge for a license and support every year, you should be on top of this.

      • DavideDavide commented  ·   ·  Flag as inappropriate

        Hi everybody, is there any update about this issue?

        It seems it has been not yet fixed notwithstanding it's a very delicate flaw!

        Kindly let me know,
        d

      • AlexAlex commented  ·   ·  Flag as inappropriate

        I just tried to upload a php file to my system and was prevented. Seems this request should be closed?

      • Tom BurtonTom Burton commented  ·   ·  Flag as inappropriate

        I agree completely, these are essential components of an file upload field. Using an uploader widget instead of a basic file upload field would be another worthwhile improvement, along with Admin options to resize images upon upload.

      WooCommerce: Category - Extension Ideas

      Feedback and Knowledge Base