How can we improve WooThemes?

Product Add-ons Limit Upload Size & Only Allow Certain Filetype Extensions

With the Product Add-ons extension there is an extreme security flaw not being able to specify what filetype extensions to be allowed as uploads. Also setting up a max upload size would be beneficial. Currently its default upload size is whatever is specified in the php.ini. So if someone is unable to change that or needs it to to have a 100mb upload limit for personal uploads, then the customers or hackers can flood your server with large files as well as any filetype they want!

This should be a high priority as it is a very popular extension!

8 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    TerranceTerrance shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    4 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • DavideDavide commented  ·   ·  Flag as inappropriate

        Hi everybody, is there any update about this issue?

        It seems it has been not yet fixed notwithstanding it's a very delicate flaw!

        Kindly let me know,
        d

      • AlexAlex commented  ·   ·  Flag as inappropriate

        I just tried to upload a php file to my system and was prevented. Seems this request should be closed?

      • Tom BurtonTom Burton commented  ·   ·  Flag as inappropriate

        I agree completely, these are essential components of an file upload field. Using an uploader widget instead of a basic file upload field would be another worthwhile improvement, along with Admin options to resize images upon upload.

      Feedback and Knowledge Base