I am trying to set up a public submission form through which anonymous website visitors (guests) would upload confidential data (like CVs or cover letters). I do not want those files to be then publicly visible for anyone else other than e.g. Administrators or Editors.
Steps I do:
1. create a Fields Group through Toolset > Custom Fields > ... create a new group with the following entries: First name, Last name, File
2. create a Post Type through Toolset > Post Types > ... create a new custom post type that uses the Submission Fields
3. create a Post Form through Toolset > Post Form > ... create a new post form for Submission
4. fill out the Post Form - upload a file
Observed behavior:
The uploaded file is publicly visible e.g. under: hidden link
Desired behavior:
The uploaded file should not be visible for anyone else other than Admins or Editors of the website.
Is there a similar example that we can see? https://toolset.com/forums/topic/access-for-pdfs/ - unfortunately it seems that the proposed solution is no longer available under the given link with the solution
Thank you for contacting us and I'd be happy to assist.
I'm afraid, there is no built-in feature available to stop files uploaded through the front-end forms from getting added to the WordPress media library or restrict them from public access.
Hi,
I came up with the following hand-crafted solution.
I created my custom plugin: hidden link
It hooks into upload_dir & wp_handle_upload hooks from WordPress core. What my hooks do is they basically change the directory to which files uploaded through a form with field id 'wpcf-file_attachment' are saved. The new directory to which they are saved is 'wp-content/uploads/submissions'. Also the URL to the file is change accordingly to the format wp-content/uploads/submissions?file=<name>'.
To secure the 'submissions' directory from direct access I configured .htaccess to redirect all requests to that directory to GET file=<filename>. I also put there an index.php in the directory which checks if the GET requests that hit under ?file=<filename> are authorized to do so (ie. that the user visitor is logged into WordPress). One vulnerability might be directory traversal in the file name which index.php also prevents.
What do you think about that solution? I am new to WordPress, I needed something very simple but I am not sure if what I propose is 100% safe.
Thank you for sharing your custom solution here and it will surely help others with a similar requirement.
Since this code targets only the upload for a specific custom field, the default functionality of the WordPress media library won't be affected which is great.
I can't think of any drawback or safety concern linked to this approach.
