PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

Privacy of uploaded content

Gravity Support Forums » Plugin Support » Gravity Forms

  1. Dag
    Member

    Hello,
    I'm concerned that anyone is able to access the uploaded data from Index of /wp-content/uploads/gravity_forms/example_folder?image.jpg
    How do i secure these folders so only certain people can access the data? Or change the upload to a more secure area or ideal just email the photos/audio on the upload rather than fill up our server.
    Thanks.

    Posted 12 years ago on Tuesday July 19, 2011 | Permalink

  2. Carl Hancock
    Administrator

    The files can't just be emailed, they have to be stored on the server.

    If you want to store the files elsewhere in a location that you can secure, you can customize the upload location using custom code. There are hooks for both the file upload location and the file permissions set on uploaded files.

    Here is documentation on the gform_upload_path hook:

    http://www.gravityhelp.com/documentation/page/Gform_upload_path

    Here is documentation on the gform_file_permission hook:

    http://www.gravityhelp.com/documentation/page/Gform_file_permission

    Just keep in mind the tighter you lock down the file paths, that means they won't be accessible when linked from the notification emails and may not be accessible via the admin when you view the file from the entry detail. That is why currently they aren't locked down tight, it makes accessing them via the admin and email notifications difficult. To get to the files a person would need to guess the correct path and file name which is unlikely in most situations.

    Posted 12 years ago on Tuesday July 19, 2011 | Permalink

This topic has been resolved and has been closed to new replies.