• Home
  • Cloud
    • General
    • SaaS
    • BPaaS
    • PaaS
    • IaaS
    • Other Internet Hosted Applications
      • WordPress
        • WooThemes Canvas
          • WooThemes Canvas CSS
  • About me
  • Why Badly Wired?
  • Contact

Badly Wired

Connecting WordPress via APIs, Plugins and other stuff - a technical notebook

You are here: Home / Cloud / Other Internet Hosted Applications / Wordpress / Securing Gravity Forms Uploads

Securing Gravity Forms Uploads

4th July 2019 by Alan Leave a Comment

Fully Managed UK Hosting - Only £1+VAT till 1st Jan 2021 on Shared, Reseller and Dedicated Hosting! .... read more ....

By default, Gravity Forms uploads files into the uploads folder, so by definition, these are readable by anyone. The file names are obscure, but that isn’t good enough if you are uploading personal information like proof of address.

One solution is to create a ‘safe’ protected by authorisation (e.g. basic auth over SSL ), so only users with this additional user/password can access the documents in the safe.

Note: basic-auth over ssl is not considered ultra secure, so restricting to specific IP addresses or even building a custom end point secured by OAuth may need to be considered depending on the need. With a little bit of engineering you could create an encrypted, low cost secure ‘safe’ restricted to specific users by using Google Cloud Storage – if you are interested in a tutorial please make a comment below.

The following code snippet will make Gravity Forms use the alternative ‘safe’ for all forms’ file uploads. (obviously change values for path and url )

Fully Managed UK Hosting - Only £1+VAT till 1st Jan 2021 on Shared, Reseller and Dedicated Hosting! .... read more ....
add_filter("gform_upload_path", function ($path_info, $form_id){
   $path_info["path"] = "/home/myaccount/public_html/safe/";
   $path_info["url"] = "http://www.mydomain.com/safe/";
   return $path_info;
} 10, 2);

If you want it to apply to a specific form ( e.g. form id 2 ) you will need check the form id as below:.

add_filter("gform_upload_path", function ($path_info, $form_id){
   if ( 2 === $form_id ) {
       $path_info["path"] = "/home/myaccount/public_html/safe/";
       $path_info["url"] = "http://www.mydomain.com/safe/";
   }
   return $path_info;
} 10, 2);
[Next] Find out where to host WordPress [Read the full article…]

Filed Under: Wordpress  

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • Applications
  • Cloud
    • General
    • Google Cloud
    • IaaS
    • Other Internet Hosted Applications
      • Wordpress
        • WooThemes Canvas
        • WooThemes Canvas CSS
    • SaaS
  • Code snippets
  • Discounts
  • Genesis
  • Google Apps for Works
  • Linux
  • News
  • SEO
  • Server setup
  • Services
  • Tech Tips
  • Uncategorised
  • Useful Images
  • Useful Stuff
  • WordPress Hosting
  • WordPress Plugins

Tags

background jobs beadcrumbs bind brandings Cache canvas Centos chrome css fail2ban Find firefox Flash fraud genesis gocardless godaddy Google google maps hackers internet explorer javascript KashFlow Linus linux Magento mapquest maps microsoft mysql news nohup php plugin plugins queens diamond jubilee replace SED SEO skype Varnish Virtualmin Webmin woothemes Wordpress

 

Affiliate and Privacy Notices

This site is free to use, but hopes to cover some costs through affiliate income, some products and links are affiliates and may earn the site advertising income.

Some affiliates use Cookies to track if you purchase from them, this allows them to apportion revenue to us you will need to refer to their specific privacy notices as to how you are tracked.

This site is a participant in the Amazon EU Associates Programme, an affiliate advertising programme designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.co.uk.

  • Privacy Policy

Copyright © 2021 · Badly Wired