Wordpress Plugin to Upload Images to Directory and Show on Website

April 16, 2022 Post a Comment

Details
Reviews
Installation
Support
Development

With this plugin you or other users tin upload files to your site from whatever folio, mail or sidebar hands and securely.

Simply put the shortcode [wordpress_file_upload] to the contents of any WordPress page / post or add the plugin's widget in whatever sidebar and you volition be able to upload files to whatever directory within wp-contents of your WordPress site.

Yous tin can add together custom fields to submit boosted data together with the uploaded file.

You can use it to capture screenshots or video from your webcam and upload it to the website (for browsers that back up this feature).

Yous can even utilise it every bit a unproblematic contact (or any other type of) form to submit information without including a file.

The plugin displays the listing of uploaded files in a separate top-level menu in Dashboard and includes a file browser to access and manage the uploaded files (only for admins currently).

Several filters and actions before and afterwards file upload enable extension of its capabilities.

The characteristics of the plugin are:

It uses the latest HTML5 technology, however it volition also piece of work with old browsers and mobile phones.
It is compliant with the General Data Protection Regulation (GDPR) of the European union.
It tin be added in posts, pages or sidebars (as a widget).
Information technology can capture and upload screenshots or video from the device'due south camera.
Information technology supports additional form fields (like checkboxes, text fields, email fields, dropdown lists etc).
It can be used as a simple contact grade to submit data (a selection of file can be optional).
It produces notification letters and e-mails.
Information technology supports option of destination folder from a list of subfolders.
Upload progress can be monitored with a progress bar.
Upload process can be cancelled at any time.
Information technology supports redirection to some other url after successful upload.
At that place can be more than one instances of the shortcode in the same folio or post.
Uploaded files can be added to Media or be attached to the current page.
Uploaded files can be saved to an FTP location (ftp and sftp protocols supported).
It is highly customizable with many (more than l) options.
Information technology supports filters and actions before and after file upload.
It contains a visual editor for customizing the plugin hands without any noesis of shortcodes or programming
It supports logging of upload events or management of files, which can be viewed past admins through the Dashboard.
It includes an Uploaded Files pinnacle-level bill of fare item in the Dashboard, from where admins can view the uploaded files.
It includes a file browser in the Dashboard, from where admins tin manage the files.
It supports multilingual characters and localization.

The plugin is translated in the following languages:

Portuguese, kindly provided by Rui Alao
German language
French, kindly provided by Thomas Bastide of http://www.omicronn.fr/ and improved past other contributors
Serbian, kindly provided by Andrijana Nikolic of http://webhostinggeeks.com/
Dutch, kindly provided by Ruben Heynderycx
Chinese, kindly provided by Yingjun Li
Spanish, kindly provided by Marton
Italian, kindly provided past Enrico Marcolini https://www.marcuz.information technology/
Smooth
Swedish, kindly provided by Leif Persson
Persian, kindly provided by Shahriyar Modami http://chabokgroup.com
Greek

Delight note that old desktop browsers or mobile browsers may non support all of the in a higher place functionalities. In order to get full functionality use the latest versions browsers, supporting HTML5, AJAX and CSS3.

For additional features, such equally multiple file upload, very large file upload, elevate and driblet of files, captcha, detailed upload progress bars, list of uploaded files, image gallery and custom css please consider WordPress File Upload Professional person.

Please visit the Other Notes section for customization options of this plugin.

Plugin Customization Options

Delight visit the support page of the plugin for detailed description of customization options.

Requirements

The plugin requires to accept Javascript enabled in your browser. For Internet Explorer you besides demand to have Agile-X enabled.
Please note that onetime desktop browsers or mobile browsers may not support all of the plugin'due south features. In order to become total functionality utilize the latest versions of browsers, supporting HTML5, AJAX and CSS3.

First install the plugin using WordPress auto-installer or download the .zippo file from wordpress.org and install it from the Plugins section of your Dashboard or copy wordpress_file_upload directory within wp-contents/plugins directory of your wordpress site.
Activate the plugin from Plugins section of your Dashboard.
In club to utilize the plugin simply go to the Dashboard / Settings / WordPress File Upload and follow the instructions in Plugin Instances or alternatively put the shortcode [wordpress_file_upload] in the contents of any page.
Open the folio on your browser and yous will see the upload form.
You can change the upload directory or any other settings easily by pressing the small edit button found at the left-top corner of the upload form. A new window (or tab) with pop up with plugin options. If you do not see the new window, conform your browser settings to allow pop-upwardly windows.
Total documentation about the plugin options can be establish at https://wordpress.org/plugins/wp-file-upload/other_notes/ or at http://world wide web.iptanus.com/wordpress-plugins/wordpress-file-upload/ (including the Pro version)

A getting started guide tin be found at http://www.iptanus.com/getting-started-with-wordpress-file-upload-plugin/

Volition the plugin work in a mobile browser?: Yes, the plugins will work in most mobile phones (has been tested in iOS, Android and Symbian browsers likewise as Opera Mobile)
Do I need to have Flash to use then plugin?: No, you practice not need Flash to use the plugin.
I become a Safety MODE restriction error when I try to upload a file. Is there an culling?: Your domain has probably turned SAFE Way ON and you have restrictions uploading and accessing files. WordPress File Upload includes an alternative fashion to upload files, using FTP access. Simply add the attribute accessmethod="ftp" inside the shortcode, together with FTP access information in ftpinfo aspect.
Can I see the progress of the upload?: Yes, you tin see the progress of the upload. During uploading a progress bar volition appear showing progress info, nevertheless this functionality functions only in browsers supporting HTML5 upload progress bar.
Can I upload many files at the same time?: Yes, but not in the complimentary version. If you desire to allow multiple file uploads, please consider the Professional version.
Where practise files go afterward upload?: Files by default are uploaded inside wp-content directory of your WordPress website. To change it use attribute uploadpath.
Can I run across and download the uploaded files?: Administrators can view all uploaded files together with associated field data from the plugin's Settings in Dashboard. The Professional version of the plugin allows users to view their uploaded files, either from the Dashboard, or from a page or mail.
Are at that place filters to restrict uploaded content?: Yes, you can control immune file size and file extensions past using the appropriate attribute (come across Other Notes section).
Are at that place any upload file size limitations?: Yep, there are file size limitations imposed by the spider web server or the host. If you want to upload very big files, delight consider the Professional version of the plugin, which surpasses size limitations.
Who tin upload files?: Past default all users tin can upload files. Yous can define which user roles are allowed to upload files. Even guests can be allowed to upload files. If you want to permit only specific users to upload files, then please consider the Professional version of the plugin.
What security is used for uploading files?: The plugin is designed not to expose website sensitive information. It has been tested by experts and verified that protects against CSRF and XSS attacks. All parameters passing from server to client side are encoded and sanitized. For higher protection, like utilize of captcha, please consider the Professional version of the plugin.
What happens if connection is lost during a file upload?: In the gratis version the upload volition fail. However in the Pro version the upload volition resume and will go along until the file is fully uploaded. This is especially useful when uploading very large files.
The plugin does non await dainty with my theme. What tin I practise?: There is an option in plugin's settings in Dashboard to relax the CSS rules, then that buttons and text boxes inherit the theme's styles. If additional styling is required, this can be done using CSS. The Professional version of the plugin allows CSS rules to be embed in the shortcode.

I've spent almost calendar month trying to get this to work. It doesn't upload to the specified path. Support is very unresponsive. Requesting a full refund.

Dear plugin author, how on world could you lot hardcode the css into wfu_template.php? WHY? Inline css is a very bad practice. Autonomously from that, cheers for squeamish plugin.

Simply doesn't work. I add together the shortcode to the page, then test it. Click on the file upload button, choose the file I want to upload, then click 'Open'. Goes back to the master page and nothing there. Information technology doesn't testify the file I just chose. Tin can't upload. Waste of time.

This plugin seems to be exactly what I need. Oasis't had the chance to employ it that much yet but volition probable consider getting the Professional Version. It seems to not work with some plugins, for example Elementor, which is fine. Only create a carve up page for uploading without such plugins.

It took a scrap to wrap my head around all of the configuration possibilities, just it's well worth the learning curve. Once you meet everything information technology can do and how to do information technology, I tin can't imagine very many scenarios this plugin couldn't cover. If there was whatever gripe at all, it would be that the documentation is a fleck scattered about. Have your time to set this up properly and you'll be happy you lot did. Five Stars!

Read all 107 reviews

"WordPress File Upload" is open source software. The following people accept contributed to this plugin.

Contributors

nickboss

iv.16.3

improved sanitization and escaping of shortcode attributes to avert XSS attacks
file type .svg moved to blacklist to avert XSS attacks coming from scripts within SVG files
added security check to forbid uploads inside wp-content/plugin directory
improved handling of videoname and imagename file uploader shortcode attributes to avoid directory traversal attacks
improved /lib and /extensions loader to avoid arbitrary code execution through injected image files
all wfu_blocks.php functions became redeclareable

four.16.2

minor bug fixes in Pro version

iv.16.1

corrected $_SESSION variable trouble in maintenance purge function

4.16.0

visual editor edit button misalignment fixed
corrected echo problem when recording from webcam with sound

iv.15.0

COOKIEHASH bug corrected
credentials in FTP paths are stripped from the paths
corrected File Detais to File Details
regex "/(.)<\/style><script.?>(.)<\/script>(.)/southward" changed to "/(.)<\/style>.?<script.?>(.)<\/script>(.*)/south" in functions.php
corrected notice: Undefined index: post in wfu_admin.php when the website has no posts

4.xiv.4

restored .po files in languages and so that users tin change translations

4.14.3

slight change in wfu_get_filtered_recs to handle cases where b.date_from is zippo
code improvements to increase loading speed of plugin's file browser
added wfu_mime_content_type() function that uses several methods to become MIME blazon of a file

iv.14.ii

lawmaking improved so that upload message colors correctly adjust to shortcode colour settings
slight modifications to upload message colors while upload is in progress
plugin cookie names adapted in case COOKIEHASH does not exist
corrected problems of the new plugin updater causing a warning when there are plugins that exercise not have their own subdirectory
closing tags removed from all PHP files to avoid "Headers already sent" errors
corrected bug where the uploads counter was showing to not-administrators
wfu_log_action and wfu_process_files functions became redeclarable
removed debug_log from wfu_process_files_queue
consent Yes/No question was added in translation
corrected locale of Greek translation

four.fourteen.one

fix webcam play button bug
corrected event with implode() function of minifier library appearing in websites having PHP > 7.4.2
wfu_admin.php modified to use wfu_ajaxurl() role

iv.fourteen.0

minor fixes of bugs and lawmaking improvements.

four.13.1

file checking of uploaded files hardened to better handle xss attacks coming through uploaded image files.

4.13.0

corrected security vulnerability where remote code could be executed using directory traversal method. Credits to p4w security skilful for identifying the vulnerability.
improved user bank check algorithm during upload, related to upload parameters array
corrected bug where Restricted Page Loading was working only for pages, all other mail service types were loading the plugin files as if in that location was no restriction

four.12.2

corrected issues where files could non be downloaded in some server environments when dboption user state handler was enabled

iv.12.1

corrected issues where files could not exist downloaded from Dashboard / Uploaded Files page

four.12.0

corrected bug where export data file was not deleted later download
corrected bug in FTP credentials configurator about double backslash (\) issue
added cookies user state handler that has been integrated with dboption equally 'Cookies (DBOption)' to comply with WordPress directives not to utilise session
'Cookies (DBOption)' user state handler has been set as the default one
added advanced pick WFU_US_DBOPTION_BASE so that dboption can also work with session
added advanced option WFU_US_SESSION_LEGACY to employ the onetime session functionality of the plugin, having session_start() in header
added auto-adjustment of user state handler to 'dboption' during activation (or update) of the plugin
bug "Error: [] cURL error 28" in WordPress Site Health disappears when setting user land handler to 'Cookies (DBOption)' or when WFU_US_SESSION_LEGACY advanced option is imitation
added the ability to run PHP processes in queue, which is necessary for correctly handling uploads when user state handler is dboption

4.11.2

added easier configuration of FTP Credentials (ftpinfo) aspect of the uploader shortcode

4.11.1

corrected bug in functions wfu_manage_mainmenu() and wfu_manage_mainmenu_editor() that were echoing and not returning the generated HTML
added fix for compatibility with Fast Velocity Minify plugin

4.11.0

code improved so that shortcode composer can be used by all users who can edit pages (and not merely the admins)
added environs variable 'Show Shortcode Composer to Not-Admins' to control whether non-admin users tin edit the shortcodes
added filtering of get_users() function in society to handle websites with many users more than efficiently
added notification in shortcode composer if user leaves folio without saving
corrected bug where restricted frontend loading of the plugin was not working for websites installed in localhost due to wrong calculation of asking uri

4.ten.iii

added the ability to movement one or more files to another folder through the File Browser feature in Dashboard expanse of the plugin
improved responsiveness of shortcode composer and Principal Dashboard page of the plugin
bug fix in wfu_revert_log_action

iv.ten.2

added wordpress_file_upload_preload_check() function in chief plugin file to avoid conflicts of variable names with WordPress
updated webcam code to accost createObjectURL Javascript error that prevents webcam feature to work in latest versions of browsers

iv.10.ane

lawmaking modified so that vendor libraries are loaded only when necessary
improved process of deleting all plugin options
added honeypot field to userdata fields; this is a security feature, in replacement of captchas, invisible to users that prevents bots from uploading files
added attribute 'Consent Denial Rejects Upload' in uploader shortcode Personal Data tab to stop the upload if the consent answer is no, likewise as 'Reject Message' attribute to customize the upload rejection message shown to the user
added attribute 'Practise Not Remember Consent Answer' in uploader shortcode Personal Data tab to evidence the consent question every time (and non but the get-go fourth dimension)
attribute 'Preselected Answer' in uploader shortcode Personal Data tab modified to be compatible with either checkbox or radio Consent Format
upload consequence message adjusted to bear witness the correct upload status in case that files were uploaded just were not saved due to Personal Data policy
lawmaking improved for sftp uploads to handle PECL ssh2 bug #73597

iv.10.0

plugin code improved to support files containing single quote characters (') in their filename
corrected problems where plugin was deactivated subsequently update

4.9.ane

added Maintenance action 'Purge All Data' that entirely erases the plugin from the website and deactivates information technology
added avant-garde option 'Hide Invalid Uploaded Files' then that Uploaded Files folio in Dashboard tin can testify simply valid uploads
added advanced option 'Restrict Front end-End Loading' to load the plugin merely on specific pages or posts in social club to reduce unnecessary workload on pages non containing the plugin
lawmaking improved for better operation of the plugin when the website works behind a proxy
added option in Clean Log to erase the files together with plugin data

4.9.0

code farther improved to reduce "Iptanus Server unreachable…" errors
checked Weglot Translate compatibility; /wp-admin/admin-ajax.php needs to be added to Exclusion URL list of Weglot configuration then that uploads can work
several meaning additions in the Pro version, including Microsoft OneDrive integration

4.8.0

added particular in Admin Bar that displays number of new uploads and redirects to Uploaded Files Dashboard page
lawmaking improved in Uploaded Files Dashboard folio so that download action directly downloads the file, instead of redirecting to File Browser
added Avant-garde option 'WFU_UPLOADEDFILES_COLUMNS' that controls the lodge and visibility of Uploaded Files Dashboard page columns
added Avant-garde option 'WFU_UPLOADEDFILES_ACTIONS' that controls the club and visibility of Uploaded Files Dashboard folio file actions
added several filters in Uploaded Files Dashboard page to make it more customizable
PHP function redeclaration arrangement significantly improved to support arguments by reference, execution after the original part and redeclaration of variables
code improved to reduce "Iptanus Server unreachable…" errors (better operation of verify_peer http context property)
added a link in Iptanus Unreachable Server fault message to an Iptanus article describing how to resolve it

4.seven.0

added Uploaded Files top-level Dashboard carte du jour item, showing all the uploaded files and highlighting the new ones
added Portuguese translation from Rui Alao
checked and verified compatibility with Gutenberg
plugin initialization actions moved to plugins_loaded filter
fixed bug immigration userdata fields when Select File is pressed
File Browser and View Log tables modified to become more responsive especially for minor screens

4.6.2

corrected consent_status alert when updating user profile and Personal Data is off
user fields lawmaking improved for improve data autofill behaviour

4.half-dozen.one

added uploader shortcode attribute 'resetmode' to command whether the upload form will be reset after an upload
added pagination in File Browser tab in Dashboard surface area of the plugin

4.half dozen.0

corrected slash (/) parse Javascript error most 'fakepath' appearring on some situations
added nonces in Maintenance Actions to increase security
improved code in View Log so that no links announced to invalid files
improved lawmaking in View Log so that when the admin opens a file link to view file details, 'become back' button volition lead dorsum to the View Log page and not to File Browser
improved code in 'Clean Log' button in Maintenance Actions in Dashboard area of the plugin, then that the admin can select the period of make clean-up

four.5.1

code improved in wfu_js_decode_obj function for better compatibility with Safari browser
code improved to sanitize all shortcode attributes before uploader form or file viewer is rendered
removed external references to code.jquery.com and cdnjs.cloudflare.com for better compliance with GDPR

4.v.0

added bones compliance with GDPR
added several shortcode attributes to configure personal information consent advent and behaviour
added area in User Profile from where users can review and alter their consent status
added Personal Data option in Settings that enables personal information operations
added Personal Information tab in plugin's surface area in Dashboard from where administrators tin export and erase users' personal data
corrected bug non accepting subfolder dimensions when subfolder element was active

4.four.0

added alternative user state handler using DB Options table in social club to overcome issues with session variables appearing on many web servers

4.iii.4

all Settings sanitized correctly to forestall XSS attacks – credits to ManhNho for mentioning this trouble

four.3.iii

all shortcode attributes sanitized correctly to close a serious security hole – credits to ManhNho for mentioning this problem

4.iii.2

fixed bug in wfu_before_upload and wfu_after_upload filters that was breaking JS scripts if they contained a closing subclass ']' symbol

4.3.one

added placeholder selection in available label positions of additional fields; label will be the placeholder attribute of the field

iv.iii.0

fixed issues where ftp credentials did not work when username or password contained (:) or (@) symbols
RegExp fix for wfu_js_decode_obj function for improved compatibility with caching plugins
corrected WFU_Original_Template::get_instance() method considering information technology ever returned the original class
View Log page improved and so that displayed boosted user fields of an uploaded file are not cropped

4.2.0

changed logic of file sanitizer; dots in filename are by default converted to dashes, in club to avert upload failures caused when the plugin detects double extensions
corrected bug where a Javascript error was generated when askforsubfolders was disabled and showtargetfolder was active
added css and js minifier in inline code
plugin modified so that the shortcodes return correctly either Javascript loads early on (in header) or late (in footer)
plugin modified so that Media record is deleted when the associated uploaded file is deleted from plugin'southward database
corrected bug where some plugin images were not loaded while Relax CSS option was inactive

iv.ane.0

inverse logic of file sanitizer; dots in filename are past default converted to dashes, in order to avoid upload failures acquired when the plugin detects double extensions
added advanced selection WFU_SANITIZE_FILENAME_DOTS that determines whether file sanitizer will sanitize dots or not
timepicker script and fashion replaced by most recent version
timepicker script and style files removed from plugin and loaded from cdn
json2 script removed from plugin and loaded from WordPress registered script
JQuery UI mode updated to latest one.12.1 minified version
added wfu_before_admin_scripts filter before loading admin scripts and styles in guild to control incompatibilities
removed getElementsByClassName-1.0.1.js file from plugin, getElementsByClassName function was replaced past DOM querySelectorAll
corrected bug showing alert "Discover: Undefined variable: page_hook_suffix…" when a non-admin user opened Dashboard
corrected fatal mistake "func_get_args(): Can't exist used as a function parameter" actualization in websites with PHP lower than 5.3
added _wfu_file_upload_hide_output filter that runs when plugin should not be shown (eastward.thousand. for users not inluded in uploadroles), in club to output custom HTML
corrected bug where email fields were always validated, even if validate selection was not activated
corrected problems where number fields did non allow invalid characters, even if typehook option was not activated
corrected bug where email fields were non allowed to exist ampty when validate choice was activated
corrected error T_PAAMAYIM_NEKUDOTAYIM actualization when PHP version is lower than 5.three
corrected problems with random upload fails caused when params_index corresponds to more than one params

4.0.ane

translation of the plugin in Farsi, kindly provided by Shahriyar Modami http://chabokgroup.com
corrected issues where notification email was not sending atachments
corrected problems not cleaning log in Maintenance Actions

four.0.0

huge renovation of the plugin, the UI lawmaking has been rewritten to render based on templates
lawmaking modified so that it can correctly handle sites where content dir is explicitly defined
corrected problems in Dashboard file editor so that it can work when the website is installed in a subdirectory
corrected warnings showing when editing a file that was included in the plugin'south database
added filter in get_posts so that it does not cause problems when at that place are too many pages/posts
bug fixes so that forcefilename works better and does not strip spaces in the filename
code improved to protect from hackers trying to use the plugin as email spammer
added advanced variable Force Email Notifications then that email can be sent even if no file was uploaded
corrected bug not showing sanitized filanames correctly in electronic mail
corrected bug so that dates bear witness-up in local time and non in UTC in Log Viewer, File Browser and File Editor
fixed problems showing "Alarm: Missing argument 2 for wpdb::prepare()" when cleaning up the log in Maintenance Actions
corrected bug where when configuring subfolders with visual editor the subfolder dialog showed unknown error
corrected bug where the Select File button was not locked during upload in case of classical HTML (no-ajax) uploads
added cancel push button functionality for archetype no-ajax uploads
added back up for Secure FTP (sftp) using SSH2 library
successmessagecolor and waitmessagecolors attributes are hidden as they are no longer used

3.11.0

added the ability to submit the upload form without a file, just similar a contact form
added attribute allownofile in uploader shortcode; if enabled so the upload course can exist submitted without selection of a file
added wfu_before_data_submit and wfu_after_data_submit filters which are invoked when the upload course is submitted without a file
added avant-garde debug options for more comprehensive and deep troubleshooting
added internal filters for advanced hooking of ajax handlers
fixed several security problems
stock-still bug that was generating an fault when automatic subfolders were activated and the upload folder did not be
corrected bug where single quote, double quote and backslash characters in user fields were not saved correctly (they were escaped)
fixed bug where any changes made to the user information (east.m. through a filter) were not included in the email message
added unique_id variable in wfu_before_file_check and wfu_after_file_upload filters
inverse column titles in the tables of plugin instances in Master tab in Dashboard
fixed bug where if a user field was modified from the file editor, custom columns were irresolute order

3.10.0

an culling Iptanus server is launched in Google Cloud for resolving the notorious mistake "file_get_contents(https://services2.iptanus.com/wp-admin/admin-ajax.php): failed to open stream: Connection timed out."
added choice 'Use Culling Iptanus Server' in Settings to switch to the alternative Iptanus Server
added advanced choice 'Alternative Iptanus Server' that points to an alternative Iptanus Server
added advanced option 'Alternative Iptanus Version Server' that points to the alternative Iptanus Server URL returning the latest plugin version
an error is shown in the Master page of the plugin in Dashboard if Iptanus Server is unreachable
a warning is shown in the Main folio of the plugin in Dashboard if an alternative insecure (http) Iptanus Server is used
alternative fix of fault accessing https://services2.iptanus.com for coil (by disabling CURLOPT_SSL_VERIFYHOST) and for sockets by employing a better parser of socket response
added Swedish translation, kindly provided by Leif Persson
improved ftp functionality so that ftp folders tin can be created recursively

3.ix.6

added internal filter _wfu_file_upload_output before echoing uploader shortcode html
added power to change the order of boosted user fields in shortcode visual editor

3.9.five

added environment variable 'Upload Progress Way' that defines how upload progress is calculated
improved progress bar calculation
minor bug fixes in AJAX functions mentioned by Hanneke Hoogstrate http://www.blagoworks.nl/

3.9.4

added option to enable admin to change the upload user of a file
lawmaking improvements and bug fixes related to file download characteristic
code improvements related to make clean database function
added Italian translation

3.9.three

added choice to allow loading of plugin'southward styles and scripts on the forepart-terminate merely for specific posts/pages through wfu_before_frontpage_scripts filter
fixed problems where when uploading big files with identical filenames and 'maintain both' option, not all would exist saved separately
ii advanced variables were added to let the admin modify the consign function separators

iii.9.2

added surroundings variable to enable or disable version check, due to admission problems of some users to Iptanus Services server
added timeout option to wfu_post_request function
added Spanish translation, kindly provided by Marton

3.9.one

temporary ready to address upshot with plugin'south Main folio in Dashboard not loading, by disabling plugin version check
correct Safari trouble with actress spaces in success bulletin coming from force_close_connection
correct bug where when extension has capital letter letters it is rejected

iii.9.0

a big number of extensions have been blacklisted for preventing upload of potentially dangerous files
the plugin will not allow inclusion, renaming or downloading of files with blacklisted extensions based on the new listing
if no upload extensions are defined or the uploadpattern is too generic, so the plugin will allow but specific extensions based on a white list of extensions; if the administrator wants to include more extensions he/she must declare them explicitely
the use of the wildcard asterisk symbol has get stricter, asterisk will match all characters except the dot (.), so the default . pattern volition allow simply 1 extension in the filename (and not more as happened then far).
added environment variable 'Wildcard Asterisk Mode' for defining the manner of the wildcard asterisk symbol. If it is 'strict' (default) and so the asterisk will not match dot (.) symbol. If it is 'loose' then the asterisk will match any characters (including dot).
slight bug fixes so that wildcard syntax works correctly with square brackets
added maximum number of uploads per specific interval in gild to avoid DDOS attacks
added environment variables related to Denial-Of-Service attacks in order to configure the behaviour of the DOS set on checker
bug fix of wfu_before_file_upload filter that was non working correctly with files larger than 1MB

three.8.5

added bulk actions feature in File Browser in Dashboard for admins
added delete and include bulk deportment in File Browser
improvement of column sort functionality of File Browser
added environment variable 'Use Culling Randomizer' in order to make string randomizer function work for fast browsers
uploadedbyuser and userid fields became int to cope with big user ID numbers on some WordPress environments

iii.viii.4

dublicatespolicy attribute replaced by grammaticaly right duplicatespolicy, however backward compatibility with the old attribute is maintained

3.8.3

fixed bug of subdirectory selector that was not initializing correctly after upload
fixed slight widget incompatibility with customiser
stock-still issues of drag-n-drop feature that was not working when singlebutton functioning was activated

3.8.2

fixed bug in wfu_after_file_loaded filter that was non working and was overriden by obsolete wfu_after_file_completed filter
added selection in plugin's Settings in Dashboard to include additional files in plugin'south database
added feature in Dashboard File Browser for admins to include boosted files in plugin'south database

three.8.ane

fixed problems with indistinguishable userdata IDs in HTML when using more one userdata occurrences

3.8.0

added webcam option that enables webcam capture functionality
added webcammode atribute to define capture style (screenshots, video or both)
added audiocapture aspect to define if audio will exist captured together with video
added videowidth, videoheight, videoaspectratio and videoframerate attributes to constrain video dimensions and frame rate
added camerafacing aspect to define the camera source (front end or dorsum)
added maxrecordtime attribute to define the maximum record time of video
added uploadmediabutton, videoname and imagename attributes to define custom webcam-related labels
fixed issues that strips non-latin characters from filename when downloading files

3.7.iii

improved filename sanitization function
added Chinese translation by Yingjun Li

3.vii.two

added selection to cancel upload
setting added then that upload does not fail when site_url and home_url are unlike
added attribute requiredlabel in uploader'southward shortcode that defines the required keyword
required keyword tin can now be styled separately from the user field label
add user fields in Media together with file
setting added then that userdata fields are shown in Media Library or not
added Dutch translation past Ruben Heynderycx

3.7.1

internal code modifications and slight bug corrections

three.7.0

pregnant code modifications to brand the plugin pluggable, invisible to users
add-on of before and afterwards upload filters
correction of small issues in Shortcode Composer of File Viewer

three.6.1

Iptanus Services server for getting version info and other utilities is now secure (https)
fixed bug with wfu_path_abs2rel part when ABSPATH is just a slash
additional fixes and new features in Professional version

three.half-dozen.0

French translation improved
correction of minor bug at wfu_functions.php
lawmaking improvements in upload algorithm
wp_check_filetype_and_ext check moved subsequently completion of file
added wfu_after_file_complete filter that runs right afterwards is fully uploaded
improved appearance of plugin's area in Dashboard

3.5.0

textdomain inverse to wp-file-upload to back up the translation characteristic of wordpress.org
added pick in Maintenance Actions of plugin'south expanse in Dashboard to consign uploaded file data
added pagination of non-admin logged user's Uploaded Files Browser
added pagination of front end-end File List Viewer
added pagination of user permissions table in plugin's Settings
added pagination of Log Viewer
corrected problems in View Log that was not working when pressing on the link
improvements to View Log characteristic
improvements to file download function to avoid corruption of downloaded file due to set_time_limit role that may generate warnings
added wfu_before_frontpage_scripts filter that executes right before frontpage scripts and styles are loaded
added functionality to avert incompatibilities with NextGen Gallery plugin

3.4.one

plugin'due south security improved to reject files that contain .php.js or similar extensions

3.4.0

added fitmode aspect to make the plugin responsive
added widget "WordPress File Upload Grade", and so that the uploader can be installed in a sidebar
changes to Shortcode Composer then that information technology can edit plugin instances existing in sidebars equally widgets
changes to Uploader Instances in plugin's area in Dashboard to show also instances existing within sidebars
added the ability to define dimensions (width and height) for the whole plugin
dimensioning of plugin'southward elements improved when fitmode is set to "responsive"
filter and non-object warnings of front end-finish file browser, actualization when DEBUG mode is ON, removed
issues fixed to front-end file browser to hide Shortcode Composer button for non-admin users
logic changed to front-end file browser to permit users to download files uploaded by other users
code inverse to forepart-cease file browser to bear witness a message when a user attempts to delete a file that was not uploaded past him/her

3.iii.ane

bug corrected that was breaking plugin operation for php versions prior to 5.three
added a "Maintenance Deportment" department in plugin's Dashboard page
added pick in plugin'south "Maintenance Actions" to completely clean the database log

3.iii.0

userdatalabel attribute changed to allow many field types
added the following user information field types: simple text, multiline text, number, email, confirmation email, password, confirmation countersign, checkbox, radiobutton, appointment, time, datetime, listbox and dropdown list
added several options to configure the new user data fields: characterization text (to define the label of the field), label position (to define the position of the label in relation to the field), required selection (to define if the field needs to be filled before file upload), do-non-autocomplete option (to preclude the browsers for completing the field automatically), validate pick (to perform validity checks of the field before file upload depending on its blazon), default text (to define a default value), grouping id (to grouping fields together such every bit multiple radio buttons), format text (to ascertain field formatting depending on the field blazon), typehook option (to enable field validation during typing inside the field), hint position (to define the position of the bulletin that will be shown to prompt the user that a required field is empty or is non validated) as well every bit an option to define additional data depending on the field type (eastward.k. define list of items of a listbox or dropdown listing)
Shortcode Composer changed to support the new user data fields and options
placement attribute tin can accept more than one instances of userdata
fixed bug not showing date selector of date fields in Shortcode Composer when working with Firefox or IE browsers
in some cases required userdata input field will turn red if not populated
shortcode_exists and wp_slash fixes for working before 3.6 WordPress version
small bug fixes

iii.2.1

removed 'form-field' course from admin table tr elements
corrected bug that was causing problems in uploadrole and uploaduser attributes when a username or role independent uppercase messages
uploadrole and uploaduser attributes logic modified; guests are allowed only if 'guests' discussion is included in the attribute
modifications to the download functionality script to be more robust
corrected bug that was not showing options below a line item of admin tables in Internet Explorer
several feature additions and problems fixes in Professional version

three.2.0

added selection in plugin's settings to relax CSS rules and then that plugin inherits theme styling
modifications in html and css of editable subfolders feature to look better
modifications in html and css of prompt message when a required userdata field is empty
PLUGINDIR was replaced by WP_PLUGIN_DIR and then that the plugin can work for websites where the contents dir is other than wp-content
stock-still bug that was non assuasive Shortcode Composer to launch when the shortcode was too large
fixed issues that was causing front-end file listing not to work properly when no instance of the plugin existed in the same folio / post

3.1.ii

important bug detected and fixed that was stripping slashes from post or page content when updating the shortcode using the shortcode composer

3.one.1

the previous version broke the piece of cake creation of shortcodes through the plugin's settings in Dashboard and it has been corrected, together with some improvements

3.1.0

an important feature (front-finish file browser) has been added in professional version 3.1.0
added port number support for uploads using ftp fashion
corrected bug that was non showing correctly in file browser files that were uploaded using ftp mode
eliminated confirmbox warning showing in page when website'due south DEBUG fashion is ON
eliminated warning: "Invalid statement supplied for foreach() in …plugins/wordpress-file-upload-pro/lib/wfu_admin.php on line 384"
eliminated warning: "Find: Undefined alphabetize: postmethod in /var/www/wordpress/wp-content/plugins/wordpress-file-upload-pro/lib/wfu_functions.php on line 1348"
eliminated warnings in plugin's settings in Dashboard

3.0.0

major version number has advanced because an of import feature has been added in Pro version (logged users can scan their uploaded files through their Dashboard)
several code modifications in file browser to make the plugin more secure against hacking, some functionalities in file browser have slightly changed
new file browser cannot edit files that were not uploaded with the plugin and it cannot edit or create folders
upload path cannot be exterior the wordpress installation root
files with extension php, js, pht, php3, php4, php5, phtml, htm, html and htaccess are forbidden for security reasons

two.7.half dozen

added functionality in Dashboard to add the plugin to a folio automatically
fixed issues that was non showing the Shortcode Composer considering the plugin could not observe the plugin instance when the shortcode was nested in other shortcodes

2.7.5

added German language and Greek translation

2.7.4

added Serbian translation thank you to Andrijana Nikolic from http://webhostinggeeks.com/
bug fix with %blogid%, %pageid% and %pagetitle% that where not implemented in notification emails
in single button operation selected files are removed in case that a subfolder has not been previously selected or a required user field has not been populated
bug stock-still in single file operation that allowed choice of multiple files through elevate-and-drop
issues stock-still with files over 1MB that got corrupted when maintaining files with same filename
dummy (exam) Shortcode Composer button removed from the plugin's Settings as it is no longer useful
added support for empty (nothing size) files
many code optimizations and security enhancements
stock-still javascript errors in IE8 that were breaking upload operation
lawmaking improvements to avert brandish of session warnings
added %username% in redirect link
added option in plugin's Settings in Dashboard to select culling POST Upload method, in order to resolve errors like "http:// wrapper is disabled in the server configuration by allow_url_fopen" or "Telephone call to undefined function curl_init()"
added filter action wfu_after_upload, where the admin can define additional javascript code to exist executed on user's browser after each file is finished

2.seven.3

of import bug fix in Pro version
added wfu_before_email_notification filter
corrected bug not showing correctly special characters (double quotes and braces) in email notifications

2.seven.2

important problems set in Pro version, very slight changes in free version

ii.vii.1

fixed issues with faulty plugin instances appearing when Woocommerce plugin is besides installed
Upload of javascript (.js) files is not allowed for avoiding security issues
stock-still problems with medialink and postlink attributes that were not working correctly
when medialink or postlink is activated, the files will be uploaded to the upload folder of WP website
when medialink or postlink is activated, subfolders will be deactivated
added choice in subfolders to enable the list to populate automatically
added option in subfolders the user to be able to type the subfolder
wfu_before_file_check filter tin modify the target path (not only the file proper name)

2.7.0

corrected bug when deleting plugin example from the Dashboard
corrected bug not finding "loading_icon.gif"

ii.half-dozen.0

full redesign of the upload algorithm to become more robust
added improved server-side handling of big files
plugin shortcodes can be edited using the Shortcode Composer
added visual editor button on the plugin to enable administrators to change the plugin settings easily
corrected problems causing sometimes database overloads
slight improvements of subfolder selection
improvements to avert code breaking in ajax calls when there are php warnings or echo from WordPress surround or other plugins
improvements and problems fixes in uploader when classic (no AJAX) upload is selected
eliminated php warnings in shortcode composer
corrected problems that was not correctly downloading files from the plugin's File Browser
added ameliorate security when downloading files from the plugin'due south File Browser
fixed bug non correctly showing the user that uploaded a file in the plugin'southward File Browser
utilise of curl to perform server http requests was replaced by native php considering some web servers do not have Whorl installed
corrected bug in shortcode composer where userdata fields were not shown in variables drop down
added characteristic that prevents folio closing if an upload is on progress
added forcefilename attribute to avert filename sanitization
added ftppassivemode aspect for enabling FTP passive mode when FTP method is used for uploading
added ftpfilepermissions attribute for defining the permissions of the uploaded file, when using FTP method
javascript and css files are minified for faster loading

2.5.5

fixed serious bug non uploading files when captcha is enabled
stock-still issues not redirecting files when email notification is enabled

2.five.iv

mitigated issue with "Session failed" errors appearing randomly in websites
fixed bug not applying %filename% variable inside redirect link
fixed bug non applying new filename, which has been modified with wfu_before_file_upload filter, in email notifications and redirects
fixed problems where when 2 large files were uploaded at the aforementioned time and ane failed due to failed clamper, then the progress bar would non go to 100% and the file would not be shown as cancelled

two.5.3

fixed bug non assuasive redirection to work
fixed problems that was including failed files in electronic mail notifications on sure occasions
default value for uploadrole changed to "all"

2.5.ii

fixed important bug in costless version non correctly showing message subsequently failed upload

two.5.1

fixed important problems in gratis version giving the same name to all uploaded files
fixed problems in free version non clearing completely the plugin cache from previous file upload

2.5.0

major redesign of upload algorithm to address upload issues with Safari for Mac and Firefox
files are first checked by server before actually uploaded, in guild to avoid uploading of big files that are invalid
modifications to progress bar lawmaking to make progress bar smoother
restrict upload of .php files for security reasons
fixed bug non showing correctly userdata fields inside email notifications when using ampersand or other special characters in userdata fields

two.4.6

variables %blogid%, %pageid% and %pagetitle% added in e-mail notifications and subject and %dq% in subject
corrected problems that was breaking Shortcode Composer when using more than than 10 attributes
corrected bug that was rejecting file uploads when uploadpattern aspect contained blank spaces
several code corrections in order to eliminate PHP alarm messages when DEBUG mode is on
several code corrections in order to eliminate warning messages in Javascript

two.4.5

correction of bug when using userfields inside notifyrecipients

2.4.4

intermediate update to make the plugin more immune to hackers

2.four.iii

correction of bug to allow uploadpath to receive userdata as parameter

2.four.2

intermediate update to address some vulnerability issues

ii.4.1

added filters and actions before and later each file upload – cheque below Filters/Actions section for instructions how to utilize them
added storage of file info, including user data, in database
added logging of file actions in database – admins can view the log from the Dashboard
admins can automatically update the database to reflect the current condition of files from the Dashboard
file browser improvements and so that more data about each file (including any user information) are shown
file browser improvements so that files can be downloaded
filelist improvements to display correctly long filenames (Pro version)
filelist improvements to distinguish successful uploads from failed uploads (Pro version)
improvements of chunked uploads and so that files that are not allowed to be uploaded are cancelled faster (Pro version)
corrected wrong bank check of file size limit for chunked files (Pro version)
added postlink attribute and so that uploaded files are linked to the current page (or post) as attachments
added subfolderlabel attribute to define the label of the subfolder selection characteristic
several improvements to subfolder selection feature
default value added to subfolder selection characteristic
definition of the subfoldertree attribute in the Shortcode Composer is now done visually
%userid% variable added within uploadpath attribute
userdata variables added inside uploadpath and notifyrecipients attributes
uploadfolder_label added to dimension items
user fields feature improvements
user fields label and input box dimensions are customizable
captcha prompt label dimensions are customizable (Pro version)
added gallery attribute to allow the uploaded files to be shown as epitome gallery beneath the plugin (Pro version)
added galleryoptions attribute to define options of the prototype gallery (Pro version)
added css attribute and a fragile css editor inside Shortcode Composer to allow ameliorate styling of the plugin using custom css (Pro version)
e-mail characteristic improved in conjunction with redirection
improved interoperability with WP-Filebase plugin
improved functionality of free text attributes (like notifymessage or css) by assuasive double-quotes and brackets within the text (using special variables), that were previously breaking the plugin

two.3.i

added choice to restore default value for each attribute in Shortcode Composer
added support for multilingual characters
correction of bug in Shortcode Composer that was not allowing attributes with atypical and plural course to be saved
correction of bug that was not irresolute errormessage aspect in some cases

2.two.3

correction of bug that was freezing the Shortcode Composer in some cases
correction of bug with successmessage attribute

2.two.2

serious issues fixed that was breaking operation of Shortcode Composer and File Browser when the WordPress website is in a subdirectory

2.2.ane

added file browser in Dashboard for admins
added attribute medialink to allow uploaded files to exist shown in Media
serious bug fixed that was breaking the plugin because of preg_replace_callback function
corrected fault in first attempt to upload file when captcha is enabled

2.one.3

variables %pagetitle% and %pageid% added in uploadpath.
problems fixes when working with IE8.
Shortcode Composer saves selected options
Easier handling of userdata variables in Shortcode Composer
correction of bug that allowed debugdata to be shown in non-admin users
reset.css removed from plugin every bit it was causing breaks in theme's css
correction of bug with WPFilebase Manager plugin

2.one.ii

Several problems fixes and code reconstruction.
Lawmaking modifications then that the plugin can operate even when DEBUG style is ON.
New aspect debugmode added to allow better debugging of the plugin when there are errors.

2.1.one

Issues fixes with broken images when WordPress website is in a subdirectory.
Replacement of glob function because is not allowed past some servers.

two.0.2

Bug fixes in Dashboard Settings Shortcode Composer.
Correction of important bug that was breaking folio in some cases.
Modest improvements of user data fields and notification e-mail attributes.

2.0.1

This is the initial release of WordPress File Upload. Since this plugin is the successor of Inline Upload, the whole changelog since the creation of the later is included.

Name of the plugin inverse to WordPress File Upload.
Plugin has been completely restructured to permit boosted features.
A new more advanced bulletin box has been included showing data in a more structured way.
Fault detection and reporting has been improved.
An administration page has been created in the Dashboard Settings, containing a Shortcode Composer.
Some more options related to configuration of bulletin showing upload results accept been added.
Several problems fixes.

i.7.14

Userdata attribute changed to allow the cosmos of more fields and required ones.
Spanish translation added cheers to Maria Ramos of WebHostingHub.

1.7.thirteen

Added notifyheaders attribute, in guild to permit better control of notification e-mail sent (east.g. allow to ship HTML email).

1.7.12

Added userdata attribute, in order to let users to ship additional text information along with the uploaded file.

i.seven.11

Added unmarried push button operation (file volition be automatically uploaded when selected without pressing Upload Button).

i.seven.x

Fixed bug with functionality of attribute filebaselink for new versions of WP-Filebase plugin.

1.7.9

Fixed problem with functionality of attribute filebaselink for new versions of WP-Filebase plugin.

1.7.eight

More than than 1 roles can at present be defined in attribute uploadrole, separated by comma (,).

1.seven.vii

Variable %filename% now works also in redirectlink.

1.7.6

Changes in ftp functionality, added useftpdomain attribute then that it can work with external ftp domains as well.
Improvement of archetype upload (used in IE or when setting forceclassic to true) messaging functionality.
Minor bug fixes.

1.7.five

Source modified so that information technology can work with WordPress sites that are not installed in root.
Added variable %blogid% for apply with multi-site installations.
Bug fixes related to showing of messages.

i.7.four

Replacement of json2.js with another version.

1.7.3

CSS style changes to resolve conflicts with various theme CSS styles.

one.seven.two

Added variable %useremail% used in notifyrecipients, notifysubject and notifymessage attributes.

1.seven.1

Added capability to upload files outside wp-content folder.
Improved error reporting.

1.vii

Complete restructuring of plugin HTML lawmaking, in social club to brand it more than configurable and customizable.
Advent of messages has been improved.
Added option to put the plugin in testmode.
Added option to configure the colors of success and fail messages.
Added option to modify the dimensions of the individual objects of the plugin.
Added option to change the placement of the individual objects of the plugin.
Improved fault reporting.
Added localization for fault messages.
Modest bug fixes.

ane.6.3

Bug fixes to correct incompatibilities of the new ajax functionality when uploadrole is ready to "all".

one.6.2

Bug fixes to correct incompatibilities of the new ajax functionality with redirectlink, filebaselink and adminmessages.

1.half-dozen.1

Correction of serious bug that prevented the normal operation of the plugin when the browser of the user supports HTML5 functionality.
Tags added to the plugin WordPress page.

one.6

Major lifting of the whole lawmaking.
Added ajax functionality so that file is uploaded without page reload (works in browsers supporting HTML5).
Added upload progress bar (works in browsers supporting HTML5).
Added option to allow user to select if wants to use the old form upload functionality.
File will not be saved once more if user presses the Refresh button (or F5) of the folio.
Translation strings updated.
Bug fixes for problems when there are more than i instances of the plugin in a single folio.

1.5

Added option to notify user about upload directory.
Added choice to let user to select a subfolder to upload the file.

one.4.one

css corrections for bug fixes.

1.4

Added option to adhere uploaded file to notification email.
Added option to customize message on successful upload (variables %filename% and %filepath% can exist used).
Added pick to customize color of message on successful upload.
"C:\fakepath\" problem resolved.
warning bulletin about part create_directory() resolved.
css enhancements for compatibility with more themes.

1.3

Additional variables added (%filename% and %filepath%).
All variables can be used within message subject area and bulletin text.
Added option to decide how to treat duplicates (overwrite existing file, get out existing file, leave both).
Added option to decide how to rename the uploaded file, when another file already exists in the target directory.
Added selection to create directories and upload files using ftp access, in order to overcome file owner and SAFE Style restrictions.
Added the capability to redirect to another web page when a file is uploaded successfully.
Added the choice to show to administrators boosted messages virtually upload errors.
Bug fixes related to interoperability with WP_Filebase

1.ii

Added notification by email when a file is uploaded.
Added the ability to upload to a variable folder, based on the proper noun of the user currently logged in.

1.1

Added the option to allow anyone to upload files, by setting the attribute uploadrole to "all".

i.0

Initial version.

pattonsabighter79.blogspot.com

Source: https://wordpress.org/plugins/wp-file-upload/