Hi -- in my testing WP Media Folder works with WordPress Multisite, but there are security implications. The "FTP Import" feature that lets you import entire directories will let admins browse and import ALL files in the WordPress installation. If some of your sites are restricted to registered users, their files can still be imported into other sites using this plugin.
For now I made a slight change so that FTP Import functionality is only available to super admins. Would it be possible to build in some safety for multisite installs?
The two approaches I can think of would be:
a) restrict folder browsing to the current users blog files
b) if running on multisite only allow the FTP Import feature to super admin users.
Thanks
Rod
For now I made a slight change so that FTP Import functionality is only available to super admins. Would it be possible to build in some safety for multisite installs?
The two approaches I can think of would be:
a) restrict folder browsing to the current users blog files
b) if running on multisite only allow the FTP Import feature to super admin users.
Thanks
Rod
- Page :
- 1
There are no replies made for this post yet.