mkscripts
Forum Replies Created
-
Thank you for your concern and for bringing this to our attention. We are aware of the recent report regarding the potential for downloading arbitrary files. According to Patchstack, this issue is considered low priority and does not pose a significant security threat in real-world scenarios.
The reason for this is twofold:
- The vulnerability relies on an attacker being able to guess exact filenames (uploads folder), which is highly unlikely in most environments.
- Our plugin uses robust rate limiting, making automated or brute-force attacks impractical.
It is also important to note that the reported issue only affects files within the WordPress uploads directory (including dae-uploads and other subfolders). There is no risk of accessing files outside of uploads, such as core WordPress files or sensitive server files.
We take security seriously and are actively working on a security patch that will add strict validation to ensure that only files intentionally published for download can actually be accessed. We expect to release this update next week.
Thank you for your vigilance and for helping us keep the plugin secure for everyone.
Kind regards,
Team Download After EmailHi,
Thank you for your message. As this forum is dedicated to questions regarding the free plugin, we recommend submitting your inquiry through the premium support section within your account. We would be happy to assist you further there.
Kind regards,
Team Download After EmailHi,
Yes, you can find more information about this topic here.
Kind regards,
Team Download After EmailHi,
The download URL is created using the built-in WordPress home_url() function. If this function no longer returns a correct URL, another plugin may have modified its behavior. Another possibility is that another plugin is modifying the email content or the URLs within it. To determine which plugin is causing this issue, you could disable each plugin one by one and see if the issue has been resolved.
Kind regards,
Team Download After EmailHi Γrla,
Thanks for noticing. We released an update to address this. These errors indeed occurred from PHP version 8.2 onwards.
You can find the new version in your account. Since it’s been resolved, this thread will be closed. If a new issue arises, feel free to start a new one.
Kind regards,
Team Download After EmailForum: Plugins
In reply to: [Download After Email - Subscribe & Download Form Plugin] Optional checkboxHi,
You are right, it is not visible due to the following reasoning:
Whether or not the optional checkbox is checked is not displayed in the subscribers table because it can have a different value after each form submit. The data recorded from the optional checkbox is the time at which it was first checked (and submitted). This is the moment a visitor opts in. Any subsequent optional checkbox values are not relevant to record for determining the opt-in time. Therefore the opt-in time can be found in the “Opt-in Time” column in the subscribers table.
If you want to check whether the optional checkbox has been checked for each form submit, you can see this in the notification email (if enabled).
Kind regards,
Team Download After EmailThanks for noticing. We fixed it immediately and released version 2.1.8.
Kind regards,
Team Download After EmailThank you for using Download After Email!
Our plugin prevents search engine bots from accessing and indexing the documents stored in the dae-uploads directory, except for jpg and jpeg files. Only users who have completed the download form and received an email with a valid download link will have access to the respective download file.
If you have any more questions, feel free to ask. We are glad to help you.
Kind regards,
Team Download After EmailHi,
Thank you for using Download After Email.
There is an option available (in the free version) so you can duplicate the settings of another download (excluding the download file section). You can find it in the right sidebar on the Add/Edit Download page.
We hope you can enjoy our plugin even more (without the pain, we fully understand π ).
Kind regards,
Team Download After EmailHi Andreas,
{download_link} shows the file name and is clickable as an actual download link (HTML
<a>tag). The link will take you to the {download_url} where, after verification, the download file will be offered. This option is used most often. The other options are useful if you want to create your own download link in code for example.{download_url} shows the download URL as it appears in the browser. If you want to create your own download link/button in your code, you can use this value for the href attribute.
{download_file} shows the download file name in text.
An example of how you can create your own custom HTML download link within the editor (select text mode instead of visual for the input of HTML code) WP Admin > Downloads > Messages:
<a href="{download_url}" target="_blank">{download_file}</a>If you have any more questions, feel free to ask. We are glad to help you.
Kind regards,
Team Download After EmailHi,
You’re welcome! You could use the following CSS codes to remove the button and to show the download form by default:
.dae-shortcode-download-wrapper .dae-shortcode-download-button,
.dae-shortcode-download-wrapper .dae-shortcode-download-button:hover {
display: none !important;
}
.dae-shortcode-download-wrapper .dae-shortcode-register-wrapper {
display: block !important;
}Kind regards,
Team Download After EmailHi,
Thank you for your interesting question. It can indeed be cumbersome to delete your download files afterwards via the media library. To automatically remove the corresponding download file from the media library when you normally remove a download, you can use the following PHP code:
add_action( 'before_delete_post', 'delete_dae_attachment', 10, 2 );
function delete_dae_attachment( $post_id, $post ) {
if ( 'dae_download' != $post->post_type ) {
return;
}
// If a post with post_type dae_download is permanently deleted, permanently delete attachment as well
$dae_settings = get_post_meta( $post_id, 'dae_settings', true );
if ( ! empty( $dae_settings['file_id'] ) ) {
$attachment_id = (int) $dae_settings['file_id'];
wp_delete_attachment( $attachment_id, true );
}
}Although this is a tested and working code, it is always advisable to test the code first before using it on a live site.
We will think about an option to integrate this functionality in the future.
Kind regards,
Team Download After EmailHi there,
Thank you for your compliment, we really appreciate it! π
Yes, if you are using the plus version you could use a filter in your code to make form fields optional. As this is a question related to the plus version, we can’t cover it here. You can go to the premium support section within your account on our website and refer to this topic. We are glad to help you!
Kind regards,
Team Download After EmailHi,
This topic is covered in our FAQ here: https://wordpress.org/plugins/download-after-email/#why%20are%20emails%20not%20being%20sent%20or%20received%3F
If you have any more questions, feel free to ask. We are glad to help you.
Kind regards,
Team Download After EmailHi,
Great to hear that you are getting along well with our plugin!
The focus issue seems chrome related. When you search for “chrome focus download dialog box” you will come across similar results. What you could try is resetting your browser settings, disabling all browser extensions and updating Chrome to the latest version.
Kind regards,
Team Download After Email - The vulnerability relies on an attacker being able to guess exact filenames (uploads folder), which is highly unlikely in most environments.