top of page
Writer's pictureSS DIGITAL SOLUTIONS

Version 1.1.5 Brings Improved Security

Easy Digital Downloads version 1.1.5 was released a few minutes ago and one of the focuses for this release was improvements to file security.

A few days ago a user reported that he had found a massive security flaw in the plugin that allowed site visitors to find and browse (and download) any product download files without purchasing them. This flaw was caused primarily by a bug in the plugin, but also by an oversight on my part when I originally setup the file storage structure.

With a few simple changes, this issue has been resolved and your files are much more secure. Directory browsing is now prevented with a redundant system of .htaccess files (for apache servers) and blank index.php files for all other server types. The necessary files to protect your download files will be created when you install the 1.1.5 update.

Along with the security improvements, there were also significant enhancements made to the discount code system so that buyers can only use a discount code once, as opposed to being able to use the same code over and over again for every purchase.

Another major upgrade was added that allows you to display a list of download links on the “success” page after a user completes the purchase. This option is primarily designed for sites that process all orders as guests (where the users don’t log in). This update will allow guest buyers to download their files immediately after purchase, without having to check their email. You will find this option in Downloads > Settings > General, as shown below:

The complete change log is below:

  1. Updated default language files

  2. Changed “Purchase Page” label to “Checkout Page” in settings

  3. Fixed a problem with serving download files

  4. Fixed a bug that caused images to break when uploaded to download products

  5. Made significant security improvements for protecting files against unauthorized downloads

  6. Updated discounts so taht users can only use a discount code once

  7. Download titles are now decoded for html entities in payment history

  8. Updated payment history to fix an error notice when a user isn’t found

  9. Added a new option for showing download links on the success page after completing a payment

  10. Fixed a couple of undefined index errors

  11. Added item prices to the cart widget

  12. Added support for the Iranian Rial currency. Make sure your gateway supports it before using it

  13. Updated the edd_remove_item_url() to use the current page URL instead of the home URL

  14. Added new edd_get_current_page_url() function

  15. Made the edd_payment post type not public

  16. Updated French language files

0 views0 comments

Recent Posts

See All
bottom of page