latest stable versions: v150827 (changelog)
top⇑

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Home Forums Candy Me

About: Candy Me

Sorry, I've not written a description yet. I'll get to it soon!

Topics I'm Subscribed To

Topics I've Started

My Latest Replies (From Various Topics)

Viewing 5 replies - 1 through 5 (of 5 total)
Author Replies
Author Replies
Posted: Friday May 18th, 2012 at 7:18 pm #13925
Candy Me
Username: candy

sorry Eduan, re-installing on a live site is unfortunatelly not an option :-(

It’s easy to say, but after millions of hacks and changes I had to make, it’s just impossible :-(

Would it be possible that you point me out to the contents I should find in the .htaccess?
Some standard file or so !?

Thanks again!
Posted: Thursday May 17th, 2012 at 5:08 pm #13807
Candy Me
Username: candy

to option 1 > I am using a plugin which lets you block access to your site for specific countries

http://wordpress.org/extend/plugins/iq-block-country/

so users in that country will simply not have any kind of access to your site :)
Posted: Thursday May 17th, 2012 at 4:28 pm #13797
Candy Me
Username: candy

seems like there is NO solution for this crucial issue either !??!

So what on Earth does s2 member protect !?!? Just text ?!?!

Posted: Monday May 7th, 2012 at 7:28 pm #12852
Candy Me
Username: candy

Hi Eduan,

I did find a file under plugins/s2member-files

here the contents:

Options +FollowSymLinks -MultiViews -Indexes



<IfModule mod_env.c>

# No GZIP for script-based file downloads.

	SetEnv no-gzip 1

</IfModule>



<IfModule mod_rewrite.c>

# Enable rewrite and configure base.

	RewriteEngine On

	RewriteBase /



# Initialize all environment variables we're using below.

	RewriteCond %{ENV:s2member_file_download_setup} !^complete$

	RewriteRule ^(.*)$ - [E=s2member_file_download_wp_vdir:0,E=s2member_file_download:$1,E=s2member_file_stream:0,E=s2member_file_inline:0,E=s2member_file_storage:0,E=s2member_file_remote:0,E=s2member_file_ssl:0,E=s2member_file_download_key:0,E=s2member_skip_confirmation:0,E=s2member_file_download_setup:complete]



# Handle virtual directories, common on multisite networks.

	RewriteCond %{ENV:s2member_file_download_wp_vdir_check} !^complete$

	RewriteCond %{THE_REQUEST} ^(?:GET|HEAD)(?:[\ ]+)(?:/)([_0-9a-zA-Z\-]+/)(?:wp-content/)

	RewriteRule ^(.*)$ - [E=s2member_file_download_wp_vdir:,E=s2member_file_download_wp_vdir:%1,E=s2member_file_download_wp_vdir_check:complete]



# Handle streaming download requests via the rewrite engine.

	RewriteCond %{ENV:s2member_file_download} ^(.*?)(?:s2member-file-stream/)(.+)$

	RewriteRule ^(.*)$ - [N,E=s2member_file_download:,E=s2member_file_download:%1%2,E=s2member_file_stream:,E=s2member_file_stream:&s2member_file_stream=yes]



	RewriteCond %{ENV:s2member_file_download} ^(.*?)(?:s2member-file-stream-(.+?)/)(.+)$

	RewriteRule ^(.*)$ - [N,E=s2member_file_download:,E=s2member_file_download:%1%3,E=s2member_file_stream:,E=s2member_file_stream:&s2member_file_stream=%2]



# Handle inline file requests via the rewrite engine.

	RewriteCond %{ENV:s2member_file_download} ^(.*?)(?:s2member-file-inline/)(.+)$

	RewriteRule ^(.*)$ - [N,E=s2member_file_download:,E=s2member_file_download:%1%2,E=s2member_file_inline:,E=s2member_file_inline:&s2member_file_inline=yes]



	RewriteCond %{ENV:s2member_file_download} ^(.*?)(?:s2member-file-inline-(.+?)/)(.+)$

	RewriteRule ^(.*)$ - [N,E=s2member_file_download:,E=s2member_file_download:%1%3,E=s2member_file_inline:,E=s2member_file_inline:&s2member_file_inline=%2]



# Handle storage specifications via the rewrite engine.

	RewriteCond %{ENV:s2member_file_download} ^(.*?)(?:s2member-file-storage-(.+?)/)(.+)$

	RewriteRule ^(.*)$ - [N,E=s2member_file_download:,E=s2member_file_download:%1%3,E=s2member_file_storage:,E=s2member_file_storage:&s2member_file_storage=%2]



# Handle remote authorization requests via the rewrite engine.

	RewriteCond %{ENV:s2member_file_download} ^(.*?)(?:s2member-file-remote/)(.+)$

	RewriteRule ^(.*)$ - [N,E=s2member_file_download:,E=s2member_file_download:%1%2,E=s2member_file_remote:,E=s2member_file_remote:&s2member_file_remote=yes]



	RewriteCond %{ENV:s2member_file_download} ^(.*?)(?:s2member-file-remote-(.+?)/)(.+)$

	RewriteRule ^(.*)$ - [N,E=s2member_file_download:,E=s2member_file_download:%1%3,E=s2member_file_remote:,E=s2member_file_remote:&s2member_file_remote=%2]



# Handle SSL file requests via the rewrite engine.

	RewriteCond %{ENV:s2member_file_download} ^(.*?)(?:s2member-file-ssl/)(.+)$

	RewriteRule ^(.*)$ - [N,E=s2member_file_download:,E=s2member_file_download:%1%2,E=s2member_file_ssl:,E=s2member_file_ssl:&s2member_file_ssl=yes]



	RewriteCond %{ENV:s2member_file_download} ^(.*?)(?:s2member-file-ssl-(.+?)/)(.+)$

	RewriteRule ^(.*)$ - [N,E=s2member_file_download:,E=s2member_file_download:%1%3,E=s2member_file_ssl:,E=s2member_file_ssl:&s2member_file_ssl=%2]



# Handle file download keys via the rewrite engine.

	RewriteCond %{ENV:s2member_file_download} ^(.*?)(?:s2member-file-download-key-(.+?)/)(.+)$

	RewriteRule ^(.*)$ - [N,E=s2member_file_download:,E=s2member_file_download:%1%3,E=s2member_file_download_key:,E=s2member_file_download_key:&s2member_file_download_key=%2]



# Handle confirmations having beek skipped via the rewrite engine.

	RewriteCond %{ENV:s2member_file_download} ^(.*?)(?:s2member-skip-confirmation/)(.+)$

	RewriteRule ^(.*)$ - [N,E=s2member_file_download:,E=s2member_file_download:%1%2,E=s2member_skip_confirmation:,E=s2member_skip_confirmation:&s2member_skip_confirmation=yes]



	RewriteCond %{ENV:s2member_file_download} ^(.*?)(?:s2member-skip-confirmation-(.+?)/)(.+)$

	RewriteRule ^(.*)$ - [N,E=s2member_file_download:,E=s2member_file_download:%1%3,E=s2member_skip_confirmation:,E=s2member_skip_confirmation:&s2member_skip_confirmation=%2]



# Cleanup variables not used in this request. Looking for `0` values.

	RewriteCond %{ENV:s2member_file_download_wp_vdir} ^0$

	RewriteRule ^(.*)$ - [E=s2member_file_download_wp_vdir:]

	

	RewriteCond %{ENV:s2member_file_stream} ^0$

	RewriteRule ^(.*)$ - [E=s2member_file_stream:]

	

	RewriteCond %{ENV:s2member_file_inline} ^0$

	RewriteRule ^(.*)$ - [E=s2member_file_inline:]

	

	RewriteCond %{ENV:s2member_file_storage} ^0$

	RewriteRule ^(.*)$ - [E=s2member_file_storage:]

	

	RewriteCond %{ENV:s2member_file_remote} ^0$

	RewriteRule ^(.*)$ - [E=s2member_file_remote:]

	

	RewriteCond %{ENV:s2member_file_ssl} ^0$

	RewriteRule ^(.*)$ - [E=s2member_file_ssl:]

	

	RewriteCond %{ENV:s2member_file_download_key} ^0$

	RewriteRule ^(.*)$ - [E=s2member_file_download_key:]

	

	RewriteCond %{ENV:s2member_skip_confirmation} ^0$

	RewriteRule ^(.*)$ - [E=s2member_skip_confirmation:]

	

# Put everything together now and process the internal rewrite.

	RewriteRule ^(.*)$ %{ENV:s2member_file_download_wp_vdir}?s2member_file_download=%{ENV:s2member_file_download}%{ENV:s2member_file_stream}%{ENV:s2member_file_inline}%{ENV:s2member_file_storage}%{ENV:s2member_file_remote}%{ENV:s2member_file_ssl}%{ENV:s2member_file_download_key}%{ENV:s2member_skip_confirmation} [QSA,L]

</IfModule>



<IfModule !mod_rewrite.c>

	deny from all

</IfModule>

What can I do with it now? :)

Thanks!
Posted: Monday May 7th, 2012 at 5:34 pm #12840
Candy Me
Username: candy

Hi Eduan,

Thank you for your answers!

But I am not talking about files, just images, pictures only!
I created some sort of portfolio by using custom post-types & taxonomies and the images get uploaded to the standard WP-upload path!

I can’t start playing around with FTP and embeded links etc. It all has to work over the interface, and that is not set to mess around with linked or embeded pictures in all possible ways and forms and I don’t know which conditionals. As a matter of fact, the issue has not that much to do with accessing the file itself – because that one gets protected by s2, the problem is with the images themselves which CAN be accessed directly – no login needed – if the person knows the URL. THAT is the big issue … and I really see it as a security breech

I have tried to modify the WP-upload path in WP/ADMIN/Settings/Media but when I later tried to upload images to the newly defined path, it told me “you don’t have enough permission to do that”.

It definitely ISN’T a server issue, the server is set to process both ftp and direct server requests and it works on everything else other than this! So it must be a s2member limitation, which I would like to have solved …

The images are not supposed to be downloaded or accsessed outside those posts, and they are just embeded there like normal images with 

<img src="pic" />

you know…

I realy, really need a way to have this solved, because it ruins all the so-called security which suddenly isn’t any security anymore :-(

Thank you!!

  • This reply was modified 4 years, 8 months ago by  Candy Me.
Viewing 5 replies - 1 through 5 (of 5 total)

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.