Plugin / NO SSL Flash Upload

Aaron A. Kelley

Description

Description

Note: WordPress 3.3 offers a new, non-Flash uploader; this plugin may break it.

If you are using SSL (https) to secure your WordPress admin sessions and you
have an SSL certificate that is not trusted by default (because it is self-
signed, signed by an untrusted certificate authority, signed for a different
domain name, etc.), then you probably have problems using the Flash uploader.

This plugin disables SSL usage by the Flash uploader. This allows you to use
the Flash uploader when you have FORCE_SSL_ADMIN enabled, with an untrusted SSL
certificate. This works around the vague “IO Error” you get from the Flash
uploader in such a situation.

Note that this plugin comes with the following security implications:

  • Flash uploads no longer use SSL, thus, your uploaded files aren’t encrypted
    during transmission.
  • Uploading files with the Flash uploader will transmit your WordPress
    authentication cookie in plain text.
  • If someone captures your login cookie (which is transmitted any time you load
    a page on your WordPress site while logged in, whether you are using SSL or
    not), they may be able to use it to upload files, view information about
    uploaded files, or change information about uploaded files.

If the benefit of having the Flash uploader available outweighs these potential
security risks for you, then you can use this plugin to enable the Flash
uploader.

Note that this plugin override’s WordPress’s auth_redirect and
wp_validate_auth_cookie functions, and may not work if you are using other
plugins that override these functions.

DIRECTORY DISCLAIMER

The information provided in this THEME/PLUGIN DIRECTORY is made available for information purposes only, and intended to serve as a resource to enable visitors to select a relevant theme or plugin. wpSocket gives no warranty of any kind, express or implied with regard to the information, including without limitation any warranty that the particular theme or plugin that you select is qualified on your situation.

The information in the individual theme or plugin displayed in the Directory is provided by the owners and contributors themselves. wpSocket gives no warranty as to the accuracy of the information and will not be liable to you for any loss or damage suffered by you as a consequence of your reliance on the information.

Links to respective sites are offered to assist in accessing additional information. The links may be outdated or broken. Connect to outside sites at your own risk. The Theme/Plugin Directory does not endorse the content or accuracy of any listing or external website.

While information is made available, no guarantee is given that the details provided are correct, complete or up-to-date.

wpSocket is not related to the theme or plugin, and also not responsible and expressly disclaims all liability for, damages of any kind, arising out of the use, reference to, or reliance on, any information or business listed throughout our site.

Keep Leading Your Followers!
Share it for them.