內容簡介
WordPress 的檔案驗證主要依賴於檔案名稱的驗證,這留下了各種攻擊方式的風險。
Lord of the Files 增加了基於內容的驗證和消毒功能,確保檔案是其聲稱的並且適合在您的網站上使用。
主要功能包括:
強大的實際檔案類型檢測;
完整的 MIME 別名映射;
SVG 消毒(如果獨立允許了 SVG 上傳);
檔案上傳驗證除錯工具;
修正自 WordPress 4.7.1 起存在的問題(與#40175相關)。
修正了模糊的媒體擴展名#40921
需求
WordPress 5.2 或其以上版本。
PHP 7.3 或其以上版本。
dom PHP 擴展。
fileinfo PHP 擴展。
mbstring PHP 擴展。
xml PHP 擴展。
請注意:不建議在 PHP 已達到其生命週期終止的版本上運行 WordPress。未來版本的此插件可能會因必要而停止支援舊的、未維護的 PHP 版本。為確保您繼續收到插件更新、漏洞修補和新功能,請確保 PHP 保持最新狀態。🙂
隱私政策
此插件不使用或收集任何「個人資料」。
外掛標籤
開發者團隊
② 後台搜尋「Lord of the Files: Enhanced Upload Security」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
WordPress relies mostly on name-based validation when deciding whether or not to allow a particular file, leaving the door open for various kinds of attacks.
Lord of the Files adds to this content-based validation and sanitizing, making sure that files are what they say they are and safe for inclusion on your site.
The main features include:
Robust real filetype detection;
Full MIME alias mapping;
SVG sanitization (if SVG uploads have been independently allowed);
File upload validation debugger;
Fixes issues related to #40175 that have been present since WordPress 4.7.1.
Fixes ambiguous media extensions #40921
Requirements
WordPress 5.2 or later.
PHP 7.4 or later.
dom PHP extension.
fileinfo PHP extension.
mbstring PHP extension.
xml PHP extension.
Please note: it is not safe to run WordPress atop a version of PHP that has reached its End of Life. Future releases of this plugin might, out of necessity, drop support for old, unmaintained versions of PHP. To ensure you continue to receive plugin updates, bug fixes, and new features, just make sure PHP is kept up-to-date. 🙂
Privacy Policy
This plugin does not make use of or collect any “Personal Data”.
