https://legacy.forums.gravityhelp.com/topic/export-download-not-working-security-issue Gravity Support Forums Topic: Export download not working / security issue en-US Mon, 20 Apr 2026 08:27:29 +0000 http://bbpress.org/?v=1.0.1 q https://legacy.forums.gravityhelp.com/search.php https://legacy.forums.gravityhelp.com/topic/export-download-not-working-security-issue#post-22531 Tue, 05 Apr 2011 11:52:25 +0000 Carl Hancock 22531@https://legacy.forums.gravityhelp.com/ <p>Yes, it's been resolved. 1.3.12.2 is pretty old actually. There have been a few major releases since then, with 1.5 being the latest. </p> https://legacy.forums.gravityhelp.com/topic/export-download-not-working-security-issue#post-22529 Tue, 05 Apr 2011 11:50:14 +0000 stickyeyes 22529@https://legacy.forums.gravityhelp.com/ <p>Hi Carl,</p> <p>We are using version 1.3.12.2. We haven't had our subscription that long but I am aware you are now at 1.5. Do you know if this is an issue that has been resolved in the latest version? </p> https://legacy.forums.gravityhelp.com/topic/export-download-not-working-security-issue#post-22519 Tue, 05 Apr 2011 11:33:10 +0000 Carl Hancock 22519@https://legacy.forums.gravityhelp.com/ <p>You didn't say which version of Gravity Forms you are using. The export functionality has been rewritten in later versions and revised again in Gravity Forms v1.5. In later versions, a file isn't created. It's streamed directly to the browser and functions exactly like the WordPress Export feature for exporting posts. It was written the same way. </p> https://legacy.forums.gravityhelp.com/topic/export-download-not-working-security-issue#post-22506 Tue, 05 Apr 2011 10:55:28 +0000 stickyeyes 22506@https://legacy.forums.gravityhelp.com/ <p>Just to add: I am unable to find a changelog for the latest version of gravity forms, can anyone can confirm if this issue has already been dealt with? </p> https://legacy.forums.gravityhelp.com/topic/export-download-not-working-security-issue#post-22504 Tue, 05 Apr 2011 10:50:55 +0000 stickyeyes 22504@https://legacy.forums.gravityhelp.com/ <p>Hello,</p> <p>We have been using Gravity Forms on a number of high profile Wordpress installations and discovered a serious security issue with the 'export' feature. It seems that the download feature does not work. I have tested it in the latest version of Firefox (4.0) and Google Chrome (12.0.712.0 Dev Build) and it simply does not download (or even alerts the user of what has happened). Instead, it generates a file (perhaps temporarily) in a folder within the uploads directory. I assume that this is for streaming to the browser (when really it should be done on-the-fly using PHP headers instead of creating a hard-copy of the file). </p> <p>As a result of the above, the user-sensitive data now becomes publicly accessible as the uploads directory requires 755 permissions as stated on Wordpress Documentation. To combat this issue, a permissions change (using .htaccess for example) to block access is required.</p> <p>Can someone please advise on whether this is an issue you guys are aware of and if not, investigate, as it is and has been (for us) a serious security flaw.</p> <p>P.S, The export did work in Safari. </p>