It concerns security: if people are attaching their CVs to a form and then these are being stored on the website platform, anyone who types that URL (or guesses it) would be able to access the CV?
eg www.websitedomainname.co.uk/CV_filename
I understand the chances of guessing it (or accidentally typing it) are very small, but there are security implications of these documents being available on a public URL.
Please can you add the functionality to be able to secure a folder with uploads
I believe file uploads via forms was made secure in v5.0 but it was reverted soon after. I think due to backwards compatibility but I canāt quite remember or find that info again?
Iāll keep looking but Iād say this feature will be reinstated soon.
I had this response from Violetta at Treepl - ideally I dont want to have to upgrade to Pro Plan.
Hi Dawn,
We had to roll back the changes (secured file uploads via form submissions) based on the complaints here New issue with _Form_Submissions
Thereās a task in our internal backlog to add the functionality to be able to secure a folder with uploads (if needed) and select where to upload per each specific form. Iām afraid thereās no ETA on this task at this point. You can also create a public backlog request on this feature and vote for it to speed up the process.
As a workaround, you can consider creating a Secure Zone "Secured Uploads and secure /_form_submissions/3 folder. As the site in question is on the Business plan, youāll need to upgrade it to Pro to take advantage of the Secure Zones feature.
@Violetta.S I donāt think this should have to go back through the backlog process. The feature was one of the top voted features, got implemented. Had issues with implementation.
It should be implemented correctly. It looks like @Vlad said it would be re-implemented in April. Am I reading that incorrectly?
Weāve discussed this matter with Vlad. Iām afraid as I mentioned earlier, this needs to go through the backlog in order to speed up the process. Vlad indeed promised to implement this feature in April or later, but due to the current priority list, this is far from the top.
@Violetta.S that creates a challenging situation for us. We have sites that were built/migrated when this feature was enabled. Siteās where users upload resumes or sensitive information.
What do I do with those sites? Tell the client that I can no longer offer the functionality I scoped?
I think itās poor form to send this back to the bottom of the queue.
Really disappointing as the only work around solution on offer is to upgrade my sites to the ProPlan - I canāt tell my client that something that used to work no longer works so they have to pay extra for it!!!
@Violetta.S You must be joking. We canāt even vote on back log items that havenāt been āReviewedā, So you haven take it from a feature that made it through the backlog process, into production, had some small issues so it was withdrawn with a promise to reinstate it, to you need to get it through the backlog process again, to you canāt actually vote on that feature.
Perhaps, since this item had already been looked at (and even implemented), it could be fast-tracked to the āReviewed Itemsā and then the votes can decide its priority.
We also had to deactivate features on migrated sites due to that fact, that uploaded files are not secure. As a matter of fact we canāt use file uploads in forms at all at the moment as an upload to an unsecured location is not compatible with GDPR regulations. So in my understanding this is not a feature which needs votes. Itās removing a flaw, which hinders full GDPR compliance of the platform.
Weāve added the ability to vote for this feature https://portal.treepl.co/backlog/4039
I understand this feature is critical for some partners, but due to current list of tasks in our internal backlog that exceeds 200 items Iām afraid thereās no other way to prioritize it at this point.
I now have to explain to clients that and I persuaded to move from a BC to Treepl that uploaded forms are no longer secure, but it might work again in the future but we have no idea when!!
This is a really disappointing result but thanks for trying Violetta.
Please vote for it, you can give all your votes to this feature. This will add extra value to this feature from the internal list we have and we hope weāll be able to include this to the next sprint.
Hi Violetta,
While I understand that there is an internal priority list of requests and such, this isnāt a new request, this was an existing, launched, published feature that had a bug, and should be treated as such. Bugs should be fixed without having to go to the backlog and voted on my partners.
This is extremely disappointing for the partners, as many have expressed above, and I would strongly suggest it be reviewed further, if this were a new feature, I could understand it needing to go to the backlog for review and voting, but itās not. This was an existing feature with a bug that should be fixed.
@Adam.Wilson could you please add this to the agenda for our treehouse meeting next week, I think itās important that this is raised for all partners to be aware of.