{"id":285212,"date":"2026-03-04T17:07:18","date_gmt":"2026-03-04T17:07:18","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/client-document-manager\/"},"modified":"2026-03-09T19:18:05","modified_gmt":"2026-03-09T19:18:05","slug":"darkstar-file-manager","status":"publish","type":"plugin","link":"https:\/\/twd.wordpress.org\/plugins\/darkstar-file-manager\/","author":7408899,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.3","stable_tag":"1.0.3","tested":"6.9.4","requires":"5.0","requires_php":"7.4","requires_plugins":null,"header_name":"Darkstar File Manager","header_author":"Darkstar Media","header_description":"Secure file management system allowing administrators to share files with users and users to upload their own documents.","assets_banners_color":"97836b","last_updated":"2026-03-09 19:18:05","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/github.com\/justinblayney\/darkstar-file-manager","header_author_uri":"https:\/\/www.darkstarmedia.net","rating":5,"author_block_rating":0,"active_installs":0,"downloads":254,"num_ratings":1,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.2":{"tag":"1.0.2","author":"justinblayney","date":"2026-03-04 17:06:43"},"1.0.3":{"tag":"1.0.3","author":"justinblayney","date":"2026-03-09 19:18:05"}},"upgrade_notice":{"1.0.2":"<p>Plugin renamed to Darkstar File Manager. New slug: darkstar-file-manager. Updated prefixes and improved file upload validation.<\/p>","1.0.0":"<p>Initial release.<\/p>"},"ratings":{"1":0,"2":0,"3":0,"4":0,"5":1},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3474754,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3474754,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3474754,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3474754,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.2","1.0.3"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3474754,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3474754,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3474754,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3474754,"resolution":"4","location":"assets","locale":""}},"screenshots":{"1":"Client portal view showing documents from professional and client upload section","2":"Admin interface for uploading files to specific clients","3":"Settings page with configuration options and instructions","4":"User list with \"View Documents\" action link"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[257107,17989,12813,5887,257106],"plugin_category":[],"plugin_contributors":[257108],"plugin_business_model":[],"class_list":["post-285212","plugin","type-plugin","status-publish","hentry","plugin_tags-client-files","plugin_tags-client-portal","plugin_tags-document-management","plugin_tags-file-upload","plugin_tags-secure-documents","plugin_contributors-justinblayney","plugin_committers-justinblayney"],"banners":{"banner":"https:\/\/ps.w.org\/darkstar-file-manager\/assets\/banner-772x250.png?rev=3474754","banner_2x":"https:\/\/ps.w.org\/darkstar-file-manager\/assets\/banner-1544x500.png?rev=3474754","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/darkstar-file-manager\/assets\/icon-128x128.png?rev=3474754","icon_2x":"https:\/\/ps.w.org\/darkstar-file-manager\/assets\/icon-256x256.png?rev=3474754","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/darkstar-file-manager\/assets\/screenshot-1.png?rev=3474754","caption":"Client portal view showing documents from professional and client upload section"},{"src":"https:\/\/ps.w.org\/darkstar-file-manager\/assets\/screenshot-2.png?rev=3474754","caption":"Admin interface for uploading files to specific clients"},{"src":"https:\/\/ps.w.org\/darkstar-file-manager\/assets\/screenshot-3.png?rev=3474754","caption":"Settings page with configuration options and instructions"},{"src":"https:\/\/ps.w.org\/darkstar-file-manager\/assets\/screenshot-4.png?rev=3474754","caption":"User list with \"View Documents\" action link"}],"raw_content":"<!--section=description-->\n<p>Darkstar File Manager is a secure, easy-to-use plugin that creates a private document portal for each WordPress user. Perfect for accountants, lawyers, consultants, or any business that needs to securely exchange documents with clients.<\/p>\n\n<h4>Key Features<\/h4>\n\n<ul>\n<li><strong>Secure File Storage<\/strong> - Store files outside your web root for maximum security<\/li>\n<li><strong>User Isolation<\/strong> - Each client can only access their own documents<\/li>\n<li><strong>Two-Way File Sharing<\/strong> - Administrators can upload files for clients, and clients can upload files back<\/li>\n<li><strong>Separate File Sections<\/strong> - Client view shows \"Documents from Professional\" and \"Your Uploaded Documents\" separately<\/li>\n<li><strong>Simple Shortcode<\/strong> - <code>[dsfm_client_login]<\/code> displays login form and document manager<\/li>\n<li><strong>File Type Validation<\/strong> - Configurable allowed file types (PDF, DOC, DOCX, XLS, XLSX, images, etc.)<\/li>\n<li><strong>File Size Limits<\/strong> - Set maximum upload size (1-100 MB, default 50 MB)<\/li>\n<li><strong>MIME Type Checking<\/strong> - Prevents malicious file uploads<\/li>\n<li><strong>Bulk Operations<\/strong> - Delete multiple files at once from admin panel<\/li>\n<li><strong>Translation Ready<\/strong> - Full internationalization support with Polylang integration<\/li>\n<li><strong>Responsive Design<\/strong> - Works on desktop, tablet, and mobile devices<\/li>\n<\/ul>\n\n<h4>How It Works<\/h4>\n\n<ol>\n<li><strong>Create a Client Portal Page<\/strong> - Add the shortcode <code>[dsfm_client_login]<\/code> to any page<\/li>\n<li><strong>Configure Settings<\/strong> - Set upload path (outside web root recommended), file types, and size limits<\/li>\n<li><strong>Upload Files for Clients<\/strong> - Go to Users \u2192 hover over user \u2192 click \"View Documents\" to upload<\/li>\n<li><strong>Clients Access Files<\/strong> - Clients log in and visit the portal page to view and upload documents<\/li>\n<\/ol>\n\n<h4>Security Features<\/h4>\n\n<ul>\n<li>All files served through authenticated download handler (not direct file access)<\/li>\n<li>Path traversal protection with directory separator enforcement<\/li>\n<li>User authentication required<\/li>\n<li>Nonce verification on all forms and downloads<\/li>\n<li>CSRF protection on admin file downloads<\/li>\n<li>File type, MIME, and WordPress built-in type validation<\/li>\n<li>ZIP bomb protection (uncompressed content limit)<\/li>\n<li>Upload rate limiting (20 uploads per user per hour)<\/li>\n<li>Files stored outside web root by default<\/li>\n<li>Protective <code>.htaccess<\/code> and <code>index.php<\/code> written to upload directory on activation<\/li>\n<li>Each user can only access their own files<\/li>\n<\/ul>\n\n<h4>Note on File Storage<\/h4>\n\n<p>This plugin stores uploaded files outside the web root for security. Because of this requirement, files are moved using PHP's <code>move_uploaded_file()<\/code> directly after passing validation through WordPress's <code>wp_check_filetype_and_ext()<\/code>, our own MIME type check, extension allowlist, and size limits. Files cannot be stored through <code>wp_handle_upload()<\/code> without placing them inside the publicly accessible uploads directory, which would reduce security.<\/p>\n\n<h4>Perfect For<\/h4>\n\n<ul>\n<li>Tax professionals sharing documents with clients<\/li>\n<li>Lawyers exchanging contracts and legal documents<\/li>\n<li>Consultants sharing reports<\/li>\n<li>Any business requiring secure client file exchange<\/li>\n<\/ul>\n\n<h3>Additional Information<\/h3>\n\n<h4>Support<\/h4>\n\n<p>For support, please visit <a href=\"https:\/\/www.darkstarmedia.net\">Darkstar Media<\/a> or contact us through our website.<\/p>\n\n<h4>Privacy Policy<\/h4>\n\n<p>This plugin stores uploaded files on your server and metadata (filenames, timestamps, uploader) in JSON files. No data is sent to external servers.<\/p>\n\n<h4>Credits<\/h4>\n\n<p>Developed by Darkstar Media<\/p>\n\n<!--section=installation-->\n<h4>Automatic Installation<\/h4>\n\n<ol>\n<li>Log in to your WordPress admin panel<\/li>\n<li>Go to Plugins \u2192 Add New<\/li>\n<li>Search for \"Darkstar File Manager\"<\/li>\n<li>Click \"Install Now\" and then \"Activate\"<\/li>\n<\/ol>\n\n<h4>Manual Installation<\/h4>\n\n<ol>\n<li>Download the plugin zip file<\/li>\n<li>Log in to your WordPress admin panel<\/li>\n<li>Go to Plugins \u2192 Add New \u2192 Upload Plugin<\/li>\n<li>Choose the zip file and click \"Install Now\"<\/li>\n<li>Activate the plugin<\/li>\n<\/ol>\n\n<h4>After Installation<\/h4>\n\n<ol>\n<li>Go to Settings \u2192 Darkstar File Manager<\/li>\n<li>Configure the upload folder path (recommended: outside web root for security)<\/li>\n<li>Set allowed file types and maximum file size<\/li>\n<li>Create a new page (e.g., \"Client Portal\")<\/li>\n<li>Add the shortcode: <code>[dsfm_client_login]<\/code><\/li>\n<li>Publish the page<\/li>\n<li>Share the page URL with your clients<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"how%20do%20i%20upload%20files%20for%20a%20specific%20client%3F\"><h3>How do I upload files for a specific client?<\/h3><\/dt>\n<dd><p>Go to Users in your WordPress admin panel. Hover over the user you want to upload files for, and click \"View Documents\". You'll see an upload form where you can select and upload files for that client.<\/p><\/dd>\n<dt id=\"where%20are%20the%20files%20stored%3F\"><h3>Where are the files stored?<\/h3><\/dt>\n<dd><p>Files are stored in the path you configure in Settings \u2192 Darkstar File Manager. For maximum security, we recommend storing files outside your web root (e.g., <code>\/var\/www\/client-docs<\/code> instead of <code>\/var\/www\/html\/wp-content\/client-docs<\/code>).<\/p><\/dd>\n<dt id=\"can%20clients%20see%20other%20clients%27%20files%3F\"><h3>Can clients see other clients' files?<\/h3><\/dt>\n<dd><p>No. Each client can only see and download files in their own folder. The plugin enforces strict user isolation.<\/p><\/dd>\n<dt id=\"what%20file%20types%20are%20allowed%3F\"><h3>What file types are allowed?<\/h3><\/dt>\n<dd><p>By default: PDF, DOC, DOCX, XLS, XLSX, CSV, TXT, JPG, JPEG, PNG, GIF, WEBP, and ZIP files. You can customize this list in Settings \u2192 Darkstar File Manager.<\/p><\/dd>\n<dt id=\"how%20do%20i%20change%20the%20maximum%20file%20size%3F\"><h3>How do I change the maximum file size?<\/h3><\/dt>\n<dd><p>Go to Settings \u2192 Darkstar File Manager and adjust the \"Maximum File Size (MB)\" setting. You can set it between 1 and 100 MB.<\/p><\/dd>\n<dt id=\"is%20this%20plugin%20translation%20ready%3F\"><h3>Is this plugin translation ready?<\/h3><\/dt>\n<dd><p>Yes! The plugin is fully internationalization-ready and includes Polylang integration for multilingual sites. Translation files are located in the <code>\/languages<\/code> directory.<\/p><\/dd>\n<dt id=\"can%20clients%20delete%20files%20i%20upload%20for%20them%3F\"><h3>Can clients delete files I upload for them?<\/h3><\/dt>\n<dd><p>No. Files uploaded by administrators appear in a separate \"Documents for you\" section (read-only). Clients can only delete files they uploaded themselves.<\/p><\/dd>\n<dt id=\"how%20do%20clients%20access%20their%20documents%3F\"><h3>How do clients access their documents?<\/h3><\/dt>\n<dd><p>Clients simply log in to your WordPress site and visit the page where you added the <code>[dsfm_client_login]<\/code> shortcode. After logging in, they'll see all their documents and can upload new ones.<\/p><\/dd>\n<dt id=\"does%20this%20work%20with%20ithemes%20security%2C%20wordfence%2C%20or%20other%20security%20plugins%3F\"><h3>Does this work with iThemes Security, Wordfence, or other security plugins?<\/h3><\/dt>\n<dd><p>Yes! The plugin automatically detects and uses the custom login URL configured by security plugins like iThemes Security, Wordfence, or any other plugin that changes the WordPress login page. The login form on the shortcode page will work seamlessly with these security plugins.<\/p><\/dd>\n<dt id=\"is%20this%20secure%3F\"><h3>Is this secure?<\/h3><\/dt>\n<dd><p>Yes. The plugin implements multiple security layers:\n- Files are served through an authenticated handler (not direct URLs)\n- User authentication required\n- Path traversal protection\n- File type, MIME, and WordPress built-in type validation\n- Nonce verification on all actions\n- Files can be stored outside web root<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Renamed plugin to Darkstar File Manager with new slug darkstar-file-manager<\/li>\n<li>Updated all function, option, and constant prefixes from cdm_ to dsfm_<\/li>\n<li>Added wp_check_filetype_and_ext() to upload validation for WordPress-native file type checking<\/li>\n<li>Added justinblayney as contributor<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>Secure file upload and download system<\/li>\n<li>Admin can upload files for clients via Users admin panel<\/li>\n<li>Clients can upload and download files via shortcode portal<\/li>\n<li>Separate sections for admin-uploaded vs client-uploaded files<\/li>\n<li>Configurable file types, size limits, and upload path<\/li>\n<li>File type, MIME type, and WordPress built-in type validation<\/li>\n<li>ZIP bomb protection (uncompressed size limit)<\/li>\n<li>Upload rate limiting (20 uploads per user per hour)<\/li>\n<li>CSRF protection on all forms and file downloads<\/li>\n<li>Path traversal protection with directory separator enforcement<\/li>\n<li>Protective <code>.htaccess<\/code> and <code>index.php<\/code> auto-written to upload directory<\/li>\n<li>Upload directory defaults to outside web root for security<\/li>\n<li>Bulk delete functionality for admins<\/li>\n<li>Privacy policy content registered with WordPress<\/li>\n<li>Clean uninstall removes all plugin options<\/li>\n<li>Translation ready with Polylang support<\/li>\n<li>Responsive design<\/li>\n<\/ul>","raw_excerpt":"Secure client document management system allowing administrators to share files with clients and clients to upload their own documents.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/285212","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=285212"}],"author":[{"embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/justinblayney"}],"wp:attachment":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=285212"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=285212"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=285212"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=285212"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=285212"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=285212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}