clients no longer able to open their docx files stored in https://weeklystickypro.com/wp-content/plugins/s2member-files/ secure folder. The most recent s2member pro is intsalled. They are getting the forbidden page below.

[rshawdc]

EXPLANATION OF THE ISSUE

STEPS TO REPRODUCE THE ISSUE

BEHAVIOR THAT I EXPECTED

BEHAVIOR THAT I OBSERVED

[rshawdc]

[rshawdc]

do i need an update for my "s2member Secure-File Uploader" too? didn't see one on the site.

thanks!

[rshawdc]

Im the administrator and even I can't even access the folder.

Rob from Weekly Sticky Pro

[iverok]

It looks like you have spaces in your filenames. A recent update of Apache (2.4.56 I believe) added a security fix that messes up rewrite rules for files with spaces in the filename - you should be seeing something like "Rewritten query string contains control characters or spaces" in your error logs.

The only fix we've found so far is to edit the .htaccess file generated by S2Member so that it has this before any RewriteConds or RewriteRules but after the RewriteBase:

RewriteRule ^(.*)$ $1 [B]

You may also want to try

 `RewriteRule ^(.*)$ $1 "[B= ?,BNP]"`

which should only modify spaces.