# π€ Izzygld Entry Export for Gravity Forms
### Share Gravity Forms data securely β without giving away admin access
[](https://wordpress.org/plugins/)
[](https://wordpress.org/)
[](https://www.gravityforms.com/)
[](https://php.net/)
[](LICENSE)
> **Note:** This plugin has been submitted to the WordPress.org Plugin Directory and is awaiting review (submitted March 30, 2026).
---
## π― What Does This Plugin Do?
**In one sentence:** Generate secure, time-limited download links so external partners can download form entries as CSV β without logging into WordPress.
```
βββββββββββββββββββ Generate Link βββββββββββββββββββ Click Link βββββββββββββββββββ
β Admin User β βββββββββββββββββββΆ β Secure URL β βββββββββββββββββββΆ β External User β
β (WordPress) β β (Time-Limited) β β (Any Browser) β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β
βΌ
π CSV Downloads
(Selected Fields Only)
```
---
## π€ Why Use This?
| β Without This Plugin | β
With This Plugin |
|------------------------|---------------------|
| Give vendors WordPress admin access | Vendors get a simple download link |
| Manually export & email CSV files | Self-service, automated downloads |
| Full data exposure risk | Only selected fields are shared |
| No audit trail | Every download is logged |
| Complex API setup needed | Zero technical knowledge required |
---
## π Table of Contents
1. [Installation](#-installation)
2. [Quick Start Guide](#-quick-start-guide-5-minutes)
3. [For External Users](#-for-external-users-share-this-section)
4. [Configuration Options](#-configuration-options)
5. [FAQ](#-frequently-asked-questions)
6. [Troubleshooting](#-troubleshooting)
7. [For Developers](#-for-developers)
---
## π¦ Installation
### Option 1: Manual Upload (Easiest)
1. **Download** this plugin folder
2. **Upload** to `/wp-content/plugins/izzygld-entry-export-for-gravity-forms/`
3. **Activate** in WordPress β Plugins
4. **Done!** Look for "External Export" in your Forms menu
### Option 2: Via Composer
```bash
composer require izzygld/izzygld-entry-export-for-gravity-forms
```
### Requirements
| Requirement | Minimum Version |
|-------------|-----------------|
| WordPress | 5.8+ |
| PHP | 7.4+ |
| Gravity Forms | 2.5+ |
---
## π Quick Start Guide (5 Minutes)
### Step 1: Enable Export for Your Form
> **Where:** Forms β [Select Your Form] β Settings β External Export
1. β
Check **"Allow generating external export links"**
2. β
Select which fields can be exported (only these will appear in CSV)
3. πΎ Click **Save Settings**
```
π‘ TIP: Only enable fields that are safe to share externally.
Sensitive fields like passwords should NOT be selected.
```
### Step 2: Generate a Download Link
> **Where:** Forms β External Export Links
1. Select your form from the dropdown
2. Pick the fields to include in this export
3. Choose link expiration:
- π 1 Hour (most secure)
- π 6 Hours
- π
24 Hours (recommended)
- π 7 Days
- π 30 Days
- βΎοΈ Never expires
4. *(Optional)* Set date range filter
5. Click **"Generate Export Link"**
6. π **Copy the URL** β that's it!
### Step 3: Share the Link
Send the URL to your external partner via:
- π§ Email
- π¬ Slack/Teams
- π± Text message
- π Any way you communicate!
---
## π₯ For External Users (Share This Section)
### How to Download Your Data
**You've received a download link. Here's what to do:**
1. **Click the link** (or paste it into your browser)
2. **CSV file downloads automatically**
3. **Open in Excel, Google Sheets, or any spreadsheet app**
That's it! No login required.
### What to Expect
| β
You CAN | β You CANNOT |
|-----------|---------------|
| Download the CSV file | Access other data |
| Open in any spreadsheet app | Log into WordPress |
| Download multiple times (until limit) | Modify any data |
| Share the link (if allowed) | See fields not selected by admin |
### Link Not Working?
The link may have:
- β° **Expired** β Ask the admin for a new link
- π’ **Hit download limit** β Ask for a new link
- π« **Been revoked** β Contact the admin
---
## βοΈ Configuration Options
### Global Settings
> **Where:** Forms β Settings β External Export
| Setting | What It Does | Recommended |
|---------|--------------|-------------|
| **Default Expiration** | How long links stay valid | 24 Hours |
| **Max Downloads** | Times a link can be used | 10 |
| **Access Logging** | Track all downloads | β
Enabled |
| **Secret Key** | Encryption key (auto-generated) | Leave as-is |
| **IP Allowlist** | Restrict to specific IPs | Optional |
### Per-Form Settings
> **Where:** Forms β [Form Name] β Settings β External Export
| Setting | What It Does |
|---------|--------------|
| **Enable Export** | Turn on/off for this form |
| **Exportable Fields** | Which fields appear in CSV |
| **Entry Metadata** | Include ID, date, status, IP |
| **Default Status** | Active, spam, trash, or all |
| **Date Filtering** | Allow date range selection |
---
## β Frequently Asked Questions
Is this secure?
Yes! Links use cryptographic signing (HMAC-SHA256). External users:
- Cannot guess valid URLs
- Cannot access other forms
- Cannot modify any data
- Can only download what you've allowed
Can I revoke a link after sharing it?
Yes! Go to **Forms β External Export Links**, find the link in the table, and click **Revoke**. It stops working immediately.
What format is the export?
CSV (Comma-Separated Values). Opens in Excel, Google Sheets, Numbers, or any spreadsheet software.
Can external users edit the data?
No. They can only download. The link is read-only.
How do I know if someone downloaded the file?
Enable **Access Logging** in settings. Every download is logged with timestamp and IP address.
Can I limit who downloads?
Yes! Use the **IP Allowlist** to restrict downloads to specific IP addresses.
What happens when a link expires?
The external user sees an error message. Generate a new link if needed.
Can I include/exclude specific entries?
You can filter by:
- Date range (start/end date)
- Entry status (active, spam, trash)
Individual entry selection is planned for v2.
---
## π§ Troubleshooting
### "Link not working" / 403 Error
| Cause | Solution |
|-------|----------|
| Link expired | Generate a new link |
| Download limit reached | Generate a new link |
| Link was revoked | Generate a new link |
| IP not in allowlist | Add user's IP or disable allowlist |
### "Form not showing in dropdown"
1. Go to Forms β [Your Form] β Settings β External Export
2. Enable "Allow generating external export links"
3. Save settings
### "No fields available to select"
1. Go to form settings β External Export
2. Select which fields should be exportable
3. Save settings
### CSV opens with weird characters
The CSV includes a UTF-8 BOM for Excel compatibility. If you see strange characters:
- In Excel: Open via Data β From Text/CSV
- In Google Sheets: Should work automatically
---
## π¨βπ» For Developers
REST API Endpoints
| Endpoint | Method | Auth | Description |
|----------|--------|------|-------------|
| `/izzygld-eee/v1/export` | GET | Token | Public download |
| `/izzygld-eee/v1/preview` | GET | Admin | Entry count |
| `/izzygld-eee/v1/form-fields/{id}` | GET | Admin | Field list |
| `/izzygld-eee/v1/links` | GET | Admin | Active links |
Available Hooks
```php
// Modify search criteria
add_filter( 'izzygld_eee_search_criteria', function( $criteria, $filters ) {
return $criteria;
}, 10, 2 );
// Modify field map
add_filter( 'izzygld_eee_field_map', function( $field_map, $form, $fields ) {
return $field_map;
}, 10, 3 );
// Transform field values
add_filter( 'izzygld_eee_field_value', function( $value, $entry, $field, $form ) {
return $value;
}, 10, 4 );
// Modify final CSV
add_filter( 'izzygld_eee_csv_content', function( $csv, $entries, $form ) {
return $csv;
}, 10, 3 );
```
Generate Link Programmatically
```php
$addon = izzygld_entry_export();
$result = $addon->token_handler->generate_token([
'form_id' => 1,
'fields' => ['field_1', 'field_2'],
'description' => 'Export for Vendor ABC',
'filters' => [
'start_date' => '2024-01-01',
'end_date' => '2024-12-31',
'status' => 'active',
],
], 24); // Hours until expiration
// $result = [
// 'token_id' => 'abc123...',
// 'url' => 'https://...',
// 'expires_at' => '2024-01-02 12:00:00',
// 'form_id' => 1,
// ]
```
Database Tables
**Tokens Table:** `{prefix}_izzygld_eee_tokens`
- Token ID, hash, form ID
- Fields, filters (JSON)
- Expiration, download counts
- Revocation status
**Logs Table:** `{prefix}_izzygld_eee_access_logs`
- Access timestamp
- IP, user agent
- Success/failure status
Both tables are removed on plugin uninstall.
---
## π Security Details
| Feature | Implementation |
|---------|----------------|
| Token signing | HMAC-SHA256 |
| Token format | Base64(token_id \| form_id \| signature) |
| Expiration | Server-side validation |
| CSV injection | Prefix dangerous chars with `'` |
| Input sanitization | WordPress sanitization functions |
---
## π License
GPL-2.0-or-later β Free to use, modify, and distribute.
---
## π Support
Having issues? Check the [Troubleshooting](#-troubleshooting) section or open an issue on GitHub.
---
**Made with β€οΈ for the Gravity Forms community**
- PHP 7.4+
- Gravity Forms 2.5+
## License
GPL-2.0-or-later
## Support
This addon is provided as-is for educational and demonstration purposes. For production use, consider additional security hardening based on your specific requirements.
## Changelog
See [CHANGELOG.md](CHANGELOG.md) for a detailed version history.
**Latest: v1.0.1** β Security fixes, code quality improvements, and Gravity Forms dependency check.