Jump to content

[SOLVED] download folder permissions

jpac

By jpac
in Configuring and using PrestaShop

 Share

Recommended Posts

jpac Newbie

jpac

Posted
Posted (edited)

Hi,

 

I'm setting up a digital download product. Via FTP I see the product file gets this name:

 

83880d0db40da83e9089bb513e6064f22bf4973a

 

This string appears in the link the customer receives to download the product. Knowing this string I can use my internet browser to download the file directly from a link like this:

 

http://myshop.com/do...e6064f22bf4973a

 

which seems to me a bit strange. Safari can even recognize the extension of the real file and it opens it without problem!

 

Is there a list of folder permissions to protect the "download" folder and it's files from direct downloads?

 

 

Thanks in advance for any tips!

 

Juan

 

 

system info below:

 

 

Prestashop Version: 1.4.8.3

 

PHP Version: 5.3.13

 

MySQL Version: 5.1.52

Edited by jpac (see edit history)
Link to comment
Share on other sites
Bazze Newbie

Bazze

Posted
Posted (edited)

This is very strange that PrestaShop doesn't add some sort of protection for direct access automatically.

 

It should work if you put a file named .htaccess in the download/ directory with this contents:

 

deny from all

 

I've always been taking this kinda protection for granted so I've never bothered to check if there've been any protection from direct access. I'm frustrated that there haven't been any protection for it, so I filed a report for improvement (I'm amazed that no one had done it before) http://forge.prestashop.com/browse/PSCFI-6444

Edited by Bazze (see edit history)
Link to comment
Share on other sites
jpac Newbie

jpac

Posted
  • Author
Posted

Hi Bazze,

 

Thank you for the tip. The .htaccess file containing "deny from all" does the job. Now I get a message like this one:

 

 

403 Permission Denied

You do not have permission for this request /download/83880d0db40da83e9089bb513e6064f22bf4973a

 

Which gives me a better feeling!

 

Thank you also for reporting the issue.

 

juan

Link to comment
Share on other sites
  • 4 years later...
sainettech Newbie

sainettech

Posted
Posted

Hi,

 

I am facing a problem with my download sheets, due to .htaccess files I am not able to see the right name of the file. 

when we download the product datasheet from download the file is showing blank (seems corrupted)

 

can any body help me how to short this.

 

thanks. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...