write www.mysitename.com/modules and download modules files :(

[makaraci]

Hello,

When http://www.mysitename.com/modules/ is written on the firefox,anyone can access my module files and download them.It is also same for /img, /themes, and every folder.So everyone can download my source file.

I want to prevent it.

When you write http://www.mysitename.com/modules/, you shouldnt go to modules files.When can i do it ?

[rocky]

I don't understand why that is happening. PrestaShop has an index.php file in the modules directory to prevent the folder's contents being listed. Did you upload modules/index.php to your server?

[makaraci]

Thanks Rocky.That file was missing .I just upload it and the problem is fixed.It was a securtiy hole ?

And do i have to update to 1.3.2 ? I currently use 1.3.1 .

Besy regards

[rocky]

I don't think it was a security hole, though it means anyone could see what modules you have on your server. If the individual module directories were also missing index.php files, then anyone would be able to download the module, including its PHP files. I don't think it would let anyone modify the files though.

PrestaShop v1.3.2 is a bug fix release, so it is a good idea to upgrade. It may be difficult to upgrade depending on how many files you have modified. You can download just the files that were modified in my post here. If you haven't modified any of the files that were changed, it should be easy to upgrade.