hi, all,
i install a opencart site. and i find that .tpl file is accessable direct by url,(eg. http://www.myopencartshop.com/catalog/t ... layout.tpl), and the source code will display on the screen.
how to disallow user access .tpl files directly?
I can't access the demo pages like this, please try going to http://demo.opencart.com/template/default/layout.tpl it won't work.
This is not a bug.
Thanks
This is not a bug.
Thanks
I can...
You will find that it is related to the setup of your web server.
One way of restricting this, which also gives a cleaner result than even the demo site is to put the following into your .htaccess file in the root directory of your web store (in my demo, it is the folder "store" in htdocs) It is an example of url rewriting so mod_rewrite needs to be enabled on your web server.
What it does is create a redirect to your home page for anyone who tries to access a file with extension .tpl on your web store by url.
Note that for the purpose of this demonstration, this is the only thing in the .htaccess file.
You will find that it is related to the setup of your web server.
One way of restricting this, which also gives a cleaner result than even the demo site is to put the following into your .htaccess file in the root directory of your web store (in my demo, it is the folder "store" in htdocs) It is an example of url rewriting so mod_rewrite needs to be enabled on your web server.
Code: Select all
Options +FollowSymlinks
RewriteEngine on
RewriteRule ^(.+)\.tpl$ /store/index.php?controller=home [r=301,nc]Note that for the purpose of this demonstration, this is the only thing in the .htaccess file.
Who is online
Users browsing this forum: No registered users and 4 guests
