We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

how to secure templates files in theme folder

March 03, 2010 7:32pm

Subscribe [5]

  • #1 / Mar 03, 2010 7:32pm

    colddigital

    12 posts

    Hi,

    I’m running into an issue with my EE 1.6.8 installs where a public/guest user could potentially view any and all ‘raw’ template files as long as they knew the direct path. For instance, on my server a URL such as the one below would expose an unprocessed version of a template (including all EE tags, but not PHP):

    http://www.domain.com/themes/site/index.php

    For now I’ve gone ahead and created a .htaccess file in the ‘themes’ directory to deny all requests for .php files. Unfortunately that’s causing trouble for one of my add-ons (Wygwam) which has some core .php files that exist in ‘themes/wygwam’.

    So, I was wondering if there was a more elegant/easier way to prevent all such “template.php” files from being viewable, while not hindering other .php files from being used by EE from the ‘themes’ directory.

    thanks,

  • #2 / Mar 03, 2010 7:52pm

    Adam Dorsey

    1439 posts

    Can you just drop the htaccess file in your templates directory? Not for the entire themes directory?

  • #3 / Mar 04, 2010 11:32am

    Sue Crocker

    26054 posts

    Thanks for the assist, Adam.

    colddigital, does that make sense?

  • #4 / Mar 04, 2010 11:46am

    colddigital

    12 posts

    Thanks Adam and Sue. I’ll definitely give that a try.  I mistakenly presumed that all the template groups had to exist in the ‘themes’ folder, woops!

  • #5 / Mar 04, 2010 1:36pm

    silenz

    1651 posts

    They can reside anywhere. Just set the path in Global Template Preferences.

  • #6 / Mar 04, 2010 3:50pm

    Ingmar

    29245 posts

    Glad we cleared that up, colddigital. Do you still need assistance with this, or are you all set?

  • #7 / Mar 04, 2010 3:52pm

    colddigital

    12 posts

    I’m all set and Adam’s suggestion worked great. Thanks!

  • #8 / Mar 04, 2010 4:07pm

    Ingmar

    29245 posts

    Very glad to hear it 😊

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register