Uploaded files in a powermail form are stored in
http://www.domain.com/uploads/tx_powermail/
Anybody has access to these files!
Is there a way to restrict the access to the uploaded files?
When i add a .htaccess file in the folder with
Deny from all
Will Powermail and TYPO3 still have enough permissions to save and read the uploaded files?
First you should check your domain don't have security token like htaccess password authentication if not, so you can give this folder permission to 02755 it can help, or in the end you can change the path of the folder by typoscript.
Adding a .htaccess file in the folder with "deny from all" will restrict the access to the files.
Maybe could the powermail extension automaticly add the htacces file on installation.
Related
i'am new to the hosting/c-panel stuff, and i got a laravel based app installed on my godaddy hosting, the problem is that the application require some files that are placed on the root directory of the server for example http://server.com/images/ajax-loader.gif and the file is placed just there
but when i type the link http://server.com/images/ajax-loader.gif it doesn't find it:
so i need to add a public like http://server.com/public/images/ajax-loader.gif like:
the problem is that the entire app needs to be modified to add a public for every file like that, so is there any way i can access the root folder without adding this /public/ ?
Have you contacted the hosting provider? Usually, they help with these kinds of issues.
Do other images from your 'images' directory load fine? If all images in the images directory do not load in the browser, that indicates either a permission issue or some .htaccess settings. Again needs to be checked at the hosting provider end.
i use Powermail 3.12.10 in TYPO3 7.6.16. My problem is, that the implemented Captcha alsways is the same. It does not change when i reload and across browsers.
Any ideas?
That happens if the typo3temp folder is not writeable from TYPO3. So the image can't be overwritten. Check your install tool.
Same question was asked in Slack Channel ext-powermail some days ago.
Most likely the page is cached. Make sure the plugin is included as USER_INT.
In our case it was not the file permissions, but the file owner. I set it to www-data:www-data, et voila!
To set the owner for the whole directory and subdirectories: chown -R www-data:www-data <typo3-directory>
Also, in our (older) version of TYPO3, the captcha file was not in the typo3temp directory, but in the according ext directory for powermail.
I'm using Pico CMS, a small markdown project - http://pico.dev7studios.com/- installed and running good, however I am trying to password protect a folder with htaccess file but the cms is bypassing this and showing the file I call in the browser.
The funny thing is that the url for the file does not contain the "content" folder which is where all the files/pages are stored. All the other folders are contained in the url. This is the only reason that I can find to explain what's happening.
If I manually enter the url to that same folder, which is password protected, which includes the "content" folder in it's path, then I get the htaccess auth window showing. This proves the htaccess file is being read, but not when the CMS accesses it. Can anyone explain why and how to force the folder to be protected when I call any page with the browser.
If you open up a Pico site, your request is redirected to the index.php file (via mod_rewrite). That's why the "content" folder does not show up in the url.
That's also the reason why you are not asked for a password. The index.php file does not have to pass the htaccess auth to get to the *.md files.
Read this for a bigger picture:
https://stackoverflow.com/a/10923542/3294973
This plugin may be interesting to you:
https://github.com/jbleuzen/Pico-Private
Unfortunately, it can't protect only part of the website at this point.
Protecting single pages is now possible. (Check my GitHub Fork)
where the htaccess file stored in htdocs folder.
I try find it in my development server but i did not find it.
Whenever i try to type url which is not valid it is redirect to home page of site.
I am not able to find out where setting will be stored.
Thanks
Depending on what OS you use, Linux will recognize the .htaccess file as hidden Windows doesn't.
The .htaccess file could be in the root folder of your webserver (htdocs for example).
But it doesn't need to be there by default. If it is not in there by default you can just create one your self
Are your trying to find with server machine by connect with FTP via Filezilla.
If filezilla means you can't see the htdocs file, instead of that you can connect with Winscp means you can find the .htaccess file
When you deploy a Zend Framework website to a shared host, you usually cannot change the DocumentRoot to point at the public/ folder of the website. As a result the URL to the website is now http://www.example.com/public/.
Apart from choosing a proper host..there's any workaround?
thanks
Luca
If you have access to directories above public, you can put all non public files there.
Otherwise, you can put everything in a subdirectory, and block access to it with an .htaccess file.