TOPIC: Protect uploads folder from access

Dear Paz,

Upon installation the extension adds a .htaccess with content

deny from all

to the uploads folder to ensure no one is able to directly access the files. Is that file missing on your website?

Thanks!

Thanks for the quick response. No that file was not there, but i have created it now.

So do I assume that your download script will somehow include the file rather than use URI access to the file? That sounds pretty good.

One question then. Can I move this folder outside of my webroot then? PHP should have access anywhere through include, so I could place this elsewhere in my home directory.

Thank you
p.

Hi Paz,

Yes of course, it's never using real path to file. You don't have to worry about anything now I am pretty sure

Thanks!

thanks!

I'm experiencing the same problem - folder is fully accessible from outside and no htaccess. Moreover, I looked into distribution archive and there're only 2 lines concerning this in admin/class.php file:


So there's only a check out there, but nothing's being created on install.

Can you give us instructions on how to make uploads folder accessible only from com_quicksell component?

Hi Mopnkeyman,

Happy new year!

Regarind the problem, please make a file called .htaccess in the uploads folder

It's content should be:
deny from all

Are you using the default folder or not?

I will check on the installation package this evening and issue update if necessery. I will also make sure when the folder is changed, a new .htaccess file is created.

Thanks for you valuable comment on this!