If renaming/deleting/editing the htacess in the includes folder DOES solve this, he also needs to do the same in the admin/includes folder I think...?
Printable View
If renaming/deleting/editing the htacess in the includes folder DOES solve this, he also needs to do the same in the admin/includes folder I think...?
Well, of course it's giving a 500 error if you try to access the file directly from outside of the website - it should either do that or throw a 403 error.
Vger
Quote:
Originally Posted by Twaddle
The reason for the suggested edit of the .htaccess file is that my experience tells me that some servers won't accept the file as it is written by default and needs for the *.php to be enclosed in double quotation marks (then it works). This is preferable to removing the .htaccess file.
Yes, the same would need to be applied to the admin/includes .htaccess file.
Vger
Not on a standard install it shouldn'tQuote:
Originally Posted by Vger
LOL - no error hereQuote:
Originally Posted by Vger
:wink::wink::wink:
Yes, it should - unless you are on an insecure server with Directory Browsing enabled. In which case you're stuffed anyway from a security point of view. If Directory Browsing is enabled then goodness knows what other insecure openings there are on the server.Quote:
Not on a standard install it shouldn't
You should be seeing something like this when trying to access files outside of the root directly:
VgerQuote:
Access forbidden!
You don't have permission to access the requested object. It is either read-protected or not readable by the server.
If you think this is a server error, please contact the webmaster.
Error 403
That's because the stylesheet for that application is not in the 'includes' folder, or any of the subfolders working out of it.
Vger
Quote:
Originally Posted by Twaddle
But you said...Quote:
Originally Posted by Vger
Quote:
Originally Posted by Vger
Anyway, not to get into some dumb ding dong as I was just pulling your leg a bit there, my point is, at a guess 9/10 sites (you only have to look at any of the showcase sites) you can directly access the stylesheet if you know the relevant pathQuote:
Access forbidden!
You don't have permission to access the requested object. It is either read-protected or not readable by the server.
If you think this is a server error, please contact the webmaster.
Error 403
And if I remember correctly it's all controlled by Index Listing in cPanel for each directory?
Using includes/templates/classic/css/stylesheet.css and going through the sites in the Zen Cart Showcase, I was able to read each and every one of the CSS files directly within Firefox on the first page there, with the exception of one that came up with a phishing errorQuote:
Originally Posted by Twaddle
No, fair do's, I was wrong. The css files are flat text files which aren't executable, and the poster should be able to access them from outside of the site. I've checked on a variety of carts now on different servers and they all serve up css files outside of the root. Just goes to show even oldies like me can get it wrong sometimes.
However, the way the .htaccess file is constructed inside the includes folders may still be relevant (even though they relate to php files). Images/buttons are also being blocked. I recommend making the edit I suggested, and if that does not work then try adding just a blank .htaccess file to the includes folders - and if that doesn't work then remove it completely (as a trial only).
Making the edit as suggested has cured this problem before.
Vger