So your basic arguments for why you want these changes are:
  • You find yourself wasting a considerable amount time finding files on your computer (even when the location is listed in the admin search).
  • You are adamant about not keeping a copy of the files on your local computer, flash drive, external hard drive, and / or NAS (and using ftps to upload).
  • You feel anyone who has or gains access to your admin should be able to download and upload any and all files.
  • You believe the security risk is worth the convenience.

I personally do not find these to be compelling reasons, but we can agree to disagree. IMHO, the security risks far outweigh the 5-15 seconds it takes for me to find the file and upload a new copy after testing.


Quote Originally Posted by scooter View Post
... if you name your old file that is working to bak or old you can always go home. ...
Doing this may "work" in many cases, but is not best practice and can lead to issues (not to mention security concerns). It is better to not leave backups in a public location (even with a renamed extension).


Quote Originally Posted by scooter View Post
... data base has to be DL every time you want to work on your site ...
Why? No need to be constantly synchronizing the data just to test changes to the code. More to the point I would strongly caution against testing with live customer / order data in a test environment.


Quote Originally Posted by scooter View Post
... not to mention the version of php has to be same ...
It takes me around five seconds (at most) to switch PHP versions locally.

The current issues with "passwords" and PHP versions do not affect testing code changes in a testing environment. They only affect the case where one is migrating to a new version or migrating to a new server. As we are not changing the data - just files - no reason to be overwriting the database - so no password issue.


Quote Originally Posted by scooter View Post
... the time to find the file and download & upload time can be cut down as said, as a easy way to DL the file to hack. You've already searched and have the file location in the title location heading
it just has to be a clickable link. ...
If the file is already on your computer and you know the location (either by searching your local computer or using the Zen Cart admin search function), how does letting you download a copy via the web browser save time over alternative workflows?

A good IDE can search files, folders, and contents of files quickly (local and remote files). A single click on the result will open the file for editing (downloading if needed). In a good IDE the previous click will also and focus the editor contents at the location of the search result. When done testing locally click "upload" in the IDE. Finally as a sanity check verify the changes are functional on the live site.