ZC Installation/Maintenance Support <- Site
Contribution for contributions welcome...
myadmin/temp/
Code:# # @copyright Copyright 2003-2013 Zen Cart Development Team # @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0 # @version GIT: $Id: Author: DrByte Sat Dec 21 17:00:00 2013 -0500 Modified in v1.5.3 and for EP4$ # # This is used with Apache WebServers # # The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions # It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled. # Will also prevent people from seeing what is in the dir. and any sub-directories # # For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file. # Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified. # Example: #<Directory "/usr/local/apache/htdocs"> # AllowOverride Limit Options Indexes #</Directory> ############################### DirectoryIndex index.php # deny *everything* <FilesMatch ".*\..*"> Order Allow,Deny Deny from all </FilesMatch> # but now allow just *certain* necessary files: <FilesMatch "(?i).*\.(csv|CSV|txt|TXT)$"> Order Allow,Deny Allow from all </FilesMatch> IndexIgnore */* <limit POST PUT> order deny,allow deny from All </limit> ## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS): # OPTIONS -Indexes -ExecCGI ################## ## Optional caching improvements ## Requires mod_header and mod_deflate to be enabled within Apache ################## <IfModule mod_headers.c> Header unset Pragma FileETag None Header unset ETag #Header set Cache-Control "no-transform" <FilesMatch "(?i).*\.(ico|jpe?g|gif|otf|webp|png|swf|flv|svg|svgz)$"> Header set Cache-control "max-age=864000, public, must-revalidate" Header unset Last-Modified </FilesMatch> <FilesMatch "(?i).*\.(html|htm|xml|txt|xsl)$"> Header set Cache-control "max-age=7200, must-revalidate" </FilesMatch> </IfModule> <IfModule mod_deflate.c> <FilesMatch "(?i)\.(js|css)$"> SetOutputFilter DEFLATE </FilesMatch> </IfModule> ################## ## Optional improvements ## Requires mod_expires to be enabled within Apache ################## <ifmodule mod_expires.c> ExpiresActive On ExpiresDefault A300 ExpiresByType application/x-javascript A3600 ExpiresByType text/css A3600 ExpiresByType image/gif A604800 ExpiresByType video/x-flv A604800 ExpiresByType application/pdf A604800 ExpiresByType text/html A300 ExpiresByType image/x-icon A86400 ExpiresByType image/jpeg A2592000 ExpiresByType image/png A2592000 ExpiresByType text/cache-manifest "access plus 0 seconds" </ifmodule> #turn off X-PHP-Originating-Script header when sending emails from admin #uncomment to activate: # php_flag mail.add_x_header Off
That file appears to be from ZC 1.5.3 with minor modifications to support download of csv files. Now I don't see in this post stream nor in a look at recent posts what version of ZC is being used, but I'm going to use the example from the current ZC 1.5.6 admin folder:
Code:# # @copyright Copyright 2003-2016 Zen Cart Development Team # @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0 # @version $Id: .htaccess 19328 Modified in v1.6.0 and for EP4 $ # # This is used with Apache WebServers # # The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions # It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled. # Will also prevent people from seeing what is in the dir. and any sub-directories # # For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file. # Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified. # Example: #<Directory "/usr/local/apache/htdocs"> # AllowOverride Limit Options Indexes #</Directory> ############################### DirectoryIndex index.php # deny *everything* <FilesMatch ".*\..*"> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order Allow,Deny Deny from all </IfModule> </FilesMatch> # allow access to the root <FilesMatch "^$"> <IfModule mod_authz_core.c> Require all granted </IfModule> <IfModule !mod_authz_core.c> Order Allow,Deny Allow from all </IfModule> </FilesMatch> # but now allow just *certain* necessary files: <FilesMatch "(?i).*\.(php|js|css|html?|ico|otf|jpe?g|gif|webp|png|swf|flv|xml|xsl|csv|txt)$"> <IfModule mod_authz_core.c> Require all granted </IfModule> <IfModule !mod_authz_core.c> Order Allow,Deny Allow from all </IfModule> </FilesMatch> IndexIgnore */* <limit POST PUT> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order Allow,Deny Deny from all </IfModule> </limit> ## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS): # OPTIONS -Indexes -ExecCGI ################## ## Optional caching improvements ## Requires mod_header and mod_deflate to be enabled within Apache ################## <IfModule mod_headers.c> Header unset Pragma FileETag None Header unset ETag #Header set Cache-Control "no-transform" <FilesMatch "(?i).*\.(ico|jpe?g|gif|otf|webp|png|swf|flv|svg|svgz)$"> Header set Cache-control "max-age=864000, public, must-revalidate" Header unset Last-Modified </FilesMatch> <FilesMatch "(?i).*\.(html|htm|xml|txt|xsl)$"> Header set Cache-control "max-age=7200, must-revalidate" </FilesMatch> </IfModule> <IfModule mod_deflate.c> <FilesMatch "(?i)\.(js|css)$"> SetOutputFilter DEFLATE </FilesMatch> </IfModule> ################## ## Optional improvements ## Requires mod_expires to be enabled within Apache ################## <ifmodule mod_expires.c> ExpiresActive On ExpiresDefault A300 ExpiresByType application/x-javascript A3600 ExpiresByType text/css A3600 ExpiresByType image/gif A604800 ExpiresByType video/x-flv A604800 ExpiresByType application/pdf A604800 ExpiresByType text/html A300 ExpiresByType image/x-icon A86400 ExpiresByType image/jpeg A2592000 ExpiresByType image/png A2592000 ExpiresByType text/cache-manifest "access plus 0 seconds" </ifmodule> #turn off X-PHP-Originating-Script header when sending emails from admin #uncomment to activate: # php_flag mail.add_x_header Off
ZC Installation/Maintenance Support <- Site
Contribution for contributions welcome...
OK, so what do you have in your admin folder for an .htaccess file?
I may ask about another file depending on the content/answer.
The central issue is that there is some security setting of the file structure that is preventing accessing the file as a download. Whether it is permissions, ownership or the like. It shouldn't be a filename issue unless the basic naming structure has been revised in the software to something "unusual".
You could move your "temp" folder to the catalog side where there is no :htaccess file that limits the file download structure at least as relates to a default Zen Cart install.
ZC Installation/Maintenance Support <- Site
Contribution for contributions welcome...
Ok, this is my .htaccess file in the main admin folder:
Code:# # @copyright Copyright 2003-2016 Zen Cart Development Team # @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0 # @version $Id: .htaccess 19328 Modified in v1.6.0 $ # # This is used with Apache WebServers # # The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions # It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled. # Will also prevent people from seeing what is in the dir. and any sub-directories # # For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file. # Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified. # Example: #<Directory "/usr/local/apache/htdocs"> # AllowOverride Limit Options Indexes #</Directory> ############################### DirectoryIndex index.php # deny *everything* <FilesMatch ".*\..*"> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order Allow,Deny Deny from all </IfModule> </FilesMatch> # allow access to the root <FilesMatch "^$"> <IfModule mod_authz_core.c> Require all granted </IfModule> <IfModule !mod_authz_core.c> Order Allow,Deny Allow from all </IfModule> </FilesMatch> # but now allow just *certain* necessary files: <FilesMatch "(?i).*\.(php|js|css|html?|ico|otf|jpe?g|gif|webp|png|swf|flv|xml|xsl)$"> <IfModule mod_authz_core.c> Require all granted </IfModule> <IfModule !mod_authz_core.c> Order Allow,Deny Allow from all </IfModule> </FilesMatch> IndexIgnore */* <limit POST PUT> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order Allow,Deny Deny from all </IfModule> </limit> ## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS): # OPTIONS -Indexes -ExecCGI ################## ## Optional caching improvements ## Requires mod_header and mod_deflate to be enabled within Apache ################## <IfModule mod_headers.c> Header unset Pragma FileETag None Header unset ETag #Header set Cache-Control "no-transform" <FilesMatch "(?i).*\.(ico|jpe?g|gif|otf|webp|png|swf|flv|svg|svgz)$"> Header set Cache-control "max-age=864000, public, must-revalidate" Header unset Last-Modified </FilesMatch> <FilesMatch "(?i).*\.(html|htm|xml|txt|xsl)$"> Header set Cache-control "max-age=7200, must-revalidate" </FilesMatch> </IfModule> <IfModule mod_deflate.c> <FilesMatch "(?i)\.(js|css)$"> SetOutputFilter DEFLATE </FilesMatch> </IfModule> ################## ## Optional improvements ## Requires mod_expires to be enabled within Apache ################## <ifmodule mod_expires.c> ExpiresActive On ExpiresDefault A300 ExpiresByType application/x-javascript A3600 ExpiresByType text/css A3600 ExpiresByType image/gif A604800 ExpiresByType video/x-flv A604800 ExpiresByType application/pdf A604800 ExpiresByType text/html A300 ExpiresByType image/x-icon A86400 ExpiresByType image/jpeg A2592000 ExpiresByType image/png A2592000 ExpiresByType text/cache-manifest "access plus 0 seconds" </ifmodule> #turn off X-PHP-Originating-Script header when sending emails from admin #uncomment to activate: # php_flag mail.add_x_header Off
Then, would recommend the following to be placed in your folder for downloading/uploading EP4 files:
Code:# # @copyright Copyright 2003-2016 Zen Cart Development Team # @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0 # @version $Id: .htaccess 19328 Modified in v1.6.0 and for EP4 $ # # This is used with Apache WebServers # # The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions # It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled. # Will also prevent people from seeing what is in the dir. and any sub-directories # # For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file. # Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified. # Example: #<Directory "/usr/local/apache/htdocs"> # AllowOverride Limit Options Indexes #</Directory> ############################### DirectoryIndex index.php # deny *everything* <FilesMatch ".*\..*"> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order Allow,Deny Deny from all </IfModule> </FilesMatch> # but now allow just *certain* necessary files: <FilesMatch "(?i).*\.(csv|txt)$"> <IfModule mod_authz_core.c> Require all granted </IfModule> <IfModule !mod_authz_core.c> Order Allow,Deny Allow from all </IfModule> </FilesMatch> IndexIgnore */* <limit POST PUT> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order Allow,Deny Deny from all </IfModule> </limit> ## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS): # OPTIONS -Indexes -ExecCGI ################## ## Optional caching improvements ## Requires mod_header and mod_deflate to be enabled within Apache ################## <IfModule mod_headers.c> Header unset Pragma FileETag None Header unset ETag #Header set Cache-Control "no-transform" <FilesMatch "(?i).*\.(ico|jpe?g|gif|otf|webp|png|swf|flv|svg|svgz)$"> Header set Cache-control "max-age=864000, public, must-revalidate" Header unset Last-Modified </FilesMatch> <FilesMatch "(?i).*\.(html|htm|xml|txt|xsl)$"> Header set Cache-control "max-age=7200, must-revalidate" </FilesMatch> </IfModule> <IfModule mod_deflate.c> <FilesMatch "(?i)\.(js|css)$"> SetOutputFilter DEFLATE </FilesMatch> </IfModule> ################## ## Optional improvements ## Requires mod_expires to be enabled within Apache ################## <ifmodule mod_expires.c> ExpiresActive On ExpiresDefault A300 ExpiresByType application/x-javascript A3600 ExpiresByType text/css A3600 ExpiresByType image/gif A604800 ExpiresByType video/x-flv A604800 ExpiresByType application/pdf A604800 ExpiresByType text/html A300 ExpiresByType image/x-icon A86400 ExpiresByType image/jpeg A2592000 ExpiresByType image/png A2592000 ExpiresByType text/cache-manifest "access plus 0 seconds" </ifmodule> #turn off X-PHP-Originating-Script header when sending emails from admin #uncomment to activate: # php_flag mail.add_x_header Off
ZC Installation/Maintenance Support <- Site
Contribution for contributions welcome...
Million $ question: would this work with recently released 1.5.6b??? .. Thank you!
Bookmarks