View previous topic :: View next topic |
Author |
Message |
kaotic Smarty Rookie
Joined: 29 Jul 2005 Posts: 14
|
Posted: Wed Aug 17, 2005 2:27 am Post subject: |
|
|
I totally agree that #3 is useless I just poped it out there as it apears he has no other options. however i do like your 4th sugestion but again it is overkill but then again it will work even in his situation of not having access outside doc root and not being able to utalize .htaccess _________________ //Brandon |
|
Back to top |
|
rex1982 Smarty Rookie
Joined: 24 Oct 2005 Posts: 28
|
Posted: Mon Feb 13, 2006 3:52 am Post subject: |
|
|
use it:
Code: |
{if $non_var ==1}
<?
{/if}
|
|
|
Back to top |
|
Hielke Hoeve Smarty Elite
Joined: 06 Jan 2006 Posts: 406 Location: Netherlands
|
Posted: Mon Feb 13, 2006 2:18 pm Post subject: |
|
|
To prevent viewing folder listing (in case you can't set a .htaccess) create an index.html in that folder and keep it empty (or insert funny text). |
|
Back to top |
|
nulled Smarty Rookie
Joined: 30 Jun 2006 Posts: 5 Location: washington
|
Posted: Fri Jun 30, 2006 4:15 am Post subject: |
|
|
Why so concerned with keeping your templates from being downloaded or viewed?
Thats like being paranoid about people viewing your HTML source or JavaScript Source. Smarty is for the Presentation Layer of the application and therefore exposed to the Viewer.
Unless your SELLING your templates... I suggest you use get ioncube.com and excrypt your templates.. that is the ONLY way to ensure they will not get forged... again tho.. html is meant to be exposed... smarty templates are no different. _________________ ----------------------
http://www.digipanel.com
Advanced Control Panel
Unbeatable Price
Fully Featured |
|
Back to top |
|
Hielke Hoeve Smarty Elite
Joined: 06 Jan 2006 Posts: 406 Location: Netherlands
|
Posted: Fri Jun 30, 2006 2:40 pm Post subject: |
|
|
nice way of bumping ooold threads
5) put your templates in a database
6) if all other options fail change provider _________________ Debug XHTML Compliance
SmartyPaginate
Smarty License Questions
---
(About Unix) The learning curve is full of aha! moments, such as that glorious day that the full beauty of grep and, later, find is revealed in all its majesty. --- Robert Uhl <ruhl@4dv.net> |
|
Back to top |
|
Pap Smarty Regular
Joined: 21 Jun 2006 Posts: 69 Location: Denver, CO
|
Posted: Fri Jun 30, 2006 3:38 pm Post subject: |
|
|
You could change all your .tpl files to .php files and add this code to the top of each template:
[php:1:bbf5e00c2d]<?php
if (basename($_SERVER['PHP_SELF']) == basename ( __FILE__ ) ) {
header("HTTP/1.0 404 Not Found");
die();
}
?>[/php:1:bbf5e00c2d]
However, in your main script (or Smarty config file) you will need to make sure to change the value of $php_handling to either 'SMARTY_PHP_REMOVE' or 'SMARTY_PHP_ALLOW' _________________ Don't be stupid, be a Smarty™.
Come and join the P-H-Party. |
|
Back to top |
|
leanweb Smarty Rookie
Joined: 27 Oct 2004 Posts: 24 Location: Newark, DE
|
Posted: Tue Sep 26, 2006 6:58 am Post subject: |
|
|
listen to saerdna and others and work it out with your hosting company to either a way to control .htaccess or ability to place files outside of your document root directory.
they should actually let you do both.
all alternatives are going to cost money, aggravation and security tradeoffs. and probably wont reliable accomplish what you want anyways. |
|
Back to top |
|
satya61229 Smarty Rookie
Joined: 11 Nov 2006 Posts: 8 Location: India
|
Posted: Wed Nov 22, 2006 7:32 am Post subject: Re: how to avoid user from viewing my template files |
|
|
hook wrote: | if some one type: http://my.url/doc/templates/index.tpl, he can directly view or download the template. can some one tell me how to avoid this kind of thing from happing.
thank u.
BTW, I can only store my templates in WWW folder. |
And make sure to put an index.php/default.html file in your template dir. So that no one can browse your dir. |
|
Back to top |
|
toplisek Smarty Regular
Joined: 17 Sep 2009 Posts: 48
|
Posted: Fri Mar 25, 2011 1:28 pm Post subject: |
|
|
<Files ~ "\.(tpl|inc|cfg)$">
order deny,allow
deny from all
</files>
Will this work only on all subfolder and folders for these extensions?
Can be PHP also set to this? |
|
Back to top |
|
|