Reputation: 285
What are the index.php files located in each folder of my Prestashop?
I don't understand why in each folder I find the same index.php file.
They look like this:
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Location: ../");
exit;
In particular, I don't understand why is declared the "Location: ../".
I use Prestashop, and I don't understand how the variables can work on others files.
Example: I have a new module, I want to display the text "You are logged!" only for logged customers and I can do it using {if} $logged {/if} variable.
Maybe because it's on the same parent folder or something else?
Upvotes: 2
Views: 2051
Answers (2)
Reputation: 178
I don't understand why in each folder I find the same index.php file.
This is the method to prevent directory observing by a "hacker". Without this file, someone can observe every directory to view its contents, i.e. files and subdirectories. Some of these files can be accessible for viewing and execution. So, this method is intended against directory observing security vulnerability and it is not using only in PrestaShop.
In particular, I don't understand why is declared the "Location: ../".
Because of this, the index.php file should be in each directory for recursively redirection to previous directory, while the root directory will not reached (i.e., for display a homepage of a site).
But there are another solutions of this method, for example: show error 404 - a page not found.
For the security reason, every developer should add index.php files into each directory of a module, a theme or another directory and subdirectories. To automate this task there is a special command line program. For example, this one: Tool against directory traversal security vulnerability (this one on GitHub).
Upvotes: 0
Reputation: 4337
- Index.php is in every folder to prevent direct access to folders. For example if you type in browser www.myshopurl.com/modules, you will be redirected back to home page since you're not suppose to access or view the contents of this folder.
- Class
FrontControllerininit()method sets a smarty variable$logged. Every controller which inherits from this class (which is every controller except backoffice section) calls this method, thats why it is available in every front page template.
You need to learn about OOP and MVC principles if you're gonna work with PrestaShop.
Upvotes: 4
Related Questions
- DocumentRoot for PrestaShop
- What is module's "themes" folder used for?
- can not find content folder in prestrashop
- Homepage template in Prestashop? Where?
- Prestashop 1.6.0.9 override and performances : file class_index.php has disappeared
- Prestashop CMS configuration
- Prestashop root directory in local
- Prestashop root directory
- Where should be placed htaccess file in Prestashop 1.4x?
- Magento Where is the Index File?