Jump to content

Recommended Posts

Phoenix 1.0.4.0

The directory "images" is protected by the attached ".htaccess" file.
Unfortunally the images are not shown in my webshop with the inital installation,
so i removed the ".htaccess" file in the directory "images" and voila they are shown on index.php and other pages.

But when i upload an image by admin/categories.php the rights of the picture-file are set to 0777, so everybody can manage these files.
Any Ideas how i can resolve this problem?

.htaccess

Share this post


Link to post
Share on other sites

Apache version? 

The .htaccess doesn't help with file permissions.  It keeps people who upload .php files to the server from being able to run them.  It's to cover for the directory permissions being 777. 

I'd create a test file, test.php with content

<?php

echo 'Hello world!';

Try to visit it in the browser.  Then upload smaller versions of the .htaccess and see which makes it stop working and which makes the images stop working.  If you can find a smaller version that lets the images work while stopping the PHP file, then use that version. 

You can see an older version of that file at https://github.com/gburton/CE-Phoenix/blob/41601da342152b010247083c1a70101aa2468d84/images/.htaccess


Always back up before making changes.

Share this post


Link to post
Share on other sites
Posted (edited)
On 6/25/2020 at 11:13 PM, ecartz said:

Apache version? 

Where do I find this?
It runs PHP Version 7.1.1 (Zend 3.1.0)

On 6/25/2020 at 11:13 PM, ecartz said:

echo 'Hello world!';

This works fine without the .htaccess, but eather (old or new) .htaccess it causes Internal Server Error!
With the .htaccess (old or new) no pictures are shown!

Edited by Philo2005

Share this post


Link to post
Share on other sites

admin > Tools > Server  Info

The Apache version should be under the HTTP Server. 


Always back up before making changes.

Share this post


Link to post
Share on other sites

More ways to check the Apache version from PHP:  https://stackoverflow.com/questions/2927954/how-to-get-the-apache-version

Yet more ways to check:  https://stackoverflow.com/questions/166607/how-do-i-find-the-version-of-apache-running-without-access-to-the-command-line

If none of that works, ask your host.  They also may be able to tell you if there are restrictions on .htaccess files that would cause trouble. 


Always back up before making changes.

Share this post


Link to post
Share on other sites
On 6/25/2020 at 2:43 PM, Philo2005 said:

Unfortunally the images are not shown in my webshop with the inital installation,

Try adding the .htaccess file back and then visit one of the images, like http....com/images/my_image.jpg. If you can't view the image but it gives you a block where the image should be, check its properties to see the path. Otherwise, get the path by looking at the properties in your ftp program by right clicking on the image. You want to make sure the path is the correct path.

Share this post


Link to post
Share on other sites
14 hours ago, ecartz said:

More ways to check the Apache version from PHP:  https://stackoverflow.com/questions/2927954/how-to-get-the-apache-version

Yet more ways to check:  https://stackoverflow.com/questions/166607/how-do-i-find-the-version-of-apache-running-without-access-to-the-command-line

If none of that works, ask your host.  They also may be able to tell you if there are restrictions on .htaccess files that would cause trouble. 

I talked to my host provider
the acutal version is

apache 2-2.2.29

 

Share this post


Link to post
Share on other sites

If you do not have the .htaccess file and try to open the images directory in your browser (just the directory, no file), what happens?  If it says you are not authorized, you can delete the following line from the .htaccess file

Options -Indexes

It is conceivable that that would fix things. 

I suspect that your host has set some configuration that conflicts with the .htaccess file.  If your error logs don't give any more information, then they would be the ones who would have to do the next steps of debugging.  You might ask them about AllowOverride and AllowOverrideList values in httpd.conf.  E.g. in the documentation:  https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride

Quote

In the example above, all directives that are neither in the group AuthConfig nor Indexes cause an internal server error.

The .htaccess file uses the Limit directives. 

It is possible that they might have to incorporate the directives from the old version of the .htaccess file into the httpd.conf in a Directory section.  The old version because they are using Apache 2.2.  The new version should be compatible with both 2.4 and 2.2 but otherwise has no advantages over the old version. 

I.e. the choices are either for them to configure your site

AllowOverride Limit

or to incorporate

<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">
   Order Deny,Allow
   Deny from all
</FilesMatch>

Options -Indexes

into the httpd.conf files. 


Always back up before making changes.

Share this post


Link to post
Share on other sites

Thank you for responding @ecartz
It seems to be a limitation in .htaccess of my hostprovider.
This piece of code is not allowed -:(
I will have to talk soon to the provider...

Edited by Philo2005

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×