kieranbarnes Independent PHP, WordPress & CubeCart Programmer

Smarty Security – Stop .tpl access

Posted on August 17, 2010

WHMCS uses the Smarty template engine. Which means your .tpl files are accessible to anyone that knows the path. Quite easy in WHMCS. Whilst not really a major security risk, its bad practise to all these files to be accessed directly.

Add this code into your .htaccess file.

  1. <Files ~ "\.tpl$">
  2. Order allow,deny
  3. Deny from all
  4. </Files>

Related posts

  1. [Snippet] Allow PHP in Smarty (CubeCart 5)
    Although it is generally bad practise to put PHP code directly into your (CubeCart 5)...
  2. Redirecting non-www to a www prefix
    This old chestnut again. Create or edit the .htaccess file...
  3. SSH Security Ramblings
    SSH - Secure Shell isn't that secure. If you're not using it behind a Layer...
  4. [Snippet] Debugging Smarty on a live site
    Development server? Staging server? What are they? Sometimes we have to debug code on a...
  5. [Snippet] Allow mysql root access from anywhere
    A small annoyance of mine is on local development servers, I can't login to the...

Posted by Kieran


Tagged as: Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

(required)

No trackbacks yet.

» «
Got a WordPress or CubeCart problem? Don't Panic!

Categories

Recent Comments

Kieran Barnes

Independent PHP, WordPress and CubeCart programmer and consultant in Manchester, UK.
I can offer programming and consultancy for your next WordPress, Ecommerce or PHP web application.

Kieran Barnes

About Kieran

Kieran is a PHP developer with 15 years commercial experience. He has a niche for all things WordPress, CubeCart and other open sourcery. With expertise in most areas of Linux and Windows wrangling makes him a good choice for supporting and consulting your next web application.

Get in Touch

ITR DC2

FTOOC

MCR VTEC

Bulldog Rescue
Sitemap (HTML)
Sitemap (XML)