How to disable all formats (php, html, etc) for the entire site, except for a specific directory?

R

rinaz222020-11-07 22:16:15

JavaScript

rinaz22, 2020-11-07 22:16:15

Hello! There is a main site. Works on the routing system. On the main site, there are other sites in the directory (sites/*site_name*/files/). Also, each site has a textolite admin panel.
I want to separate these sites from the main one so that nothing can be done with the main site through the admin panel of these sites. Please, just don't write something like "move to subdomain/other domain", etc.
Now there is a big vulnerability, loading a php file through the admin panel (textolite) and this php file will start.
I want to do the following, disable absolutely all request formats for the entire site, except for the textolite folder

<Files ~ "^.*">
  Deny from all
</Files>

Then allow only the listed formats

<Files ~ ^.*(html|css|js|png|jpg|jpeg|gif|woff|woff2|ttf)$>
  Allow from all
</Files>

The problem is, I don't know how to ban with a limit to ban the entire site except for the textolite directory?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry Arushanov, 2016-07-04
@shevchenkonik

When the page loads, get the data (your JSON) and store it in a variable. When the page is reloaded, the variable itself will be deleted. You can use underscore or lodash to search the data. Who is closer.
For convenience, you can store a list of all products (your JSON, as I understand it) in the allItems variable. And when changing the data in the form - filter the object and write the filtered data to the filteredItems variable - which is processed on the UI.
Just don't forget to filter your data when loading the page according to the parameter preset in the default form.