The uploader in wyBuild 2.6.x only allows uploading all files to a single folder. So, you can either modify the example so that the "index.php" delivers the *.wys file unrestricted and only restricts the *.wyu files. Or you can upload the updates using another uploader. Or, just use wyBuild to upload the updates, and then manually move the *.wys file.
Seperate upload of wyserver.wys and wyu update files
I have already spent some time with wyBuild and I'm really happy with it.After some tests I'm continuing with "limited updates".
Therefore I have defined two different URLs, one for the wyserver.wys for the update information and one for the update files (*.wyu):
https://xyz.com/folder/%file%https://xyz.com/folder/?update=%file%%urlargs% (I use multiple parameters with %urlargs%)
As written in the documentation for the "limited-updates", we want a "site" to retrieve the wyserver.wys without limiting and we also want a hidden/safe directory for the updates itself.
My current folder structure:
folder/ (Unprotected folder).....index.php.....wyserver.wys.....update-files/ (Protected folder)............ someapp.3.to.4.wyuThe problem is: I can only specify one upload path and after upload, the folder has both the wyserver.wys file and the update files.How can I say wyBuild that they (wys and wyu) are uploaded into different folders?
I'm using the index.php file to check if the client is allowed to retrieve a update or not - as you have written, this is the "gate-keeper".
Thank you for your fast response.
I have chosen the first option by doing following steps:
URLs for the Updater:https://xyz.com/folder/?file=%file%https://xyz.com/folder/?update=%file%%urlargs%
Folder structure:folder/ (Unprotected folder).....htaccess .....index.php.....update-files/ (Protected folder)..............htaccess ..............wyserver.wys............ someapp.3.to.4.wyu
By accessing the first URL, the "index.php" retrieves the "wyserver.wys" without any permission. If anyone access the file directly, the user gets an error because the folder is protected.
The .htaccess file in the protected folder:deny from all
One other question:Is it possible to send the "urlargs" via POST instead of GET? Or is there a better solution to involve more security in the request process?
Is it possible to send the "urlargs" via POST instead of GET? Or is there a better solution to involve more security in the request process?
There's no difference in security. GET parameters are encrypted over SSL.