PS PrestaShop Intermediate

Explorer FTP (explorerftp) — Documentation

Install, configure and use Explorer FTP: a back-office file manager for PrestaShop 8 and 9 with a built-in code editor, upload, download and ZIP export.

Updated Module version 1.0.0

Explorer FTP (explorerftp) is a file manager built into the PrestaShop back office. It lets you browse the shop’s file tree, edit text and code files with a built-in editor, upload and download files, and export folders as ZIP archives — without an external FTP client. This documentation covers installation, full usage, the security model and troubleshooting.

Overview

Explorer FTP adds an entry under Advanced Parameters in the back office. From this interface, an employee with the required permissions can browse the shop’s files, open a code editor with syntax highlighting, create folders, rename, copy, move or delete items, upload files by drag & drop, and generate ZIP archives. All access is strictly confined to the PrestaShop root directory.

Requirements

  • PrestaShop 8.0 or higher (compatible with 9.x).
  • PHP 8.0 or higher.
  • PHP ZipArchive extension for the ZIP export features.

Installation

From the back office

  1. Go to Modules > Module Manager.
  2. Click Upload a module and select the explorerftp.zip archive.
  3. The module installs automatically and creates its administration tab.

Via FTP

  1. Unzip the archive and drop the explorerftp folder into your shop’s /modules directory.
  2. In Modules > Module Manager, search for “Explorer FTP” and click Install.

After installation, the Explorer FTP entry appears under the Advanced Parameters menu.

Accessing the module

Open Advanced Parameters > Explorer FTP. Access is limited to profiles that have permission on the AdminExplorerFtp tab: you can restrict its use to specific employee profiles from Team > Permissions.

Interface

Toolbar

  • Back / Parent folder / Refresh: navigation within the tree.
  • Breadcrumb: shows the current path and lets you jump back to any level.
  • Search: search by file or folder name in the current directory and its subfolders (heavy directories such as vendor, var, cache, node_modules and .git are skipped).
  • Upload and New folder: add files or create directories.

Tree and list

The side panel shows the folder tree; the main panel lists the items in the current folder with their size, modification date and permissions. Columns are sortable (name, size, date). Right-clicking an item opens the full context menu.

Code editor

Clicking the edit icon (or Edit in the context menu) opens the file in a full-screen editor based on CodeMirror, with syntax highlighting for PHP, HTML, Smarty (.tpl), Twig, CSS/SCSS/LESS, JavaScript, JSON, XML, YAML, SQL and Markdown. Search, code folding and bracket matching are supported.

  • Only text and code file types are editable (php, tpl, twig, css, js, json, xml, yml, md, sql, etc.).
  • The maximum editable size is 5 MB per file.
  • Click Save to write the changes.

On every save, a timestamped backup of the file is created in var/explorer_backups. The 50 most recent backups are kept; older ones are deleted automatically.

Uploading files

Upload files by dragging them onto the drop zone or via the Upload button. Files are placed in the current folder, provided it is writable.

For security reasons, server-executable file types (php, phtml, phar, cgi, sh, etc.) are rejected on upload. Only safe formats (documents, images, fonts, archives, text and web files) are accepted. Existing PHP files remain editable through the editor.

Download and ZIP archives

  • Download a file: downloads the selected file.
  • Download ZIP: compresses a folder and downloads it as a timestamped ZIP archive.
  • Save ZIP to server: generates the archive and saves it directly to a destination folder in the shop, without downloading.

File operations

The context menu (right-click) and the row actions let you:

  • Rename a file or folder.
  • Copy or Move an item to another folder via the destination tree.
  • Delete a file or folder (recursively).
  • Properties: shows the path, size, dates, permissions, owner and MIME type.

Security model

Explorer FTP applies several layers of protection:

  • Root scope: all operations are confined to the PrestaShop root directory. Supplied paths are normalized with realpath() and then verified to prevent any directory traversal (“path traversal”).
  • Security token: every AJAX request is validated with an admin token, compared in constant time.
  • Protected folders: critical directories (app, bin, classes, config, controllers, override, src, tools, var, vendor) cannot be deleted.
  • Restricted upload: an extension allow-list and blocking of executable types (see “Uploading files”).
  • Security headers: anti-clickjacking (X-Frame-Options) and anti-MIME-sniffing (X-Content-Type-Options) on the controller responses.

Explorer FTP is a powerful administration tool. Restrict its access to trusted employee profiles and make sure your back office is served over HTTPS.

Troubleshooting

“Directory is not writable” on upload or creation

The destination folder does not have write permissions. Adjust the permissions of the relevant folder on your server.

ZIP features are unavailable

The PHP ZipArchive extension is not installed or enabled on the server. Ask your host to enable it.

A PHP file cannot be uploaded

This is the expected behavior: uploading executable files is blocked. To modify an existing PHP file, use the built-in editor.

If a file is edited by mistake, restore the previous version from var/explorer_backups.

Uninstallation

From Modules > Module Manager, click Uninstall next to Explorer FTP. The administration tab is removed. The shop’s files and the backups in var/explorer_backups are not deleted.

Was this page helpful?

Still stuck? Contact support