Explorer FTP (explorerftp) — Documentation
Install, configure and use Explorer FTP: a back-office file manager for PrestaShop 8 and 9 with a built-in code editor, upload, download and ZIP export.
Explorer FTP (explorerftp) is a file manager built into the PrestaShop back office. It lets you browse the shop’s file tree, edit text and code files with a built-in editor, upload and download files, and export folders as ZIP archives — without an external FTP client. This documentation covers installation, full usage, the security model and troubleshooting.
Overview
Explorer FTP adds an entry under Advanced Parameters in the back office. From this interface, an employee with the required permissions can browse the shop’s files, open a code editor with syntax highlighting, create folders, rename, copy, move or delete items, upload files by drag & drop, and generate ZIP archives. All access is strictly confined to the PrestaShop root directory.
Requirements
- PrestaShop 8.0 or higher (compatible with 9.x).
- PHP 8.0 or higher.
- PHP
ZipArchiveextension for the ZIP export features.
Installation
From the back office
- Go to Modules > Module Manager.
- Click Upload a module and select the
explorerftp.ziparchive. - The module installs automatically and creates its administration tab.
Via FTP
- Unzip the archive and drop the
explorerftpfolder into your shop’s/modulesdirectory. - In Modules > Module Manager, search for “Explorer FTP” and click Install.
After installation, the Explorer FTP entry appears under the Advanced Parameters menu.
Accessing the module
Open Advanced Parameters > Explorer FTP. Access is limited to profiles that have permission on the AdminExplorerFtp tab: you can restrict its use to specific employee profiles from Team > Permissions.
Interface
Toolbar
- Back / Parent folder / Refresh: navigation within the tree.
- Breadcrumb: shows the current path and lets you jump back to any level.
- Search: search by file or folder name in the current directory and its subfolders (heavy directories such as
vendor,var,cache,node_modulesand.gitare skipped). - Upload and New folder: add files or create directories.
Tree and list
The side panel shows the folder tree; the main panel lists the items in the current folder with their size, modification date and permissions. Columns are sortable (name, size, date). Right-clicking an item opens the full context menu.
Code editor
Clicking the edit icon (or Edit in the context menu) opens the file in a full-screen editor based on CodeMirror, with syntax highlighting for PHP, HTML, Smarty (.tpl), Twig, CSS/SCSS/LESS, JavaScript, JSON, XML, YAML, SQL and Markdown. Search, code folding and bracket matching are supported.
- Only text and code file types are editable (php, tpl, twig, css, js, json, xml, yml, md, sql, etc.).
- The maximum editable size is 5 MB per file.
- Click Save to write the changes.
On every save, a timestamped backup of the file is created in var/explorer_backups. The 50 most recent backups are kept; older ones are deleted automatically.
Uploading files
Upload files by dragging them onto the drop zone or via the Upload button. Files are placed in the current folder, provided it is writable.
For security reasons, server-executable file types (php, phtml, phar, cgi, sh, etc.) are rejected on upload. Only safe formats (documents, images, fonts, archives, text and web files) are accepted. Existing PHP files remain editable through the editor.
Download and ZIP archives
- Download a file: downloads the selected file.
- Download ZIP: compresses a folder and downloads it as a timestamped ZIP archive.
- Save ZIP to server: generates the archive and saves it directly to a destination folder in the shop, without downloading.
File operations
The context menu (right-click) and the row actions let you:
- Rename a file or folder.
- Copy or Move an item to another folder via the destination tree.
- Delete a file or folder (recursively).
- Properties: shows the path, size, dates, permissions, owner and MIME type.
Security model
Explorer FTP applies several layers of protection:
- Root scope: all operations are confined to the PrestaShop root directory. Supplied paths are normalized with
realpath()and then verified to prevent any directory traversal (“path traversal”). - Security token: every AJAX request is validated with an admin token, compared in constant time.
- Protected folders: critical directories (
app,bin,classes,config,controllers,override,src,tools,var,vendor) cannot be deleted. - Restricted upload: an extension allow-list and blocking of executable types (see “Uploading files”).
- Security headers: anti-clickjacking (
X-Frame-Options) and anti-MIME-sniffing (X-Content-Type-Options) on the controller responses.
Explorer FTP is a powerful administration tool. Restrict its access to trusted employee profiles and make sure your back office is served over HTTPS.
Troubleshooting
“Directory is not writable” on upload or creation
The destination folder does not have write permissions. Adjust the permissions of the relevant folder on your server.
ZIP features are unavailable
The PHP ZipArchive extension is not installed or enabled on the server. Ask your host to enable it.
A PHP file cannot be uploaded
This is the expected behavior: uploading executable files is blocked. To modify an existing PHP file, use the built-in editor.
If a file is edited by mistake, restore the previous version from var/explorer_backups.
Uninstallation
From Modules > Module Manager, click Uninstall next to Explorer FTP. The administration tab is removed. The shop’s files and the backups in var/explorer_backups are not deleted.