It's a bug they refuse to fix. You should be able to give either a full path name or a non-relative path name to specify the directory, But you can't. It will always put it under the var/files/[COMPANY_ID] directory structure.
If you give a full path name, it should use it if it has permission to access the directory (and should generate an error message if not). If you give it a non-relative path (I.e. /google_uploads) it should use that path as relative to the document root. It would not be unreasonable to require either a full path or non-relative path directory to exist in advance.
In Cs-Cart all generated files (export, sitemaps, data feeds) are stored in the directory which depends on the store-front ID. E.g.
CSCART_ROOT/ var/files/1
where 1 - ID of the store-front
We know that; but it should support altenate paths. I.e. 'foo' should become var/files/[company_id]/foo and /foo should become ROOT_DIR/foo. As it exists, there's no difference in specifying /foo or foo. To me, that's a bug.
We know that; but it should support altenate paths. I.e. 'foo' should become var/files/[company_id]/foo and /foo should become ROOT_DIR/foo. As it exists, there's no difference in specifying /foo or foo. To me, that's a bug.
No, it should not due to security reasons. Note that vendors and restricted admins also have access to files on server
Disagree. Should be able to export/import to/from anywhere within the document root. If you want to restrict that in MVE to a site admin, fine. The security "issues" are caused by overloading and fudging the company_id based on edition and whether the site has been upgraded from an original Professional version or not.
Disagree. Should be able to export/import to/from anywhere within the document root. If you want to restrict that in MVE to a site admin, fine. The security "issues" are caused by overloading and fudging the company_id based on edition and whether the site has been upgraded from an original Professional version or not.
In this case vendor will be able to export data to root directory but will not have ability to access this file
Not if you restrict to a site admin versus a vendor admin as stated above. And for non-MVE (the vast majority of cs-cart stores) it makes perfect sense to do so. When I submitted the bug they has stated that to change it might break existing stores so they would not fix it (bogus response). Every bug fix has the potential to break sites.
And for non-MVE (the vast majority of cs-cart stores) it makes perfect sense to do so.
Do not forget about store-fronts administrators who should not have access to files from another store-fronts also