13 Apr 2012, 11:07 PM
Re: Image Handler 4 (for v1.5.x) Support Thread
Installing this module some issues have come to light. I was hoping these could be addressed.
1. The very fact that this module installs/writes files and installer functions/files are not removed post successful installation is not secure.
I would think that anyone installing this module could certainly and more safely run an SQL patch.
2. The creating of filenames which have no associated function, such as .bak is a vulnerability and PCI fail.
There is no need for this as certainly we do not want to be overwriting existing template files anyhow. Detailed merging instructions should likely be included in the place of the "installer"
Additionally, this thread is not listed in the documentation and should be added, as the instructions for using the installer are quite complicated.... More so than just installing the module without it would be.
I find it troubling that once installed even, deletion of these .bak files disables the module.
I am not trying to beat anyone up, but clearly this module is something shop owners need and always have needed... However, it makes no sense to take PCI certified software and in one shot make it vulnerable and PCI fail.
I would be willing to help out as I can, but I lack the GD/IMageMagick skills to port this to 1.5.0.
By gjh42 in forum All Other Contributions/Addons
Last Post: 24 May 2013, 11:42 AM
By DivaVocals in forum All Other Contributions/Addons
Last Post: 7 May 2013, 12:16 AM
By timkroeger in forum All Other Contributions/Addons
Last Post: 6 May 2013, 02:18 AM
By jaycode in forum All Other Contributions/Addons
Last Post: 21 Mar 2013, 12:15 PM
By nadinesky in forum All Other Contributions/Addons
Last Post: 23 Mar 2011, 06:51 PM
Content and Graphics Copyright (c) 2003 - 2013 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC