Image Handler 2 (for ZC v1.3.8 ONLY) Support

Quote:

---

Originally Posted by DivaVocals

Not without any additional information (link to your site helps).. You might try looking at the following. Much of this is covered in the readme troubleshooting section:

• Main product image and the additional images are not the same file format
• Main product image naming format
• You are using Rev 8b of IH2 there is a KNOWN issue with the additional images (the problem and the fix has been posted in this support thread -- this is resolved in Rev 8c)

---

You have been so helpful! I am using version Rev 8b. I will try to look through the pages to find the fix in this thread. Also, my site is http://martingordonusa.com

Thanks for everything!

Quote:

---

Originally Posted by DivaVocals

I must respectfully dispute this.. ANY VERSION downloaded from Tim's site is

1. Outdated
2. Not PHP 5.3 compatible
3. Not compatible with the latest version of Zen Cart (Tims version is over 4 years old there have been MANY core Zen Cart changes since Tim's last release of IH2)
4. Does not contain ANY of the recent fixes and changes in the current versions of IH2 available (including the security issues recently addressed in Rev8c)

It is NOT recommended or suggested that anyone use the version of IH2 downloaded from Tim's site unless you are running a REALLY old version of Zen Cart (in which case my strong suggestion is that you should upgrade..)

From Tim's site:Want to fix the additional images?? PM me for the latest and greatest version if IH2 (Rec8c). Hopefully we will be able to submit it to the downloads section this weekend. In the meantime PM me for the Rev8c version.

Wanna fix Rev8b?? The issue with additional images seems to only affect certain server configurations. This issue does not affect everyone.. It apparently depends on how your host has implemented PHP. I've posted this information before, but I'll re-post..

IF you are having issues with additional images AND you are running Rev8b (this is FIXED if you are running Rev8c) make the following MINOR change:
Find this around line 47

Code:

---

          if(preg_match("/" . $products_image_base . "/i", $file) == 1) {

---

Change to this:

Code:

---

          if(preg_match("/" . $products_image_base . "/i", $file) == '1') {

---

That said Rev8b does not address the permissions issues. THIS issue and few minor others are addressed in Rev8c. I highly suggest PMing me to get that version of IH2 until it is available in the downloads section..

---

Just found this post for the fix. Sorry if this is completely dumb of me to ask, but which file are we going into to look for this code to change?

I found a 'bug', but I'm not sure if it's with ZC or IH. If you have an apostrophe in the Product Title like "Dad's", IH will not display the hover feature. If you escape the apostrophe with a backslash like you would in PHP code, it works just fine, but shows the backslash in the Product's Title, as well. Anybody else have this problem or know of a fix for it?

Quote:

---

Originally Posted by Get Em Fast

I found a 'bug', but I'm not sure if it's with ZC or IH. If you have an apostrophe in the Product Title like "Dad's", IH will not display the hover feature. If you escape the apostrophe with a backslash like you would in PHP code, it works just fine, but shows the backslash in the Product's Title, as well. Anybody else have this problem or know of a fix for it?

---

can you give specifics

1) an example page
2) version of Image handler
3) version of zencart

If you look here it works, unless i am misunderstanding what you mean

Hello, out of curiosity I Googled ‘bmz_cache‘. The results returned were 100's of links to the bmz_cache folder for websites that have zen cart and IH2 installed. I do not know if this is a security risk or not? I thought it best to post and inform the powers that be about this in case they did not know.

Now, I have tried this on zen cart sites listed in this forum. While this does not work on all the sites I have tried here, I have found that about 70% of sites allow access to the /bmz_cache folder directly. Of those, about 10% allow access to the web space directory tree by using the 'parent directory' link.

Please advice.
Michael

Quote:

---

Originally Posted by dutchy

Hello, out of curiosity I Googled ‘bmz_cache‘. The results returned were 100's of links to the bmz_cache folder for websites that have zen cart and IH2 installed. I do not know if this is a security risk or not? I thought it best to post and inform the powers that be about this in case they did not know.

---

The bmz_cache will show up because that is where the images are stored and those links are on your webpages, which the bots crawl, so unless you were to put a disallow bmz_cache directive in your robots.txt file you can't really prevent that appearing in google

Quote:

---

Originally Posted by dutchy

Now, I have tried this on zen cart sites listed in this forum. While this does not work on all the sites I have tried here, I have found that about 70% of sites allow access to the /bmz_cache folder directly. Of those, about 10% allow access to the web space directory tree by using the 'parent directory' link.

Please advice.
Michael

---

Thats more of a server configuration issue, infact it is a bit worrying, most servers are set to disallow the view of directories like that, for most that i have experience if you tried to access the bmz_cache folder eg example.com/bmz_cache/ you'll get a 403 error.

Although perhaps "to idiot proof it" in future it might be an idea to add in an automatic generation of an index.html in each bmz folder

Quote:

---

Originally Posted by nigelt74

The bmz_cache will show up because that is where the images are stored and those links are on your webpages, which the bots crawl, so unless you were to put a disallow bmz_cache directive in your robots.txt file you can't really prevent that appearing in google



Thats more of a server configuration issue, infact it is a bit worrying, most servers are set to disallow the view of directories like that, for most that i have experience if you tried to access the bmz_cache folder eg example.com/bmz_cache/ you'll get a 403 error.

Although perhaps "to idiot proof it" in future it might be an idea to add in an automatic generation of an index.html in each bmz folder

---

On my server I CAN visit mysite.com/bmz_cache url - can you let me know how I can stop this?

Thanks.

Quote:

---

Originally Posted by nigelt74

The bmz_cache will show up because that is where the images are stored and those links are on your webpages, which the bots crawl, so unless you were to put a disallow bmz_cache directive in your robots.txt file you can't really prevent that appearing in google

---

Nods in agreement..:yes:

Quote:

---

Originally Posted by nigelt74

Thats more of a server configuration issue, infact it is a bit worrying, most servers are set to disallow the view of directories like that, for most that i have experience if you tried to access the bmz_cache folder eg example.com/bmz_cache/ you'll get a 403 error.

Although perhaps "to idiot proof it" in future it might be an idea to add in an automatic generation of an index.html in each bmz folder

---

Not all servers.. Bluehost for example does not.. But a directive in your root level .htaccess will do the trick nicely..

For those concerned about this, we've covered this in the Rev8c release through an optional directive in the.htaccess file that is in the bmz_cache folder.

In addition to disallowing the upload of potentially destructive files, the .htaccess includes an optional directive that prevents the viewing of the bmz_cache directory listings without interfering with the images being viewed. (so they will still be indexed by Google unless you include the appropriate directives in your robots.txt file.

Code:

---

IndexIgnore */*
 ## NOTE: If you want even greater security to prevent hackers from  running scripts in this folder, uncomment the following line (if your  hosting company will allow you to use OPTIONS):
 #OPTIONS -Indexes -ExecCGI

---

Uncommenting this optional line will prevent anyone from viewing the image directory listings without blocking image from being seen.

See this in action on my test site.. http://zentestcart.overthehillweb.co...&products_id=1

FYI, though this seems like an issue it is NOT a TRUE security issue at all.. What IS (and has been corrected in Rev 8c) a real concern with regards to IH2 is that the bmz-Cache folders in older version are not fully protected from the upload of potentially malicious scripts.. The Rev 8c .htaccess file addresses this concern. (We are using the same .htaccess that has been added to many folders in the 1.3.9 Zen Cart releases)

Hey All,
I have IH2 rev 8 installed running along Jquery Lightbox.
Recently I have been noticing that the first image shows twice when I open it in lightbox. For example, if I have 4 images it will open as:
Image 1-5 with #1 and #2 being the same image. I had IH2 rev 7 and upgraded to rev 8 thinking it might solve my problem since I am running 1.3.9D but the problem persist.

Please point me in the right direction, I am not sure what the problem is.

thanks again,
belaze

Quote:

---

Originally Posted by nigelt74

can you give specifics

1) an example page
2) version of Image handler
3) version of zencart

If you look here it works, unless i am misunderstanding what you mean

---

nigelt.....thanks for the response, but........Yep, you MAY have misunderstood, as it doesn't have any problem hovering the Main Image on the Product Listing Page.......it's the Additional Images on the Product Info page that it won't hover if there's an apostrophe in the Title.

Example of one doing this with the word Dad's in the title:
http://69.89.31.60/~lasercra/index.p...roducts_id=960

Now, here's an example of one that WAS doing the exact same thing, but works just fine now that the apostrophe in the word Mom's was removed:
http://69.89.31.60/~lasercra/index.p...roducts_id=238


Any ideas?