Re: Image Handler 4 (for v1.5.x) Support Thread
Installing this module some issues have come to light. I was hoping these could be addressed.
1. The very fact that this module installs/writes files and installer functions/files are not removed post successful installation is not secure.
I would think that anyone installing this module could certainly and more safely run an SQL patch.
2. The creating of filenames which have no associated function, such as .bak is a vulnerability and PCI fail.
There is no need for this as certainly we do not want to be overwriting existing template files anyhow. Detailed merging instructions should likely be included in the place of the "installer"
Additionally, this thread is not listed in the documentation and should be added, as the instructions for using the installer are quite complicated.... More so than just installing the module without it would be.
I find it troubling that once installed even, deletion of these .bak files disables the module.
I am not trying to beat anyone up, but clearly this module is something shop owners need and always have needed... However, it makes no sense to take PCI certified software and in one shot make it vulnerable and PCI fail.
I would be willing to help out as I can, but I lack the GD/IMageMagick skills to port this to 1.5.0.
~Melanie
Re: Image Handler 4 (for v1.5.x) Support Thread
Quote:
Originally Posted by
mprough
1. The very fact that this module installs/writes files and installer functions/files are not removed post successful installation is not secure.
The install function was INDEED written to "clean up" after the install and it most certainly does remove the auto-installer files. (there's posts in this support thread discussing this behavior) Is this not occurring for you??? If not you will need to provide more details.
Quote:
Originally Posted by
mprough
I would think that anyone installing this module could certainly and more safely run an SQL patch.
Historically this app has never used an external SQL file for install or uninstall. We wanted to maintain this level of transparency with the new version..
Quote:
Originally Posted by
mprough
2. The creating of filenames which have no associated function, such as .bak is a vulnerability and PCI fail.
Already aware of this and it there is already a planned modification to address this in the next version..
Quote:
Originally Posted by
mprough
There is no need for this as certainly we do not want to be overwriting existing template files anyhow. Detailed merging instructions should likely be included in the place of the "installer"
The 3 override files being overwritten are not files typically overwritten by any other add-ons -- with the exception of the two popular lightbox add-ons.. For many shopowners this is the only modification made to the 3 core files that this add-on overridess.
Nevertheless, we have no plans to replace the auto-installer simply because of this. File merging is covered in the advanced section of the install instructions. We will however be revisiting changes to the main install instructions in the next release (which should be the next day or two).
Quote:
Originally Posted by
mprough
Additionally, this thread is not listed in the documentation and should be added, as the instructions for using the installer are quite complicated.... More so than just installing the module without it would be.
Chicken/egg scenario.. The support thread was created after the add-on was submitted. So there's no way I COULD HAVE included the link to the support thread in the readme..
For the record, there's a TON of add-ons that don't provide links to the support thread in their readme files AT ALL let alone a link to the support thread in the add-on description.
That all said, the plan all along was to update the readme with the next release to include this information..
Quote:
Originally Posted by
mprough
I find it troubling that once installed even, deletion of these .bak files disables the module.
Not one person in testing reported anything close to this as an issue, and I can't replicate this particular behavior.. I will test again tonight to see if this bears out.. In the meantime, more details would be appreciated..
Re: Image Handler 4 (for v1.5.x) Support Thread
No, init_image_handler (below) is not removed.
Quote:
Historically this app has never used an external SQL file for install or uninstall. We wanted to maintain this level of transparency with the new version..
Correct, but it hadn't the ability to make directories and write file before either... which is a whole new ballgame.
deletion of the .bak file was reported to me by a colleague, first the other day.... I only had time to mess around with it today, but she was correct. delete the files and the module is disabled.
Wasn't beating you up re the thread... but none the less should have been present as I was already instructed as well =) How would I possibly know you knew that?
Quote:
New Installation Instructions for Advanced Users
This set of instructions is for those who are familiar with Zen Cart and addon installations. If you need more detail than is provided, please scroll up to the Installation for Beginner/Intermediate Users section.
As always, back up your database & store.
Rename the YOUR_ADMIN folder. Do not rename, remove, or relocate any of the other files or folders. Doing so may cause the auto-installer to fail.
Make any file merges that may be necessary. Some filepaths and files have changed. Please use the filemap below to assist you.
IH4 Installation Package Files
Maps to These Files in Your Store
/YOUR_ADMIN/includes/modules/category_product_listing_IH4.php /YOUR_ADMIN/includes/modules/category_product_listing.php
/includes/modules/pages/popup_image/header_php_IH4.php /includes/modules/pages/popup_image/header_php.php
/includes/modules/pages/popup_image_additional/header_php_IH4.php /includes/modules/pages/popup_image_additional/header_php.php
/includes/modules/IH_INSTALL/additional_images.php /includes/modules/YOUR_TEMPLATE/additional_images.php
/includes/modules/IH_INSTALL/main_product_image.php /includes/modules/YOUR_TEMPLATE/main_product_image.php
/includes/templates/IH_INSTALL/popup_image_additional/tpl_main_page.php /includes/templates/YOUR_TEMPLATE/popup_image_additional/tpl_main_page.php
Log in to your store's admin. If you forget to do this before you upload your files, Image Handler4 will still install, but you won't see the message confirming successful install.
Upload the files to your server & then click any link in your admin to see the success message in your message stack
In Admin > Configuration > Images, set "IH resize images" to "yes" and configure as desired
If you are using Fual Slimbox or Zen Lightbox with Image Handler4 you MUST follow the instructions in the "Misc" tab regarding using either of these mods with Image Handler4.
Cannot install without the .bak files and even then although installed was not functioning. I actually did this 5 times.
My servers will not even allow the creation/storage of .bak files unless a mime type is created... as it should be according to the PCi guys.
I just want to be able to use this and install it myself w/o creating issues. It is a very good module, but I think the installer needs to be rethought and the manual installation needs attention as many PCI compliant server cannot make .bak files, cannot use the mkdir in that way as it sets the permissions incorrectly... it will additionally never work on Win, not that I care about Win :lamo:
Code:
// make override directories if needed
@mkdir(DIR_FS_CATALOG.'includes/modules/'.$current_template, 0755);
@mkdir(DIR_FS_CATALOG.'includes/templates/'.$current_template.'/css', 0755);
@mkdir(DIR_FS_CATALOG.'includes/templates/'.$current_template.'/jscript', 0755);
@mkdir(DIR_FS_CATALOG.'includes/templates/'.$current_template.'/popup_image_additional', 0755);
// new files or non-core files
// these are deleted on uninstall
$files = array(
DIR_FS_CATALOG.'bmz_cache/.htaccess',
DIR_FS_CATALOG.'images/watermark.png',
DIR_FS_CATALOG.'images/large/watermark_LRG.png',
DIR_FS_CATALOG.'images/medium/watermark_MED.png',
DIR_FS_CATALOG.'includes/classes/bmz_gif_info.class.php',
DIR_FS_CATALOG.'includes/classes/bmz_image_handler.class.php',
DIR_FS_CATALOG.'includes/extra_configures/bmz_image_handler_conf.php',
DIR_FS_CATALOG.'includes/extra_configures/bmz_io_conf.php',
DIR_FS_CATALOG.'includes/functions/extra_functions/functions_bmz_image_handler.php',
DIR_FS_CATALOG.'includes/functions/extra_functions/functions_bmz_io.php',
DIR_FS_ADMIN.'image_handler.php',
DIR_FS_ADMIN.'includes/ih_manager.php',
DIR_FS_ADMIN.'includes/init_includes/init_image_handler.php',
DIR_FS_ADMIN.'includes/auto_loaders/config.image_handler.php',
DIR_FS_ADMIN.'images/checkpattern.gif',
DIR_FS_ADMIN.'images/icon_image_handler.gif',
DIR_FS_ADMIN.'images/ih-test.gif',
DIR_FS_ADMIN.'images/ih-test.jpg',
DIR_FS_ADMIN.'images/ih-test.png',
DIR_FS_ADMIN.'includes/extra_configures/bmz_image_handler_conf.php',
DIR_FS_ADMIN.'includes/extra_configures/bmz_io_conf.php',
DIR_FS_ADMIN.'includes/extra_datafiles/image_handler.php',
DIR_FS_ADMIN.'includes/functions/extra_functions/functions_bmz_image_handler.php',
DIR_FS_ADMIN.'includes/functions/extra_functions/functions_bmz_io.php',
DIR_FS_ADMIN.'includes/languages/english/extra_definitions/bmz_image_handler.php',
DIR_FS_ADMIN.'includes/languages/english/extra_definitions/bmz_language_admin.php',
DIR_FS_ADMIN.'includes/modules/category_product_listing.DEFAULT.php.bak',
DIR_FS_CATALOG.'includes/modules/pages/popup_image/header_php.DEFAULT.php.bak',
DIR_FS_CATALOG.'includes/modules/pages/popup_image_additional/header_php.DEFAULT.php.bak'
);
// core files with overwrite
// these are rolled back to Zen Default on uninstalll - the .bak file is left in place
// files arranged in array (file_to_replace,file_to_replace_with)
// file_to_replace will be resaved as file_to_replace.bak
$core_files = array(
array(DIR_FS_ADMIN.'includes/modules/category_product_listing.php',DIR_FS_ADMIN.'includes/modules/category_product_listing_IH4.php'),
array(DIR_FS_CATALOG.'includes/modules/pages/popup_image/header_php.php',DIR_FS_CATALOG.'includes/modules/pages/popup_image/header_php_IH4.php'),
array(DIR_FS_CATALOG.'includes/modules/pages/popup_image_additional/header_php.php',DIR_FS_CATALOG.'includes/modules/pages/popup_image_additional/header_php_IH4.php'),
);
// core files for rollback on uninstall
// not used on install
// files arranged in array (file_to_replace,file_to_replace_with)
// file_to_replace will be resaved as file_to_replace.bak
$rollback_files = array(
array(DIR_FS_ADMIN.'includes/modules/category_product_listing.php',DIR_FS_ADMIN.'includes/modules/category_product_listing.DEFAULT.php.bak'),
array(DIR_FS_CATALOG.'includes/modules/pages/popup_image/header_php.php',DIR_FS_CATALOG.'includes/modules/pages/popup_image/header_php.DEFAULT.php.bak'),
array(DIR_FS_CATALOG.'includes/modules/pages/popup_image_additional/header_php.php',DIR_FS_CATALOG.'includes/modules/pages/popup_image_additional/header_php.DEFAULT.php.bak'),
);
// template files
// these are deleted on uninstall - the .bak file is left in place
// files arranged in array (file_to_replace,file_to_replace_with)
// file_to_replace will be resaved as file_to_replace.bak
$template_files = array(
array(DIR_FS_CATALOG.'includes/modules/'.$current_template.'/additional_images.php',DIR_FS_CATALOG.'includes/modules/IH_INSTALL/additional_images.php'),
array(DIR_FS_CATALOG.'includes/modules/'.$current_template.'/main_product_image.php',DIR_FS_CATALOG.'includes/modules/IH_INSTALL/main_product_image.php'),
array(DIR_FS_CATALOG.'includes/templates/'.$current_template.'/css/style_imagehover.css',DIR_FS_CATALOG.'includes/templates/IH_INSTALL/css/style_imagehover.css'),
array(DIR_FS_CATALOG.'includes/templates/'.$current_template.'/jscript/jscript_imagehover.js',DIR_FS_CATALOG.'includes/templates/IH_INSTALL/jscript/jscript_imagehover.js'),
array(DIR_FS_CATALOG.'includes/templates/'.$current_template.'/popup_image_additional/tpl_main_page.php',DIR_FS_CATALOG.'includes/templates/IH_INSTALL/popup_image_additional/tpl_main_page.php')
);
Re: Image Handler 4 (for v1.5.x) Support Thread
Quote:
Originally Posted by
mprough
No, init_image_handler (below) is not removed.
But the auto-loader file which executes it is.
Quote:
Originally Posted by
mprough
Correct, but it hadn't the ability to make directories and write file before either... which is a whole new ballgame.
Not that new since the code that creates the files and directories in the bmz_cache folder writes directories and files too..
Quote:
Originally Posted by
mprough
deletion of the .bak file was reported to me by a colleague, first the other day.... I only had time to mess around with it today, but she was correct. delete the files and the module is disabled.
if you delete them BEFORE you install the add-on then no you're right.. the install won't work. You can easily delete the .BAK files created by the install in the template directories with no issues whatsoever.
Quote:
Originally Posted by
mprough
Wasn't beating you up re the thread... but none the less should have been present as I was already instructed as well =) How would I possibly know you knew that?
Wasn't expecting you to know at all nor was I feeling beat up.. I was simply responding to your inquiry about the .BAK files to let you know I'd been made aware of the issue and it will be addressed in the next update.
Quote:
Originally Posted by
mprough
Cannot install without the .bak files and even then although installed was not functioning. I actually did this 5 times.
My servers will not even allow the creation/storage of .bak files unless a mime type is created... as it should be according to the PCi guys.
Again.. got it, and will be addressed in the next release..
Quote:
Originally Posted by
mprough
I just want to be able to use this and install it myself w/o creating issues. It is a very good module, but I think the installer needs to be rethought and the manual installation needs attention as many PCI compliant server cannot make .bak files, cannot use the mkdir in that way as it sets the permissions incorrectly... it will additionally never work on Win, not that I care about Win :lamo:
Well I don't believe the installer truly requires a LOT of re-thinking.. The changes we need to make are fairly simple to implement, and are being addressed..
1 Attachment(s)
Re: Image Handler 4 (for v1.5.x) Support Thread
Hello, before complaining I must say thanks for the excellent addon. Used version 3 successfully on 1.38 for quite awhile, thanks.
I installed a fresh version of zencart 1.5. Imported older database from 1.38 store still online and all bmz_cache directories and images. I installed a fresh copy of Image Handler 4 then a fresh copy of zen_lightbox keeping zen_lightbox's additional_images.php. The first time I hover over an image a space of 100px's or so is created above my page and the image is displayed there. The space stays and each mouseover creates the image there not where it should be. The only other addon or change beside css files and such is zen_lightbox and its working fine. I've double checked files and am stumped, any helps appreciated, thanks
Re: Image Handler 4 (for v1.5.x) Support Thread
My screwup, Image Handlers back on top :) thanks again for all the addons you've written and shared.
Re: Image Handler 4 (for v1.5.x) Support Thread
@Melanie
Just my thoughts:
Delete of installer:
traditionally, IH has had an installer. It ran on a function that was triggered by the 'install' button. That function stayed in place after it ran. This is just the same. The installer functions stay in place but they are just not actioned. I am not sure that I completely understand your argument against this. Many modules on many platforms do not delete there install functions.
BAK files
Yes, this is going to be changed.
I think that there is a bit of a misunderstanding between you and Diva about this. There are BAK files in the original upload package. They are basically files that are going to be moved during the install or uninstall and are uploaded as BAK files. If those files are deleted prior to upload then the installer will not run as it checks that the files are uploaded correctly before continuing. There are also BAK files that are created when a file is overwritten. If you delete these then you should have no problems.
In general, the BAK suffix was a mistake and will be changed.
Actually, the file checking part of the installer is a part that I would be most reluctant to see removed. So many 'errors' are created by files be uploaded incorrectly that a quick check of this before install is finalised seems like a good idea.
Complication
Well, i think that you are just wrong here. The install procedure is to log in to zen admin, change the name of admin in the package, upload the files, refresh a page in admin. Takes me under a minute. But that is just my opinion.
Backing up Template files
Well, I know what you mean. But the idea is not that the file merging should not happen. Evidently the file merging needs to happen. The concept is more that part of the install should have a backup involved. So, for instance, if someone hadn't done the file merging there would still be a record of their previous file state. I can't honestly see why backing up a file is a problem.
File Handling in General.
Well, yes there is a different ballgame when you start moving files on the server. There are arguments for and against here. I understand that you are strongly on one side of that. Again, the support threads show that most errors are created by people putting files in the wrong places. The file handling does two things:
-- creates backup versions of overwritten files
-- puts the template files in the right place
Is your argument against either or both of these or just the concept of doing this programatically rather than manually?
Re: Image Handler 4 (for v1.5.x) Support Thread
OK,
I now have the admin functionality of IH4 working after installing the rolled back version you sent me Nicol.
What I don't have is the additional images showing at all in the shop.
Not sure why though.... I tried switching back to the clasic template but still no joy. Am I missing something stupid here???
URL:http://d2262519.i225.quadrahosting.c...&products_id=2
Re: Image Handler 4 (for v1.5.x) Support Thread
OK guys,
I ditched the test site and had to have a go at my live site because there were real problems with the images.
I'm happy to report that IH4 is now working perfectly on my site!
Thanks very much to all the guys who work on this fantastic Mod. I would hate to have to run a Zen store without it!
Re: Image Handler 4 Support Thread
Quote:
Originally Posted by
ndg_uk
Found it in the admin configure.php file
All working fine
Thanks for your help
I am having the same problem. :blink: Could someone give me the path to the adim.comfigure.php and what was altered.
