Image Handler 2 Security issue?

[Shane78]

Jones: i would have thought you'd have taken me up on the offer to have some test webspace on one of my servers. Seeing as one of the servers i have is supplied by the same company that rebrands servers to one of the Zen Cart Certified hosts. Ensureing that it works on those too.

Brown: you both seem to be making jolly good head way on resolving this.

I do hope it is ok to use your names? After all you are addressing me by my real name, i think it's only fair for me to use the same level of familarity.

[ckosloff]

Diva,
How dare you call me a programmer and by my handle too!
Sure I am on the side of caution, and try not to err to much.
I think that all references to the safemode hack should be eventually deleted as all this is dinosaur stuff.
I don't know of any webhost who still uses safemode, all the large hosting companies with Linux and PHP on their shared servers run PHP as FastCGI, or maybe SuExec, setting folders to 755 should work OK from now on.
If anybody reports problems we will kindly advise to change webhosts.
I know that you are going ahead with commenting out all references to safemode hack and that is fine and dandy, I will do so too.
BUT...let's try it llike that for a while to see if there is anyone out there who still needs it, unlikely possibility.
If nobody reports problems with the commented-out files we will certainly delete all the references to the safemode hack, maybe in next version.
How about that?
BTW, commenting out lines 28 and 52 in functions_bmz_io.php is fine too.
Good catch!

[DivaVocals]

Understood which is why I thought commenting out all of this old code versus removing it altogether would appeal to your sense of caution.. and I titled ya by what you have been for this module.., and I will call you by your real name here when you state it's okay to do so.. So for now you will be referred as ckosloff by me at least..

Diva,
How dare you call me a programmer and by my handle too!
Sure I am on the side of caution, and try not to err to much.
I think that all references to the safemode hack should be eventually deleted as all this is dinosaur stuff.
I don't know of any webhost who still uses safemode, all the large hosting companies with Linux and PHP on their shared servers run PHP as FastCGI, or maybe SuExec, setting folders to 755 should work OK from now on.
If anybody reports problems we will kindly advise to change webhosts.

Understood, and will do sir! As always your work on IH2 is appreciated..

I know that you are going ahead with commenting out all references to safemode hack and that is fine and dandy, I will do so too.
BUT...let's try it llike that for a while to see if there is anyone out there who still needs it, unlikely possibility.
If nobody reports problems with the commented-out files we will certainly delete all the references to the safemode hack, maybe in next version.
How about that?

I'm learning.. I've updated the test fileset accordingly.. Just waiting to hear back from the rest of the testers.. clydejones has already reported to me via PM that the new fileset is working fine.

BTW, commenting out lines 28 and 52 in functions_bmz_io.php is fine too.
Good catch!