Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Support thread for the Image Magic contribution


tomjmul

Recommended Posts

Hi guys I' ve been using this contribution now for a while and it is very good. (Apart from the fact that I cant seem to get the server-side cache to work :'( , nevermind)

 

I have just been informed of a security risk by hackerguardian about a possible BLIND SQL injection techniques.

 

The following URLs seem to be vulnerable to BLIND SQL injection techniques : /imagemagic.php?page=&h=200&img=images/XXXXXX.jpg&w=132+AND+1=1) An attacker may exploit this flaws to bypass authentication or to take the control of the remote database.

 

Solution : Modify the relevant CGIs so that they properly escape arguments

 

I have absolutley no idea how to modify the code in order to solve this security issue.

 

Can anybody help with this matter?

Link to comment
Share on other sites

  • Replies 1.3k
  • Created
  • Last Reply

Top Posters In This Topic

 

Those still work, but the latest version there is 1.15.

 

Here is a link that I found for Image Magic 1.17 and it includes all instructions. It works perfectly for me, including text and image watermarking, so if you are having trouble know that it must be your server or incorrect installation.

 

http://rapidshare.com/files/17703789/image...117osc.zip.html

 

Good Luck!

Link to comment
Share on other sites

Receiving the following error:

"Error

File path incorrect

check configure.php"

 

However, before the installation of Image Magic, the images showed up fine. Is there something in the code I need to change? here is what I put in inside the html_output.php file replacing the start of line 72:

//BOF Image Magic
function tep_image($src, $alt = '', $width = '', $height = '', $params = '') {
 global $product_info;

 //Allow for a new intermediate sized thumbnail size to be set
 //without any changes having to be made to the product_info page itself.
 //(see the lengths I go to to make your life easier :-)
 if (strstr($_SERVER['PHP_SELF'],"product_info.php")) {

       if (isset($product_info['products_image'])
                  && $src == DIR_WS_IMAGES . $product_info['products_image']
                  && $product_info[products_id]==$_GET['products_id'])  {   //final check just to make sure that we don't interfere with other contribs
           $width = PRODUCT_INFO_IMAGE_WIDTH == 0?'':PRODUCT_INFO_IMAGE_WIDTH;
           $height = PRODUCT_INFO_IMAGE_HEIGHT == 0?'':PRODUCT_INFO_IMAGE_HEIGHT;
           $product_info_image=true;
           $page="prod_info";
       }
 }

 //Detect whether this is a pop-up image
 if (strstr($_SERVER['PHP_SELF'],"popup_image.php")) $page="popup";

 //do we apply the IE PNG alpha transparency fix?
 if  (strstr(strtolower($src),".png") && CFG_PNG_BUG=="True") $fix_png = true;

 //send the image for processing unless told otherwise
 $image = '<img src="' . $src . '"'; //set up the image tag just in case we don't want to process
 if (CFG_MASTER_SWITCH=="On") $calculate = true;
 else $calculate=false;

 // Don't calculate if the image is set to a "%" width
 if (strstr($width,'%') == true || strstr($height,'%') == true) $calculate = false;

 // Dont calculate if a pixel image is being passed (hope you dont have pixels for sale)
 if (strstr($image, 'pixel')) $calculate = false;


 $image_size = @getimagesize($src);


 // Decide whether or not we want to process this image
 if (($width == '' && $height == '' && $page != 'popup' ) || ($width == $image_size[0] && $height == $image_size[0] && $page != 'popup')) {
       if (CFG_PROCESS_GRAPHICS=="False") $calculate = false; //looks like this is a store graphic rather than product image
 }

 // Is this image good to go?
 if (CONFIG_CALCULATE_IMAGE_SIZE && $calculate) {

 if ($image_size) {

     $ratio = $image_size[1] / $image_size[0];

     // Set the width and height to the proper ratio
     if (!$width && $height) {
       $ratio = $height / $image_size[1];
       $width = intval($image_size[0] * $ratio);
     } elseif ($width && !$height) {
       $ratio = $width / $image_size[0];
       $height = intval($image_size[1] * $ratio);
     } elseif (!$width && !$height && !$over_ride) {
       $width = $image_size[0];
       $height = $image_size[1];
     }

     //Encrypt the image filename if switched on
       if (CFG_ENCRYPT_FILENAMES == "True" && CFG_ENCRYPTION_KEY !="") {
             $result = '';
             $key=CFG_ENCRYPTION_KEY;
             for($i=0; $i<strlen($src); $i++) {
                 $char = substr($src, $i, 1);
                 $keychar = substr($key, ($i % strlen($key))-1, 1);
                 $char = chr(ord($char)+ord($keychar));
                 $result.=$char;
             }
             $src=urlencode(base64_encode($result));
       }

      //Return the html
       $image = '<img src="imagemagic.php?img='.$src.'&w='.
       tep_output_string($width).'&h='.tep_output_string($height).'&page='.$page.'"';

   } elseif (IMAGE_REQUIRED == 'false') {
     return false;
   }
 }

   //If the size asked for is greater than the image itself, we check the configs to see if this is allowed and if not over-ride
 if ($width > $image_size[0] || $height > $image_size[1]) {
       if (CFG_ALLOW_LARGER  != 'True'){
             $width=$image_size[0];
             $height=$image_size[1];
             $over_ride = true;
       }
 }
 // Add remaining image parameters if they exist
 if ($width) {
   $image .= ' width="' . tep_output_string($width) . '"';
 }

 if ($height) {
   $image .= ' height="' . tep_output_string($height) . '"';
 }

 if (tep_not_null($params)) $image .= ' ' . $params;

 $image .= ' border="0" alt="' . tep_output_string($alt) . '"';

 if (tep_not_null($alt)) {
   $image .= ' title="' . tep_output_string($alt) . '"';
 }

 if ($fix_png && CFG_MASTER_SWITCH=="On") {
       $image .= ' onload="fixPNG(this)"';
 }

 $image .= '>';
 return $image;
}
//EOF Image Magic

 

Any help would be appreciated.

Link to comment
Share on other sites

I realize that this contrib may not be supported by its original maker but I hope someone may be able to answer my question. Perhaps this has happened to them.

 

I recently moved my sites to a new server running php 4.4.5 with GD. I have had to install the register globals mod for the stores to work properly.

 

My problem now is this: imagemagic is not creating new thumbnails. I moved the thumbnail folder with the sites, but it is not creating new thumbnails for new product images. It will find the old thumbs to display on the site, just not create a new one. I've made sure the thumbnail folders were set at 777 too.

 

Is there something I need to fix? The sites were running fine with no problems before the move.

 

Thanks in advance for your help.

Link to comment
Share on other sites

Well, I think I fix it. I went in and changed the folders and their CONTENTS to 777, apparantly it didint change the entire contents when I changed the folder permissions. This seems to have solved my problem.

 

good to hear that it is working again!

Link to comment
Share on other sites

As this contribution was released under the GPL over here at oscommerce.com does that mean anyone who has a copy of it can release it again under the GPL?

 

Was the removal of this contribution due to the 'make a donation' integration within the image magic admin section? I hated that and if it has been removed for that reason I am glad. Now, can someone with enough knowledge remove the offending parts and re-release it unto the world (oscommerce.com contribs section)?

Edited by psynaptic
Link to comment
Share on other sites

I looked through the files of the version that I have and it doesn not contain any license information, so I am not sure if we can legally assume that it was GPL since it was on this site, or perhaps that was exactly why they removed it, since its status is unclear.

 

If someone has an older copy that specifically states it was GPL, we should start there...

 

 

On another note, does anyone know if there is a setting to resize the images and add rounded corners? So I could easily crate images like these: Algozone Template

 

As this contribution was released under the GPL over here at oscommerce.com does that mean anyone who has a copy of it can release it again under the GPL?

 

Was the removal of this contribution due to the 'make a donation' integration within the image magic admin section? I hated that and if it has been removed for that reason I am glad. Now, can someone with enough knowledge remove the offending parts and re-release it unto the world (oscommerce.com contribs section)?

Edited by ethanpil
Link to comment
Share on other sites

The contribution has been removed because there was no mention of license, and contributions on osCommerce site must be GPL.

The donation button is not very nice and should be removed (the button is on the author's website so he can track how many people are using this code). It also tells where your admin folder is. You can remove it using phpMyAdmin, table configuration, sort by column ...KEY, the last parameter without will be the donation. (Or sort twice and it becomes first).

 

- Rigadin2

Link to comment
Share on other sites

The contribution has been removed because there was no mention of license, and contributions on osCommerce site must be GPL.

The donation button is not very nice and should be removed (the button is on the author's website so he can track how many people are using this code). It also tells where your admin folder is. You can remove it using phpMyAdmin, table configuration, sort by column ...KEY, the last parameter without will be the donation. (Or sort twice and it becomes first).

 

- Rigadin2

Thanks for that. I've removed that row and everything still works fine. Bonus.

 

Anyway, my installation has somehow gone bad. It's nothing to do with removing the donation row as it was like this before I removed it. For some reason image magic can't display my images at all. I think image magic is bloated for my needs. All I really need is something that will resample my images whilst resizing my thumbnails.

 

I'm going to have an explore of the contribution section and test some out. Maybe someone has a recommendation.

Link to comment
Share on other sites

One trick I already proposed in this thread when you have a problem with images not showing up:

 

Look at the source code of the page, where the image is supposed to be displayed: the image source (<img src=...) refers to imagemagic.php with several parameters.

Copy the image source URL and copy it to your browser's address bar, to access directly imagemagic. You'll probably see a page with an error that will help you solve the problem, like permission denied (thumbnail folder should be chmod 777), or memory problem (too big images?).

 

- Rigadin2

Link to comment
Share on other sites

  • 2 weeks later...

anyone know how to make Image Magic give valid HTML?

 

problem that i'm having is that Image Magic outputs image code like this:

 

<img src="imagemagic.php?img=images/smallashiko.jpg&w=100&h=150&page=" >

 

and the ampersands in the source value are coming up invalid

 

according to the w3:

Warning Line 141 column 235: cannot generate system identifier for general entity "w".

 

...magic.php?img=images/smallashiko.jpg&w=100&h=150&page=" width="100" height="1

 

An entity reference was found in the document, but there is no reference by that name defined. Often this is caused by misspelling the reference name, unencoded ampersands, or by leaving off the trailing semicolon. The most common cause of this error is unencoded ampersands in URLs as described by the WDG in "Ampersands in URLs".

 

as you can see, the bit in red is my problem.

 

help? anyone?

Link to comment
Share on other sites

Open "includes/functions/html_output.php" and find "tep_href_link('imagemagic.php'". On this line, replace all three "&" by "&". That sould do it! ;-)

 

thanks, moku! i probably could have figured that out eventually, but you just saved me a lot of trouble. thanks again!

 

rj

Link to comment
Share on other sites

I tried to search for an answer for quite sometime now and hope somebody will be able to help:

I installed imagemagic without any problem and everything seems to be working normally, but there is one minor problem: if i upload the same image file via the osCommerce admin panel, then the thumbnail of that image failed to show on either the category listing or the product info page, however if you click to enlarge the thumbnail, the image works normally.

Stangely when i use the oscommerce admin to copy a product as a new products (hence two products with the same image file), the thumbnail and image for both products works normally.

 

The reason why I upload the same image files is: sometimes two products actually have the same image, or I use one of the product image as the category image.

 

When the problem occurs, i have to change the file names of both products (or one product one catagory) to solve the problem.

Link to comment
Share on other sites

  • 3 weeks later...

How do i have imagemagic process images from a remote location. Current i set up the dir images in config file to http://myimagesdomain.com/images/ and uploaded a ton of products via Easy Populate and all the images are fine, they are read from the remote location. I installed imagemagic and somehow the images are not being processed.

 

Any idea how to make this work?

Link to comment
Share on other sites

I tried to search for an answer for quite sometime now and hope somebody will be able to help:

I installed imagemagic without any problem and everything seems to be working normally, but there is one minor problem: if i upload the same image file via the osCommerce admin panel, then the thumbnail of that image failed to show on either the category listing or the product info page, however if you click to enlarge the thumbnail, the image works normally.

Stangely when i use the oscommerce admin to copy a product as a new products (hence two products with the same image file), the thumbnail and image for both products works normally.

 

The reason why I upload the same image files is: sometimes two products actually have the same image, or I use one of the product image as the category image.

 

When the problem occurs, i have to change the file names of both products (or one product one catagory) to solve the problem.

 

This is because your thumbnails are cached on the server. When you change the original image, the thumbnail does not know it and therefore it is not re-generated. The easiest solution is to change one configuration parameter of ImageMagic, from admin, so all thumbnails will be deleted from the server and re-generated when users are visiting your store.

 

- Chris

Link to comment
Share on other sites

Both contributions are working well together. The only place where both of them make some modifications is includes/functions/html_output.php, function tep_image. Use tep_image function from ImageMagic and place STS modifications at the beginning of the function (just after global $product_info;), and it'll work forever!

 

- Chris

Link to comment
Share on other sites

Hi!!! I hope someone can help me...

I have imagemagic on two sites. On one it's working veri well - site one - but on the other.... not. - the other site.

The problem is that iamge magic doesn't do its job on my images, except for the image fetched from coppermine on the front page. That one, on Properties, says imagemagic... All the other images don't.

 

I have Page Cache installed - could this be the problem? Because I've read everything and I mean everything on this subjecty and can't find an answer. I've installed (and reinstalled) correctly everything, the images have in admin only width set... tried it with page cache off, with cache off....

 

Please, if someone could help I'd be grateful, because I really need to spped up my site..

Thank you!

Link to comment
Share on other sites

Could someone please post a direct link or a link to a webpage that still has tomjmul's latest version (1.6 i belive) of IM?

 

Thanks

 

--

D-BlooD

Try this instead:

 

http://www.oscommerce.com/community/contributions,2226

 

It covers everything I needed from IM.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...