OpenCart Community

OpenCart Community Forum - Discuss shopping cart and e-commerce solutions.
https://forum.opencart.com/

Bug in configuration (config.php and spread)

https://forum.opencart.com/viewtopic.php?t=129229

Page 1 of 1

Bug in configuration (config.php and spread)

Posted: Fri Aug 08, 2014 8:02 am
by mrbi11
Although in both config.php there is a setting for image folder
define('DIR_IMAGE', '/home/esoftw5/public_html/me3d.us/me3d.us/image/');
so apparently one could:
define('DIR_IMAGE', '/home/esoftw5/public_html/me3d.us/me3d.us/PRIVATEIMAGEFOLDERNAME/');


In fact, it is hard coded in dozens of places that the URL is generated with the string 'image/',
so renaming the image folder for privacy/security is not practical.

Here is an example:
if (isset($this->request->server['HTTPS']) && (($this->request->server['HTTPS'] == 'on') || ($this->request->server['HTTPS'] == '1'))) {
return HTTPS_CATALOG . 'image/' . $new_image;
} else {
return HTTP_CATALOG . 'image/' . $new_image;
}
The code is littered with this construct.

Re: Bug in configuration (config.php and spread)

Posted: Fri Aug 08, 2014 6:44 pm
by Reemon
Hey just question. If you have some "private image folder name". What would be it for? If I would go to your website and there would be some images from "private image folder name" then I would easily find out what the name is. Am I missing something?

Re: Bug in configuration (config.php and spread)

Posted: Fri Aug 08, 2014 11:25 pm
by Qphoria
You are both right. You could rename the image folder and the hardcodes should be changed... however, one could easily view the source of your page and get that image path so there's no real value.
All times are UTC+08:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/