Home General support

zen displays hidden files?!

jssmadtown Member
in General support
I'm a mac guy, looking for an easy way to transfer files from iPhoto to my zenphoto site. A nice built in feature with iPhoto is its simple export function, which used with a remotely mounted server makes transfers from within iPhoto (via Finder) easy. A nice zenphoto feature is that if you create a new folder, this becomes an album, making it very easy to add albums in this way. You just first mount the server in Finder (or however), then in iPhoto select the photos you want to transfer, and navigate to the server using standard OSX.

When copying files to remote servers, Finder creates a .DS_Store file with the Finder settings. Using iPhoto 6 (somewhat dated), iPhoto's export also creates a hidden file named ._IMG where IMG is the actual image file, e.g., IMG.jpg, for each image file transfered. The content of this hidden file appears harmless, but zenphoto attempts to display the file, maybe because it has a valid extension? In contrast, the .DS_Store file is not a problem, probably because is has no useful extension?

I also have a copy of iPhoto 8 that just came with a new laptop, and it looks like the hidden file is not created in this later version of iPhoto. This makes the above method all that much better, since you don't have to go back and delete the useless hidden files.

I'm posting this, because I wonder about the policy for displaying hidden files. My guess is that a .anything file should not be displayed, whereas zenphoto attempts to do so (in this case only going so far as a hyperlink to the hidden file name). If you just put a valid photo file in an album, with a .name, it gets displayed just fine. I'm not at all very savy in these matters, but I suspect this could be used as a security hole?

Comments

  • acrylian Administrator, Developer
    I am Mac user myself and it never had any problems with those .ds files on my localhost or web (I never used iPhoto and have only an far more outdated version 3 though). They are simply not displayed. What can cause problems visible files within an album folder.

    I don't see how that impact security, since the .ds files itself are pretty useless. I don't believe that there is anything important stored in those files.

    I believe there are programs that can remove those hidden files, too. Take a look at www.macupdate.com for example.

    BTW, some user had the idea to write a zenphoto plugin for iPhoto, so maybe that would take care of that too: http://www.zenphoto.org/support/topic.php?id=2446&replies=5
  • jssmadtown Member
    The .DS_Store files themselves aren't a concern. They just hold the view preferences used by Finder. I was more concerned that zenphoto was willing to display *any* hidden file. Suppose, in bizarre circumstance, a file .htaccess.jpg was created that was duplicate of .htaccess (by, I don't know, somebody's clever file renaming script or something). Seems like the info in .htaccess.jpg (i.e., .htaccess) would be accessible when zenphoto treats is as a .jpg file.

    A plugin for iPhoto would be handy. Hope somebody works on that. The scheme I outline in first post is very easy. Maybe I'll summarize it in the thread you noted.
  • acrylian Administrator, Developer
    I of course know that about the .ds-files. I just remembered that we had some display problems with unwanted files within album folders, that prevented albums from showing. Anyway, I ran a test on my localhost installation to be sure:

    1. A true imagefile named .image.jpg will be show as any other image too.
    2. A .DS_sStore file renamed to .DS_Store.jpg will be indeed listed as an image, too, but nothing gets displayed except for the placeholder for missing images because the image/thumb could not be generated. All images run through the GD lib that generates the sized image and the thumbnail. ZEnphoto can't display text files. This would happen with a renamed htaccess file, too.

    I don't think this is a security issue, but I am not the security expert in the team.
  • jssmadtown Member
    I'm not a security expert, either. That's why I asked. Thanks for the replies!
  • djdevine Member
    Seems though that the .DS_store files are causing an error if you try to delete an album that contains a .DS_store file. Zen deletes all the other files in the album but can't finish because it can't delete the .DS_store file... at least on my server. Here's the error:

    gallery-zp-core-admin.php?page=edit&action=deletealbum&album=08-16-2007

    Warning: rmdir(/home/username/public_html/gallery/albums/08-16-2007/) [function.rmdir]: Directory not empty in /home/username/public_html/gallery/zp-core/class-album.php on line 791

    Warning: Cannot modify header information - headers already sent by (output started at /home/username/public_html/gallery/zp-core/class-album.php:791) in /home/username/public_html/gallery/zp-core/admin.php on line 323

    ***After deleting the .DS_store file via FTP, then going back to Zen admin and deleting the album again, it then works.

    This is zenphoto version 1.1.5 [1507]

    More info on this here:

    http://www.macosxhints.com/article.php?story=2005070300463515
  • acrylian Administrator, Developer
    Makes sense. I didn't try that, even if my test environment is MAMP on a Mac. I simply avoid having any invisible files and especially this .ds_store files in the albums.
  • djdevine Member
    There will be other Mac users who may not discover this though. Any reason ZP cannot be made to delete the .ds_store files too, and therefore the entire directory, since the user HAS confirmed he wants it killed?
  • sbillard Member
    Zenphoto will attempt to delete all files in the albums folder. However, if your file system does not return hidden files from a `glob()` call, it will fail to get rid of these files.
  • djdevine Member
    I can see issues with Mac users posting photos to folders. Then there wil be .DS_store files in the albums again. Let's say the admin is a Mac user and has even gone through the step of running `defaults write com.apple.desktopservices DSDontWriteNetworkStores true` on his OS to keep the .DS_store files off the server. Then some other mac user posts a few photos and .DS_store files are back in the folder. When the admin goes to delete the album, it fails again.

    Gotta be some way around this.
  • macalter Member
    I'm a Mac user and use FTP to upload. I just ignore uploading the .DS file in any local folder containing it. When I do the nightly build update too there's a .DS file at the root folder, I just ignore the file. (My FTP pref is set to show the invisible files). Guess I'm wondering how it is getting uploaded to your site.
  • acrylian Administrator, Developer
    That can happen if you upload a .zip-file generated on Mac for example or if you just upload complete folders, but of course not with single images.

    djdevine: Don't you think that a admin capable of `defaults write com.apple.desktopservices DSDontWriteNetworkStores true` will hopefully get the idea to look for .DS_store files if the delete procedure failure happens?..:-)
  • djdevine Member
    Yes, you are right.

    It wasn't an admin uploading that I was concerned about, it was a user.... BUT I had overlooked what you said about single images, and lumped all scenarios together. Whoops. Maybe a include tech note somewhere for Mac admins to make sure they don't upload DS_store files or albums won't get deleted? Onward...
  • acrylian Administrator, Developer
    I have added it to our troubleshooting FAQs: http://www.zenphoto.org/2007/12/troubleshooting-zenphoto/#18
  • Beej126 Member
    See my post on hiding dot files here: http://www.zenphoto.org/support/topic.php?id=4483
Sign In or Register to comment.