Mega Menu PRO by PrestaHero ETS v2.6.5 - June 2025

[niko2008]

Thanks for sharing this module, will try it

 

[osm145]

that is wonderfull I think this is super

 

[dave82]

thank you very much module!!!!!!!!!!!

 

[DJCar2004]

looking for this, many thanks friend

 

[upgreydd]

Security Scan Report — ets_megamenu v2.6.5 (PrestaShop)​

Package hash (ZIP, SHA-256): 1ec91ceee38b17f985a2dc10ca1f971f04282a20dc5bac51498c342864751659
Contents scanned: 102 files total

• PHP: 54 files
• Smarty TPL: 19 files
• JS: 4 files
• CSS: 18 files
• Images/other: 7 files

Method​

Static analysis of the provided ZIP archive. I searched for:

• Known web-shell signatures (e.g., c99/r57/WSO/FilesMan/b374k strings).
• High-risk PHP functions and obfuscation patterns: eval, assert, system, shell_exec, exec, passthru, popen, proc_open, fsockopen, curl_init, dynamic include/require, preg_replace with /e, base64_decode + gzinflate/gzuncompress/rot13, long base64-looking payloads, hex-escaped strings, and variable-function invocations used in suspicious ways.
• Direct external calls (e.g., file_get_contents('http://...')).
• Upload handlers and file-write operations.

Key Findings​

No web shells detected.
No obfuscated payloads detected. (no eval, assert, base64_decode, gzinflate, /e modifier, etc.)
No dynamic includes based on user input.
No OS-command execution functions found (system, shell_exec, exec, passthru, proc_open, popen): 0 hits.
No network fetch to arbitrary URLs. Only Google Fonts CSS is referenced.

Upload handling (expected for a menu module with images)​

• ets_megamenu/ets_megamenu.php lines ~404–418: image upload path uses:
  • getimagesize(...)
  • ImageManager::validateUpload(...)
  • move_uploaded_file(...) to a temp name in _PS_TMP_IMG_DIR_, then resized via ImageManager::resize(...).
• ets_megamenu/classes/Uploader.php:
  • Default save dir: _PS_UPLOAD_DIR_, normalized and validated.
  • Enforces allowed extensions via setAcceptTypes() and in_array(...) check.
  • Optional size checks via getMaxSize()/checkFileSize().
  • Writes via move_uploaded_file(...) (or php://input fallback) and verifies resulting size; removes the file if sizes differ.

These patterns are consistent with typical, safe PrestaShop upload flows.

File writes / generated CSS​

• ets_megamenu.php writes a cached stylesheet to views/css/cache.css (generated from configuration values). This is expected behavior for theme customization and does not execute PHP.

Defensive controls present​

• .htaccess inside the module denies execution of *.php within the module directory for Apache 2.2/2.4:
  

 

[thedarkarrow]

Can't thank you enough for this incredible mod.

 

[lucafranco74]

Grazie per la condivisione, spero nel supporto a lungo termine

 

[yuriaraujotx]

thank you very much module!!!!!!!!!!!

 

[chuelta049]

Thank You for a new version. I'l try it for prestashop 9.0

 

[tiiccPL]

Thanks for the share! Its very much appreciated.

 

[vidma]

Thank you very much for sharing this module.

 

[Danny1918]

I was looking for this everywhere. Thanks!