4
I’ve heard programmers say they don’t use Timthumb ("A small php script for cutting, zooming and resizing web images (jpg, png, gif). Perfect for use in blogs and other applications") for security exploit issues.
Can anyone recommend me another library or script I’ve used so I can replace it on my website?
Does Timthumb really have this problem? if yes why?
2
The problem generally related to Timthumb is the fact that it can open external urls. In this case, opening an external url, it could open a path to a malicious script, for example.
One way to fix this would be to set up the Timthumb , by changing the value of the constant WEBSHOT_ENABLED for false.
Thus:
define('WEBSHOT_ENABLED', false)
Currently I use the Timthumb, but I have seriously considered changing its use, due to reported security errors and the fact that it is also a seemingly old code. In the latter case, as the systems I work on are all php-enabled in more up-to-date versions, I prefer to avoid using libraries with older defaults and encodings.
One of the libraries that can be used optionally is Gregwar\Image.
Browser other questions tagged php
You are not signed in. Login or sign up in order to post.
One of the programmers who say this is me, right. If you do a brief Google search, you will see that it’s true Timthumb Webshot Code Execution Exploit (Zeroday)
– Wallace Maxters
Github - Imagine The best I know, easy to use, agil. and my option B: Easy PHP Tumbnail
– Guilherme Lima