Does anyone know how to recommend another library or script that I have already used so that I can replace them on my site?
Does Timthumb really have this problem? If so, why?
Does anyone know how to recommend another library or script that I have already used so that I can replace them on my site?
Does Timthumb really have this problem? If so, why?
The problem usually related to Timthumb
is that you can open external urls. In case, opening an external url, it could open a path to a malicious script, for example.
One way to fix this would be to set Timthumb
by changing the value of the constant WEBSHOT_ENABLED
to false
.
So:
define('WEBSHOT_ENABLED', false)
I currently use Timthumb
, but I've been seriously thinking about changing its usage, due to the reported security errors and the fact that it's also a seemingly old code. In the latter case, as the systems I work on are all with php in the most up-to-date versions, I'd rather avoid using libraries with old patterns and encodings.
One of the libraries that can optionally be used is Gregwar\Image
.