Timthumb has security exploit issues?

4
I've heard of programmers saying they do not use Timthumb ("A small php script for cropping, zooming, and resizing web images (jpg, png, gif). safety.

Does anyone know how to recommend another library or script that I have already used so that I can replace them on my site?

Does Timthumb really have this problem? If so, why?

    
asked by anonymous 04.02.2016 / 14:36

1 answer

2

The problem usually related to Timthumb is that you can open external urls. In case, opening an external url, it could open a path to a malicious script, for example.

One way to fix this would be to set Timthumb by changing the value of the constant WEBSHOT_ENABLED to false .

So:

define('WEBSHOT_ENABLED', false)

I currently use Timthumb , but I've been seriously thinking about changing its usage, due to the reported security errors and the fact that it's also a seemingly old code. In the latter case, as the systems I work on are all with php in the most up-to-date versions, I'd rather avoid using libraries with old patterns and encodings.

One of the libraries that can optionally be used is Gregwar\Image .

    
04.02.2016 / 14:46