Does anyone know how to recommend another library or script that I have already used so that I can replace them on my site?
Does Timthumb really have this problem? If so, why?
Timthumb has security exploit issues?
4
I've heard of programmers saying they do not use Timthumb ("A small php script for cropping, zooming, and resizing web images (jpg, png, gif). safety.
asked by anonymous 04.02.2016 / 14:36
1 answer
2
The problem usually related to Timthumb is that you can open external urls. In case, opening an external url, it could open a path to a malicious script, for example.
One way to fix this would be to set Timthumb by changing the value of the constant WEBSHOT_ENABLED to false .
So:
define('WEBSHOT_ENABLED', false)
I currently use Timthumb , but I've been seriously thinking about changing its usage, due to the reported security errors and the fact that it's also a seemingly old code. In the latter case, as the systems I work on are all with php in the most up-to-date versions, I'd rather avoid using libraries with old patterns and encodings.
One of the libraries that can optionally be used is Gregwar\Image .
04.02.2016 / 14:46