no-timthumb

How to fix a possible vulnerability issue with Tim Thumb

Thanks to mobile devices like my iPhone and iPad I received a message in my holidays concerning a vulnarability issue with the TimThumb image resizer script that is used in my themes. Check this blog post for more information.

Due to the fact that I´m on a holiday trip I cannot update my themes in short term so I provide this little workaround to you.  Either you open the file timthumb.php which is normally located in the /lib/scripts or /tools/scripts subfolder of PRiNZ themes (depending on the version you have) and look for this line

$allowedSites = array(
'flickr.com',
'picasa.com',
'blogger.com',
'wordpress.com',
'img.youtube.com',
);

remove the entries in the array so it looks like this instead

$allowedSites = array();

This should fix the issue. You can also download a newer version of TimThumb here and replace the whole old file with it. This is untested by me but it should work. Always make a backup of your old files before you change something. I guess it also makes sense not to use TimThumb in your themes options and use the WordPress own post thumbnail function for the image handling. I will update all my themes when I´m back from my vacation.

Download the new TimThumb version here