How to fix a possible vulnerability issue with Tim Thumb

Thanks to mobile devices like my iPhone and iPad I received a message in my holidays concerning a vulnarability issue with the TimThumb image resizer script that is used in my themes. Check this blog post for more information.

Due to the fact that I´m on a holiday trip I cannot update my themes in short term so I provide this little workaround to you.  Either you open the file timthumb.php which is normally located in the /lib/scripts or /tools/scripts subfolder of PRiNZ themes (depending on the version you have) and look for this line

$allowedSites = array(
'flickr.com',
'picasa.com',
'blogger.com',
'wordpress.com',
'img.youtube.com',
);

remove the entries in the array so it looks like this instead

$allowedSites = array();

This should fix the issue. You can also download a newer version of TimThumb here and replace the whole old file with it. This is untested by me but it should work. Always make a backup of your old files before you change something. I guess it also makes sense not to use TimThumb in your themes options and use the WordPress own post thumbnail function for the image handling. I will update all my themes when I´m back from my vacation.

Download the new TimThumb version here

YouTube aktivieren?

Auf dieser Seite gibt es mind. ein YouTube Video. Cookies für diese Website wurden abgelehnt. Dadurch können keine YouTube Videos mehr angezeigt werden, weil YouTube ohne Cookies und Tracking Mechanismen nicht funktioniert. Willst du YouTube dennoch freischalten?