Is this an exploit in Post Thumb Revisited?

  • powerkor

    (@powerkor)


    15 years, 3 months ago

    /***********************************************************************************/

/* get_posts hack

/***********************************************************************************/

function pt_get_posts($args) {

	global $wpdb;

	$defaults = array(

		'showposts' => 5, 'offset' => 0,

		'cat' => '', 'orderby' => 'post_date',

		'order' => 'DESC', 'include' => '',

		'exclude' => '', 'meta_key' => '',

		'meta_value' =>'', 'post_type' => 'post',

		'post_status' => 'publish', 'post_parent' => 0

	);

	$r = wp_parse_args( $args, $defaults );

	extract( $r, EXTR_SKIP );

	$showposts = (int) $showposts;

	$ecat = explode(',', $cat);

	$ducky = (int) $ecat[0];

	if ($ducky < 0) $exclcat = 'NOT '; else $exclcat = '';

	$cat = implode(',',$ecat);

	$offset = (int) $offset;

	$post_parent = (int) $post_parent;

	$inclusions = '';

	if ( !empty($include) ) {

		$offset = 0;    //ignore offset, category, exclude, meta_key, and meta_value, post_parent if using include

		$cat = 0;

		$exclude = '';

		$meta_key = '';

		$meta_value = '';

		$post_parent = 0;

		$incposts = preg_split('/[\s,]+/',$include);

		$showposts = count($incposts);  // only the number of posts included

		if ( count($incposts) ) {

			foreach ( $incposts as $incpost ) {

				if (empty($inclusions))

					$inclusions = ' AND ( ID = ' . intval($incpost) . ' ';

				else

					$inclusions .= ' OR ID = ' . intval($incpost) . ' ';

			}

		}

	}

	if (!empty($inclusions))

		$inclusions .= ')';

	$exclusions = '';

	if ( !empty($exclude) ) {

		$exposts = preg_split('/[\s,]+/',$exclude);

		if ( count($exposts) ) {

			foreach ( $exposts as $expost ) {

				if (empty($exclusions))

					$exclusions = ' AND ( ID <> ' . intval($expost) . ' ';

				else

					$exclusions .= ' AND ID <> ' . intval($expost) . ' ';

			}

		}

	}

	if (!empty($exclusions))

		$exclusions .= ')';

	$query  = "SELECT DISTINCT * FROM $wpdb->posts ";

	$query .= empty( $cat ) ? '' : ", $wpdb->term_relationships, $wpdb->term_taxonomy  ";

	$query .= empty( $meta_key ) ? '' : ", $wpdb->postmeta ";

	$query .= " WHERE 1=1 ";

	$query .= empty( $post_type ) ? '' : "AND post_type = '$post_type' ";

	$query .= empty( $post_status ) ? '' : "AND post_status = '$post_status' ";

	$query .= "$exclusions $inclusions " ;

	$query .= empty( $cat ) ? '' : "AND ($wpdb->posts.ID = $wpdb->term_relationships.object_id AND $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id AND $wpdb->term_taxonomy.term_id ".$exclcat."IN (" . $cat. ") AND $wpdb->term_taxonomy.taxonomy = 'category') ";

	$query .= empty( $post_parent ) ? '' : "AND $wpdb->posts.post_parent = '$post_parent' ";

	$query .= !empty( $meta_key ) && !empty($meta_value)  ? " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )" : '';

	$query .= !empty( $meta_key ) && empty($meta_value)  ? " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key LIKE '$meta_key%' )" : '';

	$query .= " GROUP BY $wpdb->posts.ID ORDER BY " . $orderby . ' ' . $order;

	if ( 0 < $showposts )

		$query .= " LIMIT " . $offset . ',' . $showposts;

	$posts = $wpdb->get_results($query);

	update_post_caches($posts);

	return $posts;

}
Viewing 15 replies - 1 through 15 (of 18 total)
1 2
  • Thread Starter powerkor

    (@powerkor)

    15 years, 3 months ago

    bump

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    15 years, 3 months ago

    Bump what?

    Do you see something odd in that code…? Or are you just put off by the word “hack”…?

    Thread Starter powerkor

    (@powerkor)

    15 years, 3 months ago

    theres been talk of post-thumb not being safe. I was looking through the code to see if I could find it.

    if you go to the authors site, it has malicious code on the page, and firefox and chrome tells you about it.

    its also mentioned in the post-thumb plugins page on the right sidebar.
    http://wordpress.org/extend/plugins/alakhnors-post-thumb/

    its very concerning… please help πŸ™‚
    I cant find a good replacement for it.

    All I want to be able to do is to make thumbnails of images that are already in the post. So, I need a plugin that scans the post for the first image and make a thumbnail from it. and call it with the_thumb() or something similar in the loop.

    Boris

    (@travel-junkie)

    15 years, 3 months ago

    put this in your theme’s function.php. It will get the url of the first image in your post:

    // Get URL of first image in a post
	function catch_that_image() {
		$first_img = '';
		ob_start();
		the_content();
		$html = ob_get_contents();
		ob_end_clean();
		$output = preg_match_all('/<img.+src=[\'"]([^\'"]+)[\'"].*>/i', $html, $matches, PREG_SET_ORDER);
		$first_img = $matches [0] [1];
		if(empty($first_img)){
			$first_img = get_bloginfo('template_url').'/img/default.jpg';
		}
		return $first_img;
	}

    Then output it with something like this:

    <img src="<?php echo bloginfo('template_url'); ?>/scripts/timthumb.php?src=<?php
                    echo catch_that_image() ?>&w=200&h=150&zc=1&q=100" alt="<?php the_title(); ?>" width="200" height="150"  />

    In the example above you can see that the url has timthumb.php in it. It’s a brilliant script for resizing images. Just google for it.

    Thread Starter powerkor

    (@powerkor)

    15 years, 3 months ago

    Ive done it but it doesnt seem to be generating the images.

    i have followed the directions and I have php 5.0

    wanna help me out a bit?

    When I look at the source code of the image, it looks like its pointing to the script but its not working?

    This is the error code when I manually try to put the src=”” code in the url field in my browser

    Warning: touch() [function.touch]: Unable to create file ./cache/84b35545d46825812a4fb632e05c0492.gif because Permission denied in /home/content/e/w/i/ewiegand/html/inc/php/timthumb.php on line 150

    Warning: Cannot modify header information – headers already sent by (output started at /home/content/e/w/i/ewiegand/html/inc/php/timthumb.php:150) in /home/content/e/w/i/ewiegand/html/inc/php/timthumb.php on line 160

    i created the cache subdirectory in /php/ so its /php/cache/
    everything is 777’d

    not sure what else is wrong, help.

    Thread Starter powerkor

    (@powerkor)

    15 years, 3 months ago

    its giving me all kinds of problems. Its skipping over some images causing it to try to use remotely hosted ones. why? please help.

    Boris

    (@travel-junkie)

    15 years, 3 months ago

    Put it in your theme folder, that’s where I have it. Then read through the instructions on the timthumb homepage. The folder containing timthumb.php has to be 777 as well.

    Thread Starter powerkor

    (@powerkor)

    15 years, 3 months ago

    Yeah. its just not working. Ill try this again some other time… I cant afford for my site to be down for longer than an hour at most.

    westondeboer

    (@poil11)

    15 years, 2 months ago

    Hi does this not work with 2.7.1?

    Because it isn’t returning any results, it is just showing the default image.

    Any Help?

    westondeboer

    (@poil11)

    15 years, 2 months ago

    // Get URL of first image in a post
function catch_that_image() {
global $post, $posts;
		$first_img = '';
		ob_start();
		ob_end_clean();
		$output = preg_match_all('/<img.+src=[\'"]([^\'"]+)[\'"].*>/i', $post->post_content, $matches);
		$first_img = $matches [1] [0];
		if(empty($first_img)){
			$first_img = "/images/default.jpg";
		}
		return $first_img;
	}

    Works like a charm.

    Justin Tadlock

    (@greenshady)

    15 years, 2 months ago

    Or, you can use the Get the Image plugin, which does all the work for you.

    westondeboer

    (@poil11)

    15 years, 2 months ago

    why use a plugin when 10 lines of code can do it for me. Much easier, and uses much less computing to not use a plugin and use a direct function.

    Justin Tadlock

    (@greenshady)

    15 years, 2 months ago

    It was just a suggestion. You can either choose to use it or not. It’s really up to you.

    While it may be easier for you to create a function in your theme’s functions.php file, others prefer the use of plugins.

    nlex

    (@nlex)

    14 years, 11 months ago

    I would like, too, to avoid Post Thumb revisited in the future because it’s not more developed.

    I’m using it, not to generate the thumb (this, i don’t care, i prefer to do it by hand) but to display a list of thumbs instead of displaying a list of post, on my site. (i use wordpress as a portfolio site, not as a blog).

    Is there a way i can write a small function to do this ? Problem is i have never done any php and i know nothing about it… :/

    westondeboer

    (@poil11)

    14 years, 11 months ago

    http://wordpress.org/support/topic/246893?replies=3

Viewing 15 replies - 1 through 15 (of 18 total)
1 2
  • The topic ‘Is this an exploit in Post Thumb Revisited?’ is closed to new replies.