Shortcodes Ultimate
[resolved] Make timthumb optional (5 posts)

  1. vadaprime
    Posted 3 years ago #

    Great plugin My first request is in regards to timthumb.

    I've been able to patch the code to not use timthumb and the results are pretty clean. I think timthumb should be optional and the following strategy should be used instead in images.php:

    $src = wp_get_attachment_image_src(get_post_thumbnail_id($attachment->ID), array($width,$height) );

    $thumbnail = $src[0]

    This works well for me since my theme has a lot of different thumbnail sizes registered. The result is a lot less resources being used and better security.

    Also in the Google Maps shortcode is there a way to support passing in a manual name for the address?




  2. jeeni
    Posted 3 years ago #

    I agree - I've been just manually disabling the timthumb.php every time I upgrade this plugin because a couple of my sites have been hacked through timthumb.

    It would be super-nice if timthumb weren't in the mix with this plugin.

  3. Vladimir Anokhin
    Plugin Author

    Posted 3 years ago #

    Unfortunately, I don't have this in the plans.

    At this moment gmap shortcode already supports manual adresses. Hope I understand you correctly.

  4. jeeni
    Posted 3 years ago #

    I'm sorry to hear that.

    Because my sites and my client's sites were hacked by a trojan through Timthumb, I've been manually deleting the timthumb.php file in your excellent plugin:


    (Specifically check out the text below the heading "Full post:" about halfway down the story.)


    I thought removing all external sites would fix the problem but that did not. The hacker(s) were manually linking to the timthumb.php file and uploading php files to a cache folder. Then they accessed that file and opened my server up for exploit, loading encrypted base 64 code somewhat randomly throughout.

    It's a bit of a pain in the neck to remember to delete the file - especially easy to forget when upgrading. One night I installed your plugin on a fresh site and forgot to delete timthumb.php. The next day, was getting a screen similar to this when navigating to the basically empty/twentyeleven site install:


    So, I will continue to be diligent about deleting timthumb.php.

  5. momofone
    Posted 3 years ago #


    Please could you post your images.php to pastebin and post the link?


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Shortcodes Ultimate
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic