Support » Plugins and Hacks » Shortcodes Ultimate » [Resolved] [Plugin: Shortcodes Ultimate] Make timthumb optional

[Resolved] [Plugin: Shortcodes Ultimate] Make timthumb optional

  • Great plugin My first request is in regards to timthumb.

    I’ve been able to patch the code to not use timthumb and the results are pretty clean. I think timthumb should be optional and the following strategy should be used instead in images.php:

    $src = wp_get_attachment_image_src(get_post_thumbnail_id($attachment->ID), array($width,$height) );

    $thumbnail = $src[0]

    This works well for me since my theme has a lot of different thumbnail sizes registered. The result is a lot less resources being used and better security.

    Also in the Google Maps shortcode is there a way to support passing in a manual name for the address?




Viewing 4 replies - 1 through 4 (of 4 total)
  • I agree – I’ve been just manually disabling the timthumb.php every time I upgrade this plugin because a couple of my sites have been hacked through timthumb.

    It would be super-nice if timthumb weren’t in the mix with this plugin.

    Plugin Author Vladimir Anokhin


    Unfortunately, I don’t have this in the plans.

    At this moment gmap shortcode already supports manual adresses. Hope I understand you correctly.

    I’m sorry to hear that.

    Because my sites and my client’s sites were hacked by a trojan through Timthumb, I’ve been manually deleting the timthumb.php file in your excellent plugin:

    Zero Day Vulnerability in many WordPress Themes

    (Specifically check out the text below the heading “Full post:” about halfway down the story.)

    I thought removing all external sites would fix the problem but that did not. The hacker(s) were manually linking to the timthumb.php file and uploading php files to a cache folder. Then they accessed that file and opened my server up for exploit, loading encrypted base 64 code somewhat randomly throughout.

    It’s a bit of a pain in the neck to remember to delete the file – especially easy to forget when upgrading. One night I installed your plugin on a fresh site and forgot to delete timthumb.php. The next day, was getting a screen similar to this when navigating to the basically empty/twentyeleven site install:


    So, I will continue to be diligent about deleting timthumb.php.


    Please could you post your images.php to pastebin and post the link?


Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Resolved] [Plugin: Shortcodes Ultimate] Make timthumb optional’ is closed to new replies.
Skip to toolbar