I’m working with another Woo Theme – Headlines – and the same thing just happened. Replacing the theme-options.php file with the original did the trick.
Hey Guys –
I’ve had a number of people report this, but I haven’t been able to make it happen.
is there any chance you could email me copies of the themes that it’s throwing false positives on to peter@codegarage.com? That would be a huuge help for me.
Thanks!
Mason was kind enough to send me the file in question – Version 1.3 (which is now showing up on the download page) should prevent this problem from happening.
THanks Mason!
My pleasure Peter. Thanks for your contribution to the WordPress community 🙂
Hi Peter,
I’m emailing you one now for the WooTheme – continuum that caused the site to look goofy after upgrading with your plugin.
i am getting this error while trying to fix vulnerable timthumb files:
Warning: Cannot modify header information – headers already sent by (output started at D:\Hosting\4793881\html\wp-admin\menu-header.php:97) in D:\Hosting\4793881\html\wp-content\plugins\timthumb-vulnerability-scanner\cg-tvs-filescanner.php on line 410
A TimThumb error has occured
The following error(s) occured:
No image specified
Query String : page=cg-timthumb-scanner
TimThumb version : 2.8
WP has been updated to 3.2.1, object to 1.7.1 and framework to 4.5.3.
any idea on what’s up?
thanks!
[a]
@aghelfi –
Can you check which version of the scanner plugin you’re using? It should be on the plugins page. This happened occasionally with version 1.0 and 1.1, but it was (hopefully) fixed with version 1.3.
Also – can you access the front end of your site after you get that error message?
@peter
Version 1.3
i can access the front end but the thumbnail images are not loading on homepage and archive pages.
if you have a woo account, i also posted in their forum (pasted below)
http://www.woothemes.com/support-forum/?viewtopic=53666
I am having a problem with a WP/object website.
WP has been updated to 3.2.1, object to 1.7.1 and framework to 4.5.3.
Timthumb is not working on the homepage and in the archive pages.
I installed the Timthumb Vulnerability Scanner plugin and can see 2 vulnerable timthumb files in older theme directories but can’t fix them due to an error:
Warning: Cannot modify header information – headers already sent by (output started at D:Hosting’93881htmlwp-adminmenu-header.php:97) in D:Hosting’93881htmlwp-contentplugins imthumb-vulnerability-scannercg-tvs-filescanner.php on line 410
A TimThumb error has occured
The following error(s) occured:
No image specified
Query String : page=cg-timthumb-scanner
TimThumb version : 2.8
i unchecked the Dynamic Image Resizer in the object panel, so right now the images on homepage are stretched.
if i reactivate it, the thumbnail aren’t been displayed and bring a “bad request”, as seen here: http://www.laboutique-galerie.com/wp-content/themes/ObjectLaBoutique/functions/thumb.php?src=wp-content/uploads/2011/09/CSTM01-680×1024.jpg&w=220&h=220&zc=1&q=100
the website is http://www.laboutique-galerie.com
any idea on how to make sure timthumb is working?
Aghelfi, I’m starting to wonder if this is something your host has done to lock down timthumb vulnerabilities. Have you checked the permissions on the thumb.php file?
Can you try placing a fresh copy of timthumb (http://timthumb.googlecode.com/svn/trunk/timthumb.php) somewhere on the server, and then loading up that url to see if you still ge the “Bad Request” error?
@peter
yes it is possible. That server is on GoDaddy.
i placed a fresh copy of timthumb here
http://laboutique-galerie.com/timthumb.php
i am still getting a bad request there, if that’s what you wanted me to do.
If i try to CHMOD using Fetch the freshly uploaded Timthumb, i get this:
SITE CHMOD 666 timthumb.php
500 ‘SITE CHMOD 666 timthumb.php’: command not understood
ftp_cmd/ftp_user: 2,-30000 (state == SETTING_PERMS)
would that make you wonder even more?
[a]
Hm. Very strange. Can you try naming the file something else (like tester.php or something) and trying it? If it is being locked down by godaddy, I’m just wondering if they’re automatically doing it based on filename or something.
Fyi i installed a fresh WP/Wootheme/wooframework in a sub folder on the same server and i am getting the same result…
http://laboutique-galerie.com/2012/
It’s got to be something to do with your server – I’m just not really sure what could be causing the problem. I’d be surprised if it’s godaddy blocking it at this point – blocking files with the same content but different names seems a little intrusive for a host.
Hah – I just did a quick google and found you on stackoverflow – I was just about to point you at that thread…
As somebody else in that thread pointed out – maybe it’s something to do with PHP GD (php’s graphics library)?
Looks like this is some code to check if GD is installed:
<?php
if (extension_loaded('gd') && function_exists('gd_info')) {
echo "It looks like GD is installed";
}
?>
I havent tested it myself, but it looks good. Maybe give that a go?