User Avatar
[resolved] Heads Up - BulletProof Security Blocks custom avatars (1 post)

  1. AITpro
    Posted 3 years ago #

    This is just a heads up to let you know that BPS blocks custom avatar images. I did testing and standard avatar images display fine. The URL simulates an RFI hacking attempt so BPS blocks the URL.

    This skip/bypass .htaccess rule resolves the issue:

    Edit your root .htaccess file with the BPS built-in editor, find the timthumb htaccess code and add the user-avatar-pic.php file to the image thumbnailer (timthumb) skip/bypass rule.

    # TimThumb Forbid RFI By Host Name But Allow Internal Requests
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F,L]
    RewriteCond %{REQUEST_URI} (user-avatar-pic\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    RewriteRule . - [S=1]


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • User Avatar
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic