crnr / timthumb

Automatically exported from code.google.com/p/timthumb
0 stars 0 forks source link

Image calls from host domain no longer working in 2.8.9 #352

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
In version 2.8.8 of timthumb you could have a URL like:

http://domain.com/thumb.php?src=http://domain.com/image.jpg&h=320&w=570&zc=1

However, when updating to 2.8.9 this no longer works. You either have to use a 
URL like:

http://domain.com/thumb.php?src=image.jpg&h=320&w=570&zc=1

or you have to add your domain to the whitelist. Was this an intended update?

Original issue reported on code.google.com by k...@zippykid.com on 7 Mar 2012 at 1:58

GoogleCodeExporter commented 8 years ago
I guess code could be added to auto-add your domain to the whitelist if youre 
using absolute URL's. 

Original comment by mmaun...@gmail.com on 8 Mar 2012 at 7:31

GoogleCodeExporter commented 8 years ago
It looks like a line was removed that controls this:

if(! defined('FETCH_LOCAL_URLS') )          define ('FETCH_LOCAL_URLS', false); 

At least I think that's what was allowing it before... was that removed for 
security reasons?

--------------

As a side note (and maybe I'm doing this all wrong... completely possible), but 
it's been my experience that WordPress (where timthumb is in widespread use) 
tends to return the absolute URL for an image when it's asked for it. This is 
why we noticed the problem, and I'm guessing other people would as well.

If there's a good reason this ability was removed, that's fine, we can work 
with people to adjust their code as needed, and maybe it should be a shift in 
the way people do things, but if it was an oversite then we probably need a fix 
for it.

Original comment by k...@zippykid.com on 8 Mar 2012 at 7:37

GoogleCodeExporter commented 8 years ago
I removed the code by accident a couple of days ago. It's been added back, and 
so should work again now.

Original comment by BinaryMoon on 11 Mar 2012 at 4:38