Two new system settings are required:
phpthumbsup.available_widths
phpthumbsup.available_heights
and added to the $config array. is_available_option checks for these, and if not matched in the request the image is not processed for that option.
Note on upgrade, this will prevent processing of images in a site with pre-existing install, but now that the exposed API vulnerability is brought to light it's a pretty important patch, IMHO.
Could wrap the whole thing in a condition that checks for values in those settings, or another setting to turn this functionality on/off...
**Also modified build script to add system settings
To mitigate DOS attack on exposed API, as described here: https://github.com/oo12/phpThumbOf/wiki/Thumb-War
Two new system settings are required: phpthumbsup.available_widths phpthumbsup.available_heights
and added to the $config array. is_available_option checks for these, and if not matched in the request the image is not processed for that option.
Note on upgrade, this will prevent processing of images in a site with pre-existing install, but now that the exposed API vulnerability is brought to light it's a pretty important patch, IMHO.
Could wrap the whole thing in a condition that checks for values in those settings, or another setting to turn this functionality on/off...
**Also modified build script to add system settings