GoogleCodeExporter
commented
8 years ago It's a GIF image which says "No Hotlinking" (in red)Original comment by neopheus on 18 Aug 2011 at 10:16
Closed GoogleCodeExporter closed 8 years ago
GoogleCodeExporter
commented
8 years ago It's a GIF image which says "No Hotlinking" (in red)Original comment by neopheus on 18 Aug 2011 at 10:16
GoogleCodeExporter
commented
8 years ago I've added a comment to the script explaining the purpose of the base64 string
so that people know it's intentionalOriginal comment by BinaryMoon on 18 Aug 2011 at 4:46
GoogleCodeExporter
commented
8 years ago Great. ThanksOriginal comment by smashing...@gmail.com on 21 Aug 2011 at 1:04
GoogleCodeExporter
commented
8 years ago Shouldn't use base64 for this. WordPress theme directory will not accept any
themes with ANY base64. I don't see any reason a simple "no hotlinking" image
needs to be encoded anyway.Original comment by joemerci...@gmail.com on 19 Sep 2011 at 1:24
GoogleCodeExporter
commented
8 years ago do we know BinaryMoon isn't the malware creator?Original comment by talldark...@gmail.com on 16 Oct 2011 at 7:01
GoogleCodeExporter
commented
8 years ago joemerci: All binary data has to be encoded in a source file.
talldark: This isn't malware.
The gripe about WordPress theme dir not accepting base64 encoded data seems
legitimate. timthumb should be usable by all themes. So perhaps we should yank
this feature. Thoughts Ben? Can someone else verify this claim re WP not
accepting base64 data in themes?Original comment by mmaun...@gmail.com on 16 Oct 2011 at 9:48
GoogleCodeExporter
commented
8 years ago Yeah - the WordPress theme directory doesn't allow anything base64 encoded
I would go for an optional file called xxxx.png in the timthumb directory. It
would be used if available and removed if not? What do you think?Original comment by BinaryMoon on 17 Oct 2011 at 8:42
GoogleCodeExporter
commented
8 years ago Hello, All.
This code below is the same thing?
}
if(BLOCK_EXTERNAL_LEECHERS && array_key_exists('HTTP_REFERER', $_SERVER) && (! preg_match('/^https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i', $_SERVER['HTTP_REFERER']))){
$imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YUZ\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");
header('Content-Type: image/gif');
header('Content-Length: ' . sizeof($imgData));
header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
header("Pragma: no-cache");
header('Expires: ' . gmdate ('D, d M Y H:i:s', time()));
echo $imgData;
return false;
exit(0);
}
Thanks for answer.Original comment by eduardo....@corp.tehospedo.com.br on 11 Nov 2011 at 10:12
GoogleCodeExporter
commented
8 years ago I know this thread is slightly dated, but for the record, I succesfully
uploaded "OptimizerPress" theme for WordPress which included the quoted base64
code by Originating Poster "smashing..." (see top post). And WP 3.4.1 accepted
it, so apparently the current version of WP DOES allow base64 encoding. Here's
a snippet of text from the "timthumb.php" file included with OptimizerPress:
"if(BLOCK_EXTERNAL_LEECHERS && array_key_exists('HTTP_REFERER', $_SERVER) && (!
preg_match('/^https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i',
$_SERVER['HTTP_REFERER']))){
// base64 encoded red image that says 'no hotlinkers'
// nothing to worry about! :)
$imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YUZ\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");
header('Content-Type: image/gif');
header('Content-Length: ' . sizeof($imgData));"
- DeraillorOriginal comment by jchy...@gmail.com on 24 Aug 2012 at 1:18
Original issue reported on code.google.com by
smashing...@gmail.comon 18 Aug 2011 at 10:06