search

jperezmedina / timthumb

Automatically exported from code.google.com/p/timthumb
0 stars 0 forks source link

Remote host for own domain not allowed #246

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. visiting the website on http://10and5.com shows all the images are not 
working
2. Direct linking to one of the image URLS: 
http://10and5.com/wp-content/themes/manifesto/scripts/timthumb.php?src=http://10
and5.com/wp-content/uploads/2011/08/Screen-shot-2011-08-23-at-10.15.10-AM.png&h=
120&w=160&zc=1 displays the error on the files.

What is the expected output? What do you see instead?
It should output the images for those file calls. The images display as broken 
links on the main website.

What version of the product are you using? On what operating system?
Using the latest version of Wordpress and 1.19 of Timthumb. Theme I'm using is 
Manifesto.

Please provide any additional information below.
This was working perfectly fine until yesterday, then somehow it stopped 
working this morning when we uploaded new posts. All the folder permissions are 
set correctly (755). It seems to be an issue where the software is not picking 
up the domain to be used - it thinks the domain is blank.
I have also changed the setting to TRUE in define ('ALLOW_EXTERNAL', false);     
(have since changed this back).
This gives the following error:

error reading file 
/wp-content/uploads/2011/08/Screen-shot-2011-08-23-at-10.15.10-AM.png from 
remote host: <url> malformed
Query String : 
src=http://10and5.com/wp-content/uploads/2011/08/Screen-shot-2011-08-23-at-10.15
.10-AM.png&h=120&w=160&zc=1
TimThumb version : 1.19

Any ideas?

Original issue reported on code.google.com by unodew...@gmail.com on 24 Aug 2011 at 3:47

GoogleCodeExporter commented 8 years ago 
There is a security flaw in old versions of TimThumb. Please update your file 
to the latest version

Original comment by BinaryMoon on 24 Aug 2011 at 8:24