Closed GoogleCodeExporter closed 9 years ago
It's a GIF image which says "No Hotlinking" (in red)
Original comment by neopheus
on 18 Aug 2011 at 10:16
I've added a comment to the script explaining the purpose of the base64 string
so that people know it's intentional
Original comment by BinaryMoon
on 18 Aug 2011 at 4:46
Great. Thanks
Original comment by smashing...@gmail.com
on 21 Aug 2011 at 1:04
Shouldn't use base64 for this. WordPress theme directory will not accept any
themes with ANY base64. I don't see any reason a simple "no hotlinking" image
needs to be encoded anyway.
Original comment by joemerci...@gmail.com
on 19 Sep 2011 at 1:24
do we know BinaryMoon isn't the malware creator?
Original comment by talldark...@gmail.com
on 16 Oct 2011 at 7:01
joemerci: All binary data has to be encoded in a source file.
talldark: This isn't malware.
The gripe about WordPress theme dir not accepting base64 encoded data seems
legitimate. timthumb should be usable by all themes. So perhaps we should yank
this feature. Thoughts Ben? Can someone else verify this claim re WP not
accepting base64 data in themes?
Original comment by mmaun...@gmail.com
on 16 Oct 2011 at 9:48
Yeah - the WordPress theme directory doesn't allow anything base64 encoded
I would go for an optional file called xxxx.png in the timthumb directory. It
would be used if available and removed if not? What do you think?
Original comment by BinaryMoon
on 17 Oct 2011 at 8:42
Hello, All.
This code below is the same thing?
}
if(BLOCK_EXTERNAL_LEECHERS && array_key_exists('HTTP_REFERER', $_SERVER) && (! preg_match('/^https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i', $_SERVER['HTTP_REFERER']))){
$imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YUZ\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");
header('Content-Type: image/gif');
header('Content-Length: ' . sizeof($imgData));
header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
header("Pragma: no-cache");
header('Expires: ' . gmdate ('D, d M Y H:i:s', time()));
echo $imgData;
return false;
exit(0);
}
Thanks for answer.
Original comment by eduardo....@corp.tehospedo.com.br
on 11 Nov 2011 at 10:12
I know this thread is slightly dated, but for the record, I succesfully
uploaded "OptimizerPress" theme for WordPress which included the quoted base64
code by Originating Poster "smashing..." (see top post). And WP 3.4.1 accepted
it, so apparently the current version of WP DOES allow base64 encoding. Here's
a snippet of text from the "timthumb.php" file included with OptimizerPress:
"if(BLOCK_EXTERNAL_LEECHERS && array_key_exists('HTTP_REFERER', $_SERVER) && (!
preg_match('/^https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i',
$_SERVER['HTTP_REFERER']))){
// base64 encoded red image that says 'no hotlinkers'
// nothing to worry about! :)
$imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YUZ\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");
header('Content-Type: image/gif');
header('Content-Length: ' . sizeof($imgData));"
- Deraillor
Original comment by jchy...@gmail.com
on 24 Aug 2012 at 1:18
Original issue reported on code.google.com by
smashing...@gmail.com
on 18 Aug 2011 at 10:06