You probably heard of the TimThumb Zero Day Vulnerability by now and unfortunately (or fortunately) only 2 of my themes (HackerWP and Celebrity Gossip) uses the TimThumb script for generating thumbnails. The fix is pretty easy.
1. Go to your theme cache directory (e.g /wp-content/themes/hackerwp/cache) and delete all files except index.htm
2. Download the latest version of timthumb.php and replace the file on your server at /wp-content/themes/hackerwp/timthumb.php
3. Optional: If you wish to grab image files from all external sites. Open timthumb.php, look for
$allowedSites = array (
'flickr.com',
'picasa.com',
'img.youtube.com',
);
and replace with
$allowedSites = array (
'*',
);
Browse and Share
» Subscribe to Feed» Leave a Comment
Related Posts:
» Theme Authors: Make Your Theme Work in Both WP 2.0 and 2.1
» Themes and Plugins Compatibility on WP 2.9
» Testing of Plugins and Themes on WP 2.2
» Newer Post: WP Theme: Aeon
« Previous Post: WP Theme: Daily Deal – Groupon Clone
I suppose we can also do a $allowedSites = array (”);
or not?
Try and let us know.
I’m looking to purchase One News 3.0 — But I’m wondering if you’re still providing support/updates to this theme? Or is it an abandoned project?
Only basic support for installation issues is provided and updates are more or less stable as of now.