A Simple TimThumb Fix

If you have any sites running the TimThumb script (and if you care about security) you probably had a few to update this week.

I had a couple of older sites using TimThumb, and there was this one site that I figured would not be as easy to update. Why? The hosting company had disabled PHP’s read file function, which broke TimThumb. So in order to get TimThumb to work initially, I had to use a workaround that swapped out that function.

This hack would not work with the newest version of TimThumb, but I did find an easy to change configuration option that made everything “just work”.

If you’re in a similar boat you could test this out. Change this:

define ('FILE_CACHE_DIRECTORY', './cache');

to this:

define ('FILE_CACHE_DIRECTORY', ''); 

The inline documentation explains that leaving this blank will allow the script to use the system temporary directory.

Of course, Your Mileage May Vary here. Backup before you do anything. If you’re in over your head, there are lots of places to get help.

06. August 2011 by joshfeck
Categories: Tutorials | Comments Off on A Simple TimThumb Fix