Viewing 15 replies - 1 through 15 (of 34 total)
  • I’m working with another Woo Theme – Headlines – and the same thing just happened. Replacing the theme-options.php file with the original did the trick.

    Plugin Author Peter Butler

    (@peterebutler)

    Hey Guys –

    I’ve had a number of people report this, but I haven’t been able to make it happen.

    is there any chance you could email me copies of the themes that it’s throwing false positives on to [email protected]? That would be a huuge help for me.

    Thanks!

    Plugin Author Peter Butler

    (@peterebutler)

    Mason was kind enough to send me the file in question – Version 1.3 (which is now showing up on the download page) should prevent this problem from happening.

    THanks Mason!

    Thread Starter masonjames

    (@masonjames)

    My pleasure Peter. Thanks for your contribution to the WordPress community ??

    Hi Peter,

    I’m emailing you one now for the WooTheme – continuum that caused the site to look goofy after upgrading with your plugin.

    i am getting this error while trying to fix vulnerable timthumb files:

    Warning: Cannot modify header information – headers already sent by (output started at D:\Hosting\4793881\html\wp-admin\menu-header.php:97) in D:\Hosting\4793881\html\wp-content\plugins\timthumb-vulnerability-scanner\cg-tvs-filescanner.php on line 410
    A TimThumb error has occured
    The following error(s) occured:
    No image specified
    Query String : page=cg-timthumb-scanner
    TimThumb version : 2.8

    WP has been updated to 3.2.1, object to 1.7.1 and framework to 4.5.3.
    any idea on what’s up?
    thanks!
    [a]

    Plugin Author Peter Butler

    (@peterebutler)

    @aghelfi

    Can you check which version of the scanner plugin you’re using? It should be on the plugins page. This happened occasionally with version 1.0 and 1.1, but it was (hopefully) fixed with version 1.3.

    Also – can you access the front end of your site after you get that error message?

    @peter

    Version 1.3

    i can access the front end but the thumbnail images are not loading on homepage and archive pages.

    if you have a woo account, i also posted in their forum (pasted below)
    https://www.woothemes.com/support-forum/?viewtopic=53666

    I am having a problem with a WP/object website.

    WP has been updated to 3.2.1, object to 1.7.1 and framework to 4.5.3.

    Timthumb is not working on the homepage and in the archive pages.

    I installed the Timthumb Vulnerability Scanner plugin and can see 2 vulnerable timthumb files in older theme directories but can’t fix them due to an error:
    Warning: Cannot modify header information – headers already sent by (output started at D:Hosting’93881htmlwp-adminmenu-header.php:97) in D:Hosting’93881htmlwp-contentplugins imthumb-vulnerability-scannercg-tvs-filescanner.php on line 410
    A TimThumb error has occured
    The following error(s) occured:
    No image specified
    Query String : page=cg-timthumb-scanner
    TimThumb version : 2.8
    i unchecked the Dynamic Image Resizer in the object panel, so right now the images on homepage are stretched.
    if i reactivate it, the thumbnail aren’t been displayed and bring a “bad request”, as seen here: https://www.laboutique-galerie.com/wp-content/themes/ObjectLaBoutique/functions/thumb.php?src=wp-content/uploads/2011/09/CSTM01-680×1024.jpg&w=220&h=220&zc=1&q=100

    the website is https://www.laboutique-galerie.com

    any idea on how to make sure timthumb is working?

    @peter

    Opening a broken image to another tab gives me that URL:

    https://www.laboutique-galerie.com/wp-content/themes/object/functions/thumb.php?src=wp-content/uploads/2011/09/CSTM01-680×1024.jpg&w=220&h=220&zc=1&q=100

    I don’t see a ref to the cache folder so i don’t think it is a permission issue.

    any idea?
    [a]

    Plugin Author Peter Butler

    (@peterebutler)

    Aghelfi, I’m starting to wonder if this is something your host has done to lock down timthumb vulnerabilities. Have you checked the permissions on the thumb.php file?

    Can you try placing a fresh copy of timthumb (https://timthumb.googlecode.com/svn/trunk/timthumb.php) somewhere on the server, and then loading up that url to see if you still ge the “Bad Request” error?

    @peter
    yes it is possible. That server is on GoDaddy.

    i placed a fresh copy of timthumb here
    https://laboutique-galerie.com/timthumb.php

    i am still getting a bad request there, if that’s what you wanted me to do.

    If i try to CHMOD using Fetch the freshly uploaded Timthumb, i get this:

    SITE CHMOD 666 timthumb.php
    500 ‘SITE CHMOD 666 timthumb.php’: command not understood
    ftp_cmd/ftp_user: 2,-30000 (state == SETTING_PERMS)

    would that make you wonder even more?
    [a]

    Plugin Author Peter Butler

    (@peterebutler)

    Hm. Very strange. Can you try naming the file something else (like tester.php or something) and trying it? If it is being locked down by godaddy, I’m just wondering if they’re automatically doing it based on filename or something.

    Fyi i installed a fresh WP/Wootheme/wooframework in a sub folder on the same server and i am getting the same result…

    https://laboutique-galerie.com/2012/

    Plugin Author Peter Butler

    (@peterebutler)

    It’s got to be something to do with your server – I’m just not really sure what could be causing the problem. I’d be surprised if it’s godaddy blocking it at this point – blocking files with the same content but different names seems a little intrusive for a host.

    Hah – I just did a quick google and found you on stackoverflow – I was just about to point you at that thread…

    As somebody else in that thread pointed out – maybe it’s something to do with PHP GD (php’s graphics library)?

    Looks like this is some code to check if GD is installed:

    <?php
    if (extension_loaded('gd') && function_exists('gd_info')) {
        echo "It looks like GD is installed";
    }
    ?>

    I havent tested it myself, but it looks good. Maybe give that a go?

Viewing 15 replies - 1 through 15 (of 34 total)
  • The topic ‘[Plugin: Timthumb Vulnerability Scanner] False positive in WooThemes Canvas theme-options.php’ is closed to new replies.