August 27, 2011 at 3:28 am #5619
Just received a message from my web host about timthumb.php vulnerability. Is there something that Habitat users need to do to patch or update our sites? I am a definite newbie when it comes to messing with the base code, btw.August 29, 2011 at 10:54 am #51116
are you running the latest version of the theme? Kriesi released a timthumb update just a few days ago. The update can be downloaded on themeforest.August 29, 2011 at 4:48 pm #51117
I purchased in May 2011; I think I’m running version 1.1.1. To update, do I just download the ‘current’ theme from Themeforest and replace the theme on WordPress? Will I have to rebuild the site again?August 29, 2011 at 9:35 pm #51118
When you download the updated version there’s a version.rtf file which tells you what has been updated so you can replace the files in question. However, you can just replace the entire theme without your settings being lost since they’re stored in the database.. which remains untouched.August 30, 2011 at 3:02 am #51119August 31, 2011 at 8:57 pm #51120September 1, 2011 at 3:56 am #51121
Well, for the time-being then, I guess this is an issue for me to figure out with Themeforest, because I don’t see any option on that site to download an ‘update.’ My only options appear to be downloading the old theme or purchasing the theme. There is no ‘update’ indicated anywhere…Can you verify that there is, in fact, an update there?
When I figure this first step out, I’ll come back. Thanks.September 1, 2011 at 4:11 am #51122
BTW, when I download the ‘previously purchased,’ theme, the files are identical to what I purchased in May…including the .rtf file. So it looks like maybe it hasn’t been updated recently?September 2, 2011 at 12:43 pm #51123
sorry about that – I must have mislooked at the dates of all the recently updated files. Recently a timthumb vulnerability has come up and it has been patched, it seems it wasn’t for habitat. I’ll mail Kriesi about the fix.
Again exuse me for the delay/misinformation.September 3, 2011 at 8:16 am #51124
Hey! Habitat no longer uses the timthumb script, it instead relies on the natural wordpress resizing. I would suggest to simply delete it from the theme folder. I will release an update for the themes that dont rely on it but have a copy of the file in the theme folder next week ;)September 26, 2011 at 2:21 pm #51125
hej guys, just to let you know. the timthumb.php is still in the theme version on themeforest and it is definitly the old and hacked version last updated on 17th of march 2011 – before the fix. please update asap.September 26, 2011 at 8:28 pm #51126October 24, 2011 at 9:32 pm #51127
Our site has recently been hacked. Can I confirm with you that I can simply delete the timthumb.php file and this wont break anything? I am using Display and Newscast.
Thanks!October 25, 2011 at 7:08 am #51128
The topic ‘Timthumb Vulnerability on Habitat’ is closed to new replies.