[theme-reviewers] TimThumb
Gene Robinson
emhr at submersible.me
Wed Oct 13 02:25:25 UTC 2010
I agree caching is plugin territory. I'm not a fan of Tim Thumb but I do wish the post thumbnail function could link to external urls. Related to the earlier discussion of a past Tim Thumb vulnerability. It would be great if common theme submission exploits and vulnerabilties could be documented somewhere.
-Gene
On Oct 12, 2010, at 5:28 PM, Chip Bennett wrote:
> Fair enough - but should a *Theme* (as opposed to a *Plugin* - by definition, not dependent upon a given Theme) be controlling a site's CDN/caching?
>
> On Tue, Oct 12, 2010 at 3:34 PM, Gene Robinson <emhr at submersible.me> wrote:
> Not every use case involves image leeching. What about Amazon S3 linking? That is one very large reason for having an external post thumbnail capability.
>
> Gene
>
> On Oct 12, 2010, at 4:16 PM, Chip Bennett wrote:
>
> > External image as Post Thumbnail? Hotlinking images = bad. :)
> >
> > It's true: the core Post Thumbnail functionality requires the image to exist in the WordPress database.
> >
> > What's the use-case for needing external images as Post Thumbnails?
> >
> > (And doesn't that require PHP to have allow_url_fopen() enabled? That's not usually the default setting, is it?)
> >
> > Chip
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20101012/101aa17c/attachment.htm>
More information about the theme-reviewers
mailing list