[theme-reviewers] TimThumb

Chip Bennett chip at chipbennett.net
Tue Oct 12 20:04:35 UTC 2010


Absolutely. Let's throw out the call for public comment, on a proposed
Guideline revision to disallow TimThumb in favor of core Post Thumbnail
functionality!

It's entirely possible we're missing something. If not, then it will be good
to know the *other* arguments, as well.

Chip

On Tue, Oct 12, 2010 at 3:01 PM, Edward Caissie <edward.caissie at gmail.com>wrote:

> Perhaps the author(s)/developer(s) of timthumb should be asked what makes
> it so special verus the_post_thumbnail?
>
> As you wrote, there may be something we are missing on why it should be
> used ...
>
>
> Cais.
>
>
> On Tue, Oct 12, 2010 at 3:58 PM, Chip Bennett <chip at chipbennett.net>wrote:
>
>> Right - and the only thing that I can see that TimThumb does is expose
>> image filtering.
>>
>> 1) I'm not familiar with any Themes using TimThumb solely for image
>> filtering (though I concede that there must be some out there...)
>>
>> 2) The image filtering that TimThumb uses can be called directly from PHP<http://www.php.net/manual/en/function.imagefilter.php>
>> .
>>
>> So, unless someone can point out something that I'm missing, it looks like
>> there is no particular *need* for TimThumb.
>>
>> Chip
>>
>>
>> On Tue, Oct 12, 2010 at 2:55 PM, Edward Caissie <edward.caissie at gmail.com
>> > wrote:
>>
>>> IF timthumb is being used solely in the fashion that the_post_thumbnail()
>>> functionality can 100% manage then the_post_thumbnail() should be used in
>>> its place ... I can support that on the condition it is explained to the
>>> theme author how to do it.
>>>
>>> I am honestly not familiar enough with the workings of timthumb to know
>>> exactly how to replace it with the_post_thumbnail().
>>>
>>> Now, on the other hand, if a theme is using timthumb for post thumbnails
>>> due to a a unique application that the_post_thumbnail does not inherently
>>> handle then the_post_thumbnail() remains an optional use item.
>>>
>>> As to the concern @Anca is raising, I would imagine since
>>> the_post_thumbnail() is not using the 'fopen' function that it is addressing
>>> that particular issue.
>>>
>>>
>>> Cais.
>>>
>>>
>>> On Tue, Oct 12, 2010 at 3:43 PM, Chip Bennett <chip at chipbennett.net>wrote:
>>>
>>>> I disagree, entirely.
>>>>
>>>> The wording of the Guidelines is that use of Post Thumbnail feature is
>>>> not required, but that if Post Thumbnail feature is used, then
>>>> implementation of the core functionality is required.
>>>>
>>>> In other words: you don't have to incorporate Post Thumbnails into your
>>>> Theme - but if you do, you are REQUIRED to support the core functionality.
>>>>
>>>> Chip
>>>>
>>>>
>>>> On Tue, Oct 12, 2010 at 2:40 PM, Edward Caissie <
>>>> edward.caissie at gmail.com> wrote:
>>>>
>>>>> When the timthumb issue arose at the end of August I put forward to all
>>>>> the theme authors affected to consider using post_thumbnail() core
>>>>> functionality as an alternative, but since post_thumbnail() usage is still
>>>>> only recommended, theme authors are well within their designer's perogative
>>>>> using timthumb, especially if they are making use of its unique functions.
>>>>>
>>>>>
>>>>> Cais.
>>>>>
>>>>>
>>>>> On Tue, Oct 12, 2010 at 3:30 PM, Chip Bennett <chip at chipbennett.net>wrote:
>>>>>
>>>>>> So, here's all I can really determine that TimThumb offers, that can't
>>>>>> be accomplished through use of core Post Thumbnails functionality: image
>>>>>> filters <http://www.binarymoon.co.uk/2010/08/timthumb-image-filters/>
>>>>>> .
>>>>>>
>>>>>> I can see image filtering being useful for Theme designs.
>>>>>>
>>>>>> But, should we be checking to ensure that Themes aren't just using
>>>>>> TimThumb to make thumbnails (which should be done using the core Post
>>>>>> Thumbnail functionality)?
>>>>>>
>>>>>> Chip
>>>>>>
>>>>>> On Tue, Oct 12, 2010 at 2:19 PM, Chip Bennett <chip at chipbennett.net>wrote:
>>>>>>
>>>>>>> I'm completely unfamiliar with TimThumb. What is it, and what does it
>>>>>>> do?
>>>>>>>
>>>>>>> It looks to me like it's just an image thumbnailer/resizer - which is
>>>>>>> exactly what core Post Thumbnails does.
>>>>>>>
>>>>>>> So, should we even be allowing new Themes to be using TimThumb? Does
>>>>>>> it do something that can't be accomplished with the core functionality?
>>>>>>>
>>>>>>> Chip
>>>>>>>
>>>>>>>  On Tue, Oct 12, 2010 at 2:00 PM, Gene Robinson <emhr at submersible.me
>>>>>>> > wrote:
>>>>>>>
>>>>>>>>  I don't use tim-thumb but two themes I just reviewed were using
>>>>>>>> it. I'll have to go back and look into them regarding this. The tickets
>>>>>>>> were: Sriwijaya <http://themes.trac.wordpress.org/ticket/1333>
>>>>>>>>   and Syailendra <http://themes.trac.wordpress.org/ticket/1428>. Also
>>>>>>>> could someone look at my final comment on Syailendra<http://themes.trac.wordpress.org/query?keywords=%7Etheme-syailendra> as
>>>>>>>> I am unsure if Chris is cc'd on this ticket by simply commenting.
>>>>>>>>
>>>>>>>> You are welcome to assign me another theme if you like. When is
>>>>>>>> training complete or is there a milestone to reach?
>>>>>>>>
>>>>>>>> -Gene(emhr)
>>>>>>>>
>>>>>>>> On Oct 12, 2010, at 2:25 PM, Edward Caissie wrote:
>>>>>>>>
>>>>>>>> @Gene -
>>>>>>>>
>>>>>>>> Around the end of August several themes were noted to be using an
>>>>>>>> older version of timthumb that had a potentiall security issue associated
>>>>>>>> with the code as it was written. The timbthumb script itself was corrected
>>>>>>>> before then but there were still older versions in use on some repository
>>>>>>>> themes.
>>>>>>>>
>>>>>>>> If you are using timthumb you can get the current version here if
>>>>>>>> need be: http://code.google.com/p/timthumb/
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> theme-reviewers mailing list
>>>>>>>> theme-reviewers at lists.wordpress.org
>>>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> theme-reviewers mailing list
>>>>>> theme-reviewers at lists.wordpress.org
>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> theme-reviewers mailing list
>>>>> theme-reviewers at lists.wordpress.org
>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> theme-reviewers mailing list
>>>> theme-reviewers at lists.wordpress.org
>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>
>>>>
>>>
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20101012/edb6bd1d/attachment.htm>


More information about the theme-reviewers mailing list