Support

Admin Tools

#38886 PhpThumb today !

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4,3
PHP version
8
Admin Tools version
very last one

Latest post by Chabi01 on Friday, 21 April 2023 02:28 CDT

Wednesday, 19 April 2023 10:04 CDT

Chabi01

Hi !

I saw this thread in the support board : https://www.akeeba.com/support/admin-tools/11560-phpthumbphp-needs-protect-against-common-file-injection-attacksoff.html

This is from 2012, and Phpthumb is quite secured today (used with Flexicontent)

My question is quite simple : as Georges (Main Dev from Flexicontent) write about Phpthumb and the fact it is secured in J4 + Flexicontent 4, How to allow phpthumb in the backend of the site ?

 

If I generate an htacces with AdminTools, I have no more thumbnails in the backend.

If i rename the htacces to deactivate it, I get the thumbnails back.

My question is then : how to keep a good level of protection (not deactivating the protection against file inclusion for example) but getting a working thumbnail in backend ?

 

Best,

Xavier

Wednesday, 19 April 2023 12:13 CDT

nicholas

You will just have to add an exception for this specific file, exactly as described in https://www.akeeba.com/documentation/admin-tools-joomla/server-protection.html#determine-required-exceptions

In other words, you will need to add the path of the TimThumb PHP file, relative to your site's root, in the “Allow direct access to these files” in .htaccess Maker and regenerate the .htaccess file.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 21 April 2023 02:28 CDT

Chabi01

Hi Nicholas,

I'm going to try and will come back :)

For the record, I did not see your answer (did not have notification you answered me :), this is why I see it just now.

 

Thanks for your support Nicholas :)

Best,

Xavier

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!