739 posts
  • Power Elite Author: Sold more than $1M on Envato Market
  • Has been part of the Envato Community for over 3 years
  • Has sold $1M+ on Envato Market and is now a Power Elite Author
  • Made it to the Authors' Hall of Fame
+5 more
Dream-Theme says

Hey guys,

Recently my theme was rejected by [reviewers name removed] with [IMO] the most ridiculous reason: “Unfortunately we’re not approving themes that are using timthumb due to some security issues.”

I have couple of questions:

1) Since when usage of timthumb is restricted; and where is official notification (like one that was when twitter API changed)?

2) What are those “security issues”? As far as I know recent version of TimThumb is 100% safe.

3) Please confirm/refute (officially) that ALL themes with timthumb will be rejected.

Official reply from one of reviewers is very much appreciated. Thanks!

419 posts Code Is Poetry
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $500,000+ on Envato Market
  • Has been part of the Envato Community for over 5 years
  • Made it to the Authors' Hall of Fame
+8 more
gljivec says

Hi,

you are not alone. I was also rejected, but it was just a suggestion to replace TimThumb with wp functions for images. Every time I submit new file we are rejected for things that were ok 14 days ago. It would be nice if we know what we can use and what not.

93 posts
  • Elite Author: Sold more than $75,000 on Envato Market
  • Sells items exclusively on Envato Market
  • Has been part of the Envato Community for over 2 years
  • Located in Europe
+3 more
aligatorstudio says

@gljivec : it seems to me that, if TF make rules more clear, specific and detailed and make them publically displayed , they will have less discretionary space for themes rejection open more room to review and rejection criticism.
I used to look at the some of our rejection replies, and ask myself “Whaaaaat ?? Whyyyyyy ? What else do you neeeeeed ? Aaaaargh !”, when rejection reasons were, like, “if you don’t know, we won’t tell you ..” :)
I know, I know ….very frustrating.
Our latest, and not yet resolved rejection was explained with something like “too many similar items in category” . So frustrating … Especially, when after months of developing, changing, improving etc. you have no clue where to go ...
But, at least (not very comforting, though), the rejection text was not that generic – “doesn’t meet basic requirements …” etc….

1791 posts Don't Worry, Be Happy
  • Sells items exclusively on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
  • Located in United States
  • Made it to the Authors' Hall of Fame
+8 more
FinalDestiny says

timthumb was fixed months ago, just because it had a vulnerability and it became viral it doesn’t mean it’s bad. C’mon, it has its purpose. This is absurd!

3072 posts
  • Has referred 50+ members
  • Has sold $40,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Had an item featured on Envato Market
+5 more
wickedpixel says

So is there an official nice table with standards for wordpress and cms themes? Only those buggy plugins exist?

173 posts
  • Has been part of the Envato Community for over 2 years
  • Has sold $100+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
+1 more
kungfu-themes says

To be honest I don’t think the reason giving by the reviewer is a valid reason. Especially, since timthumb has been patched now, but the general consensus is there are far better alternatives out there which greatly outweight using timthumb.

Remember timthumb has known problems with hosting companies and permissions. Add to that the fact it doesn’t actually resize any pictures so the end user could be using images such as 5000×5000 pixels and be wondering why their site takes so long to load. This is a big problem.

I’m not quite sure what the de facto is nowadays, is it to use wordpress built in thumbnail function? Or even sym4ils aqua resizer?

I don’t know, but even nettuts has come up with a reasonable alternative:

http://net.tutsplus.com/tutorials/php/image-resizing-made-easy-with-php/

And I guess the only real advantage is that timthumb works on all existing images. If you are using an resizer script you may have to reupload all the other images in the wp-upload folder for it to be resized correctly.

But I think this is a small issue. All in all, I’m not sure why people still use timthumb these days.

Good luck.

4334 posts Community Mod Building awesome stuff for your mobile devices!
  • Has referred 100+ members
  • Has sold $125,000+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 1+ items on Envato Market
+14 more
Enabled Moderator says

Dream-Theme, as per forum rules, please do not call staff or reviewers on the forums!

I’ve edited your post.

739 posts
  • Power Elite Author: Sold more than $1M on Envato Market
  • Has been part of the Envato Community for over 3 years
  • Has sold $1M+ on Envato Market and is now a Power Elite Author
  • Made it to the Authors' Hall of Fame
+5 more
Dream-Theme says

Dream-Theme, as per forum rules, please do not call staff or reviewers on the forums! I’ve edited your post.

Thanks and sorry – didn’t know that. And didn’t mean to do any bad to anyone.

739 posts
  • Power Elite Author: Sold more than $1M on Envato Market
  • Has been part of the Envato Community for over 3 years
  • Has sold $1M+ on Envato Market and is now a Power Elite Author
  • Made it to the Authors' Hall of Fame
+5 more
Dream-Theme says

To be honest I don’t think the reason giving by the reviewer is a valid reason. Especially, since timthumb has been patched now, but the general consensus is there are far better alternatives out there which greatly outweight using timthumb.

Remember timthumb has known problems with hosting companies and permissions. Add to that the fact it doesn’t actually resize any pictures so the end user could be using images such as 5000×5000 pixels and be wondering why their site takes so long to load. This is a big problem.

I’m not quite sure what the de facto is nowadays, is it to use wordpress built in thumbnail function? Or even sym4ils aqua resizer?

I don’t know, but even nettuts has come up with a reasonable alternative:

http://net.tutsplus.com/tutorials/php/image-resizing-made-easy-with-php/

And I guess the only real advantage is that timthumb works on all existing images. If you are using an resizer script you may have to reupload all the other images in the wp-upload folder for it to be resized correctly.

But I think this is a small issue. All in all, I’m not sure why people still use timthumb these days.

Good luck.

Hey,

I’m believe you are wrong: TimThumb is the best image resizing software available for free on web (don’t forget that even guys from Woo are still using it – they know stuff about security!). And script form nettuts is not safer that TimThumb, less functional, etc. If you don’t believe me, please take a closer look at newest version of TT (especially how it handles security, image caching and optimizes performance) before writing that I am the one who is wrong :) Thanks!

Moreover in this thread I do not want (and will not) discus which script is better. I’m only trying get the official response: are we, all authors, prohibited to use TimThumb? And if yes – why; which exactly are those security issues mentioned by one of reviewers?

Also I believe that I’m not the only author who would like to clerify this question.

2485 posts Premium Scripts, Plugins and Themes
  • Has been part of the Envato Community for over 7 years
  • Has referred 200+ members
  • Has sold $125,000+ on Envato Market
  • Has been a beta tester for an Envato feature
+6 more
LucidStudios says


To be honest I don’t think the reason giving by the reviewer is a valid reason. Especially, since timthumb has been patched now, but the general consensus is there are far better alternatives out there which greatly outweight using timthumb.

Remember timthumb has known problems with hosting companies and permissions. Add to that the fact it doesn’t actually resize any pictures so the end user could be using images such as 5000×5000 pixels and be wondering why their site takes so long to load. This is a big problem.

I’m not quite sure what the de facto is nowadays, is it to use wordpress built in thumbnail function? Or even sym4ils aqua resizer?

I don’t know, but even nettuts has come up with a reasonable alternative:

http://net.tutsplus.com/tutorials/php/image-resizing-made-easy-with-php/

And I guess the only real advantage is that timthumb works on all existing images. If you are using an resizer script you may have to reupload all the other images in the wp-upload folder for it to be resized correctly.

But I think this is a small issue. All in all, I’m not sure why people still use timthumb these days.

Good luck.

Hey,

I’m believe you are wrong: TimThumb is the best image resizing software available for free on web (don’t forget that even guys from Woo are still using it – they know stuff about security!). And script form nettuts is not safer that TimThumb, less functional, etc. If you don’t believe me, please take a closer look at newest version of TT (especially how it handles security, image caching and optimizes performance) before writing that I am the one who is wrong :) Thanks!

Moreover in this thread I do not want (and will not) discus which script is better. I’m only trying get the official response: are we, all authors, prohibited to use TimThumb? And if yes – why; which exactly are those security issues mentioned by one of reviewers?

Also I believe that I’m not the only author who would like to clerify this question.

If they have rejected your theme for using timthumb then definitely this is a new change in reviewing policy and will apply to every author just like so many other policy changes happening recently e.g. now they require authors to use comment_form instead of writing custom comments form markup.

I understand your frustration and I believe changes like this in any kind of rules concerning reviewing should be announced either on forums or in the dashboard because without prior announce we authors loose a lot of time.

by
by
by
by
by
by