648 posts
  • Power Elite Author
  • Power Elite Author: Sold between 1 000 000 - 1 999 999 dollars
  • Has been a member for 3-4 years
  • Author had a File in an Envato Bundle
  • Exclusive Author
  • Referred between 500 and 999 users
  • Bought between 10 and 49 items
Dream-Theme says

Hey guys,

Recently my theme was rejected by [reviewers name removed] with [IMO] the most ridiculous reason: “Unfortunately we’re not approving themes that are using timthumb due to some security issues.”

I have couple of questions:

1) Since when usage of timthumb is restricted; and where is official notification (like one that was when twitter API changed)?

2) What are those “security issues”? As far as I know recent version of TimThumb is 100% safe.

3) Please confirm/refute (officially) that ALL themes with timthumb will be rejected.

Official reply from one of reviewers is very much appreciated. Thanks!

405 posts Code Is Poetry
  • Elite Author
  • Sold between 250 000 and 1 000 000 dollars
  • Has been a member for 5-6 years
  • Interviewed on the Envato Notes blog
  • Author had a File in an Envato Bundle
  • Europe
  • Author had a Free File of the Month
  • Bought between 10 and 49 items
+3 more
gljivec says

Hi,

you are not alone. I was also rejected, but it was just a suggestion to replace TimThumb with wp functions for images. Every time I submit new file we are rejected for things that were ok 14 days ago. It would be nice if we know what we can use and what not.

93 posts
  • Elite Author
  • Europe
  • Sold between 50 000 and 100 000 dollars
  • Has been a member for 2-3 years
  • Exclusive Author
  • Bought between 1 and 9 items
  • Referred between 1 and 9 users
aligatorstudio says

@gljivec : it seems to me that, if TF make rules more clear, specific and detailed and make them publically displayed , they will have less discretionary space for themes rejection open more room to review and rejection criticism.
I used to look at the some of our rejection replies, and ask myself “Whaaaaat ?? Whyyyyyy ? What else do you neeeeeed ? Aaaaargh !”, when rejection reasons were, like, “if you don’t know, we won’t tell you ..” :)
I know, I know ….very frustrating.
Our latest, and not yet resolved rejection was explained with something like “too many similar items in category” . So frustrating … Especially, when after months of developing, changing, improving etc. you have no clue where to go ...
But, at least (not very comforting, though), the rejection text was not that generic – “doesn’t meet basic requirements …” etc….

1719 posts Don't Worry, Be Happy
  • Beta Tester
  • Grew a moustache for the Envato Movember competition
  • Elite Author
  • United States
  • Sold between 250 000 and 1 000 000 dollars
  • Has been a member for 3-4 years
  • Referred between 200 and 499 users
  • Most Wanted Bounty Winner
+2 more
FinalDestiny says

timthumb was fixed months ago, just because it had a vulnerability and it became viral it doesn’t mean it’s bad. C’mon, it has its purpose. This is absurd!

3069 posts
  • Has been a member for 6-7 years
  • Won a Competition
  • Sold between 50 000 and 100 000 dollars
  • Bought between 10 and 49 items
  • Referred between 50 and 99 users
  • Exclusive Author
  • Romania
wickedpixel says

So is there an official nice table with standards for wordpress and cms themes? Only those buggy plugins exist?

173 posts
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 2-3 years
  • Sold between 100 and 1 000 dollars
  • United Kingdom
kungfu-themes says

To be honest I don’t think the reason giving by the reviewer is a valid reason. Especially, since timthumb has been patched now, but the general consensus is there are far better alternatives out there which greatly outweight using timthumb.

Remember timthumb has known problems with hosting companies and permissions. Add to that the fact it doesn’t actually resize any pictures so the end user could be using images such as 5000×5000 pixels and be wondering why their site takes so long to load. This is a big problem.

I’m not quite sure what the de facto is nowadays, is it to use wordpress built in thumbnail function? Or even sym4ils aqua resizer?

I don’t know, but even nettuts has come up with a reasonable alternative:

http://net.tutsplus.com/tutorials/php/image-resizing-made-easy-with-php/

And I guess the only real advantage is that timthumb works on all existing images. If you are using an resizer script you may have to reupload all the other images in the wp-upload folder for it to be resized correctly.

But I think this is a small issue. All in all, I’m not sure why people still use timthumb these days.

Good luck.

4146 posts Community Mod Building awesome stuff for your mobile devices!
  • Community Moderator
  • Elite Author
  • Sold between 100 000 and 250 000 dollars
  • Interviewed on the Envato Notes blog
  • Author had a Free File of the Month
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Contributed a Tutorial to a Tuts+ Site
  • Won a Competition
+9 more
Enabled Volunteer moderator says

Dream-Theme, as per forum rules, please do not call staff or reviewers on the forums!

I’ve edited your post.

648 posts
  • Power Elite Author
  • Power Elite Author: Sold between 1 000 000 - 1 999 999 dollars
  • Has been a member for 3-4 years
  • Author had a File in an Envato Bundle
  • Exclusive Author
  • Referred between 500 and 999 users
  • Bought between 10 and 49 items
Dream-Theme says

Dream-Theme, as per forum rules, please do not call staff or reviewers on the forums! I’ve edited your post.

Thanks and sorry – didn’t know that. And didn’t mean to do any bad to anyone.

648 posts
  • Power Elite Author
  • Power Elite Author: Sold between 1 000 000 - 1 999 999 dollars
  • Has been a member for 3-4 years
  • Author had a File in an Envato Bundle
  • Exclusive Author
  • Referred between 500 and 999 users
  • Bought between 10 and 49 items
Dream-Theme says

To be honest I don’t think the reason giving by the reviewer is a valid reason. Especially, since timthumb has been patched now, but the general consensus is there are far better alternatives out there which greatly outweight using timthumb.

Remember timthumb has known problems with hosting companies and permissions. Add to that the fact it doesn’t actually resize any pictures so the end user could be using images such as 5000×5000 pixels and be wondering why their site takes so long to load. This is a big problem.

I’m not quite sure what the de facto is nowadays, is it to use wordpress built in thumbnail function? Or even sym4ils aqua resizer?

I don’t know, but even nettuts has come up with a reasonable alternative:

http://net.tutsplus.com/tutorials/php/image-resizing-made-easy-with-php/

And I guess the only real advantage is that timthumb works on all existing images. If you are using an resizer script you may have to reupload all the other images in the wp-upload folder for it to be resized correctly.

But I think this is a small issue. All in all, I’m not sure why people still use timthumb these days.

Good luck.

Hey,

I’m believe you are wrong: TimThumb is the best image resizing software available for free on web (don’t forget that even guys from Woo are still using it – they know stuff about security!). And script form nettuts is not safer that TimThumb, less functional, etc. If you don’t believe me, please take a closer look at newest version of TT (especially how it handles security, image caching and optimizes performance) before writing that I am the one who is wrong :) Thanks!

Moreover in this thread I do not want (and will not) discus which script is better. I’m only trying get the official response: are we, all authors, prohibited to use TimThumb? And if yes – why; which exactly are those security issues mentioned by one of reviewers?

Also I believe that I’m not the only author who would like to clerify this question.

2485 posts Premium Scripts, Plugins and Themes
  • Bought between 10 and 49 items
  • Elite Author
  • Envato Studio (Microlancer) Beta Tester
  • Exclusive Author
  • Has been a member for 7-8 years
  • Interviewed on the Envato Notes blog
  • Referred between 200 and 499 users
+1 more
LucidStudios says


To be honest I don’t think the reason giving by the reviewer is a valid reason. Especially, since timthumb has been patched now, but the general consensus is there are far better alternatives out there which greatly outweight using timthumb.

Remember timthumb has known problems with hosting companies and permissions. Add to that the fact it doesn’t actually resize any pictures so the end user could be using images such as 5000×5000 pixels and be wondering why their site takes so long to load. This is a big problem.

I’m not quite sure what the de facto is nowadays, is it to use wordpress built in thumbnail function? Or even sym4ils aqua resizer?

I don’t know, but even nettuts has come up with a reasonable alternative:

http://net.tutsplus.com/tutorials/php/image-resizing-made-easy-with-php/

And I guess the only real advantage is that timthumb works on all existing images. If you are using an resizer script you may have to reupload all the other images in the wp-upload folder for it to be resized correctly.

But I think this is a small issue. All in all, I’m not sure why people still use timthumb these days.

Good luck.

Hey,

I’m believe you are wrong: TimThumb is the best image resizing software available for free on web (don’t forget that even guys from Woo are still using it – they know stuff about security!). And script form nettuts is not safer that TimThumb, less functional, etc. If you don’t believe me, please take a closer look at newest version of TT (especially how it handles security, image caching and optimizes performance) before writing that I am the one who is wrong :) Thanks!

Moreover in this thread I do not want (and will not) discus which script is better. I’m only trying get the official response: are we, all authors, prohibited to use TimThumb? And if yes – why; which exactly are those security issues mentioned by one of reviewers?

Also I believe that I’m not the only author who would like to clerify this question.

If they have rejected your theme for using timthumb then definitely this is a new change in reviewing policy and will apply to every author just like so many other policy changes happening recently e.g. now they require authors to use comment_form instead of writing custom comments form markup.

I understand your frustration and I believe changes like this in any kind of rules concerning reviewing should be announced either on forums or in the dashboard because without prior announce we authors loose a lot of time.

by
by
by
by
by
by