phpthumbnailssystem-administrationphpthumb

Any way to run the latest version of phpThumb with escapeshellarg disabled?


My web hosting account recently got hacked through a phpThumb exploit so I had to upgrade it to the last version.

Unfortunatelly I can't run this last version because my web hosting doesn't have escapeshellarg() enabled.

I asked the sysadmin to enable it but he only enabled it on my main website and those associated with addon domains still don't function (he told me to move those websites to my server's root instead of /public_html/ so he could add individual exceptions for each domain but he failed at it - can't he simply enable the function for the whole hosting account? I don't get it).

Anyway, I was wondering if there's a way to run the last version of phpThumb without resorting to escapeshellarg() or if there's any alternative to phpThumb that doesn't require it at all.

Thanks!


Solution

  • if there's any alternative to phpThumb that doesn't require it at all.

    Try taking a look at Imagine, it's an Image manipulation library for PHP 5.3 inspired by Python's PIL and other image libraries.

    It has drivers for GD, Imagick, and GMagick. It should provide most of the functionality phpThumb offers and does not require shell access.

    Here's a nice presentation and supporting documentation.

    Good luck,

    Anthony.