Upgraded Timthumbs not displaying images: Could not find the internal image you specified.

Oct 31st, 2011 | By | Category: Linux / Freebsd, Technology

Alright, this was a 2 hour ride of fun and joy at 4 in the morning that I would have rather not gone through but hopefully I can offer a little help to those( and I know there are plenty out there) underground the same hell.

So as you know timthumb had an awesome exploit in it that allowed my entire server to be compromised prompting a complete upgrade server-wide which I blogged about at length(http://blog.netflowdevelopments.com/2011/10/13/timthumb-exploit-causing-plethora-of-sites-to-redirect-to-russia/).  Well almost as awesome as timthumb being full of bullshit security holes before the upgrade is it not working at all after the upgrade because of the error message mentioned in the title.

This was made even more awesome when I went to referenced url of the image in question and saw that it loaded fine.  Cooooollll!

So I went into the timthumb.php file and found this line

define (‘DEBUG_ON’, false);

and turned it into this

define (‘DEBUG_ON’, true);

 

and then found this:

define (‘DEBUG_LEVEL’, 1);

and turned it into this

define (‘DEBUG_LEVEL’, 3);

 

This exposed a whole new level of insanity with the following nonsensical errors

[Mon Oct 31 01:02:37 2011] [error] [client 127.0.0.1] TimThumb Debug line 1076 [0.000327 : 0.000198] Doc root is: /path/to/domain
[Mon Oct 31 01:02:37 2011] [error] [client 127.0.0.1] TimThumb Debug line 1076 [0.000327 : 0.000198] Found file as /path/to/domain/wp-content/uploads/2009/11/ComfortInn1.jpg
[Mon Oct 31 01:02:37 2011] [error] [client 127.0.0.1] TimThumb Debug line 1076 [0.001643 : 0.000392]: Security block: The file specified occurs outside the document root.

W-T-F?!?!?! it’s telling me that a file which lies within my specific Doc root is simulataneously outside my Doc root and being blocked?!?  It was this point that I had to focus really hard against the urges of bashing my head in with the nearest blunt object I could find.

What I ended up doing was going through the script looking for that specific error message and lucky for me there are 3 of them, so I changed the wording of them so that instead of reading Security Block… they read Security Block1… and then Security Block 2… etc etc for each instance of it so I could narrow down where this madness was stemming from, which resulting in the following results:

[Mon Oct 31 02:10:58 2011] [error] [client 127.0.0.1] TimThumb Debug line 1076 [0.000792 : 0.000643]: Is a request for an internal file: /wp-content/uploads/2009/11/ComfortInn1.jpg

[Mon Oct 31 02:10:58 2011] [error] [client 127.0.0.1] TimThumb Debug line 1076 [0.001497 : 0.000697]: Security block1: The file specified occurs outside the document root.

[Mon Oct 31 02:10:58 2011] [error] [client 127.0.0.1] TimThumb Debug line 1076 [0.002205 : 0.000691]: Security block3: The file specified occurs outside the document root.

 

After that I went back to instance #1 and #3 and just removed the if statements that were clearly causing some shit to mess up and forcing them to not check what they were checking and just to do what they would do if the checks came back positive instead of the false negatives that they were receiving.

    foreach ($sub_directories as $sub){
                        $base .= $sub . '/';
                        $this->debug(3, "Trying file as: " . $base . $src);
                        if(file_exists($base . $src)){
                                $this->debug(3, "Found file as: " . $base . $src);
                                $real = realpath($base . $src);
                                          return $real;
                if(file_exists ($this->docRoot . '/' . $src)) {
                        $this->debug(3, "Found file as " . $this->docRoot . '/' . $src);
                        $real = realpath($this->docRoot . '/' . $src);
                        if(stripos($real, $this->docRoot) === 1){
                                return $real;
                        } else {
                                $this->debug(1, "Security block: The file specified occurs outside the document root.");
}
to this
                if(file_exists ($this->docRoot . '/' . $src)) {
                        $this->debug(3, "Found file as " . $this->docRoot . '/' . $src);
                        $real = realpath($this->docRoot . '/' . $src);
                                return $real;
and then I changed this (851):
 foreach ($sub_directories as $sub){
                        $base .= $sub . '/';
                        $this->debug(3, "Trying file as: " . $base . $src);
                        if(file_exists($base . $src)){
                                $this->debug(3, "Found file as: " . $base . $src);
                                $real = realpath($base . $src);
                                if(stripos($real, $this->docRoot) === 0){
                                        return $real;
                                } else {
                                        $this->debug(1, "Security block3: The file specified occurs outside the document root.");
                                        //And continue search
                                }
to this
    foreach ($sub_directories as $sub){
                        $base .= $sub . '/';
                        $this->debug(3, "Trying file as: " . $base . $src);
                        if(file_exists($base . $src)){
                                $this->debug(3, "Found file as: " . $base . $src);
                                $real = realpath($base . $src);
                                          return $real;

Much to my great shock it actually worked and the images load fine.. Now I’m sure those if statements are checking for something important so I CLAIM NO LIABILITY FOR ANYTHING THAT FUCKS UP BECAUSE OF THIS but it fixed my problem and I’m not seeing any ill effects so

!YAY!

http://blog.netflowdevelopments.com/wp-admin/post.php?post=702&action=edit

Tags: , , , , , , ,

9 Comments to “Upgraded Timthumbs not displaying images: Could not find the internal image you specified.”

  1. Frank says:

    Using WordPress MU enabled remember: (image-) files stored under wp-content/blogs.dir/{blog_id}

    Changing (843) $base .= $sub . ‘/'; to
    $base .= $sub . ‘/wp-content/blogs.dir/{blog_id}/';

    fixes this problem (you might define this as var in the settings)

  2. Farshad Ali says:

    My website’s fucked up ’cause of you! :(

  3. Farshad Ali says:

    Jokes.. thanks so much :D

  4. admin says:

    had me worried there for a minute :)

  5. bianwenbo says:

    @Frank , thanks a lot!~ I fix it.

  6. André Miani says:

    Thanks its help me to fix a theme!

  7. Yonathan says:

    People look really pleased by your solution but today’s Timthumb script looks different and the replacement to apply doesn’t seem to apply,
    wish this post would be updated,
    anyway thanks for other who did found it Useful
    People like you is what makes the internet so awesome
    Yonathan

  8. Mike Lewis says:

    Can you tell me where your log file is located? I am having issues with timthumb not displaying images at all and have enabled debug logging but I can’t find where the log file is located. I am running IIS7.5

    Thanks

  9. admin says:

    Oh dear, this is strictly from linux/unix experience.

Leave a Comment