[Plugin: User Avatar] Heads Up – BulletProof Security Blocks custom avatars
-
This is just a heads up to let you know that BPS blocks custom avatar images. I did testing and standard avatar images display fine. The URL simulates an RFI hacking attempt so BPS blocks the URL.
This skip/bypass .htaccess rule resolves the issue:
Edit your root .htaccess file with the BPS built-in editor, find the timthumb htaccess code and add the user-avatar-pic.php file to the image thumbnailer (timthumb) skip/bypass rule.
# TimThumb Forbid RFI By Host Name But Allow Internal Requests RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR] RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC] RewriteRule .* index.php [F,L] RewriteCond %{REQUEST_URI} (user-avatar-pic\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC] RewriteRule . - [S=1]
- The topic ‘[Plugin: User Avatar] Heads Up – BulletProof Security Blocks custom avatars’ is closed to new replies.
