TimThumb Configurations

As a TimThumb user, making changes to the settings has always been a bit of a pain. It’s possible, of course, but if you make changes – and then want to update the script – then you have to make all the changes again.

To try and combat this, one of the things we did when creating TimThumb 2.0 is introduce a config file. This is a file that you can add to the same directory as timthumb.php, and use it to override the built in settings.

The file should be called timthumb-config.php and would contain a series of defines that change the default settings. The file is a PHP file and so should contain PHP code – I will add a small example at the bottom of this page.

There are a whole bunch of settings that are not controlled by the normal query string parameters.

constant	values	What it does
DEBUG_ON	true/ false	Turn on debug logging to the standard PHP error log
DEBUG_LEVEL	1, 2, 3	Debug level 1 is less noisy and level 3 is the most noisy
MEMORY_LIMIT	30M	Set the PHP Memory Limit (30M = 30 Megabytes). Higher numbers means larger images can be resized, but also uses more server resources so may slow down your website
BLOCK_EXTERNAL_LEECHERS	true, fale	Stop external websites from linking to you and display ‘no linking’ image instead
ALLOW_EXTERNAL	true/ false	Allow images from external sites to be resized. Restricted to the images defined in the $allowed_sites array.
ALLOW_ALL_EXTERNAL_SITES	true/ false	Allow external images to be resized from ANY website. Note that this could be less secure!
FILE_CACHE_ENABLED	true/ false	Should we cache the files on disk to speed up your website? (hint: the answer is yes, unless you’re testing/ developing things! :))
FILE_CACHE_TIME_BETWEEN_CLEANS	86400 (milliseconds)	TimThumb automatically cleans up the cached files. This defines the amount of time between the different the cache cleaning.
FILE_CACHE_MAX_FILE_AGE	86400 (milliseconds)	How old should a file be before it’s cleaned?
FILE_CACHE_SUFFIX	.timthumb.txt	What to put at the end of all files in the cache directory so we can identify them easily
FILE_CACHE_PREFIX	timthumb	What to put at the start of the cache files so we can identify them easily
FILE_CACHE_DIRECTORY	./cache	the name of the image cache directory. Left blank it will use the system temporary directory (which is better for security, but is not supported by all web hosts)
MAX_FILE_SIZE	10485760	10 Megs is 10485760. This is the max internal or external file size that we’ll process
CURL_TIMEOUT	20	Timeout duration for Curl. This only applies if you have Curl installed and aren’t using PHP’s default URL fetching mechanism.
WAIT_BETWEEN_FETCH_ERRORS	20	Time to wait between errors fetching remote file.
BROWSER_CACHE_MAX_AGE	864000	Browser cache duration (to prevent images from being reloaded more than once – the higher the number the better).
BROWSER_CACHE_DISABLE	true/ false	Use for testing if you want to disable browser caching.
MAX_WIDTH	1500	Put a sensible limit of the width of the resized image (so that crazy large images can’t be created)
MAX_HEIGHT	1500	Put a sensible limit of the height of the resized image (so that crazy large images can’t be created)
NOT_FOUND_IMAGE	null	Image to display if a 404 error occurs, instead of showing an error message
ERROR_IMAGE	null	Image to display if an error occurs, instead of showing an error message
PNG_IS_TRANSPARENT	null	Define if a png image should have a transparent background color. Use False value if you want to display a custom coloured canvas_colour

The following settings alter the default values for the standard query string parameters.

constant	values	What it does
DEFAULT_Q	90	Default image compression level (Q = quality)
DEFAULT_ZC	1	Default zoom crop value – more info about the zoom crop settings can be found here
DEFAULT_F	null	Default image filter – more info about the filter settings can be found here
DEFAULT_S	0	Default value for sharpening an image
DEFAULT_CC	ffffff	Default value for the canvas colour. This is used when editing the zc values in your image. More info here.

Example

Since it’s a PHP file the code should use the standard PHP format.

An example config would be something like:

<?php
define('ALLOW_ALL_EXTERNAL_SITES', true);
?>

Posted in: TimThumb

Ben

Ben is a lifelong Nintendo fan who likes to build websites, and make video games. He buys way too much Lego.

14 thoughts on “TimThumb Configurations” Leave a comment ›

Steve aka DaddyBlogZAUK says:

March 20, 2012 at 22:30

You guys have impressed me! I can see some serious work has gone into sorting out this issue! Have you had any glitches with the new config file?
Ben, may well be tapping you up on some WordPress Plugins shortly when we launch an on-site blog – cheers!

Reply
Mark Murphy says:

March 25, 2012 at 18:12

Hi, this script really solved a big one for me. Thanks! Constructive comment…

On this doc page, it would be super helpful to show an example of the file. e.g.

ALLOW_ALL_EXTERNAL_SITES=true
…

I’m guessing the format above is how to do it. Use ‘true’, not True etc.

Also you could add the default setting of each item. Just the first time user’s feedback 🙂

Reply
1. Ben says:
  
  March 28, 2012 at 07:29
  
  Hi Mark – I must admit I had assumed the people editing the file would know PHP – I guess I wasn’t clear that it’s a PHP file and so should be done in the PHP format. I’ll add some clarification.
  
  Reply
Dominique says:

October 18, 2012 at 08:21

Fantastic script, but on some hosts I can’t change the cache fodler permissions, and I get the “Could not get a lock for writing” error.
Wouldn’t it be possible, that when this error occurs, instead of displaying an error message, to output the image thumbnail directly to the browser instead of trying to write it in the cache folder ?

I know I could disable cache (it doesn’t really seem to work for me), but I would like the detection to be automatic.

Or is there a way to check if Timthumb is outputting an error, like with ” if (exec(timthumb.php?src=image.jpg))” and it return true or false.. ?

Reply
Benjamin says:

April 10, 2013 at 19:53

Hello Ben,

I wonder if you can help me on a problem I’m having with the last timthumb version. I run a popular server and use timthumb to generate the homepage thumbnails. For each article publish on the site, I’ll generate a default picture (on a specific location) that is passed to timthumb on the main homepage.

The problem I’m experiencing is that, some times, my homepage is generated before the final images are in the correct place and, when timthumb is invoked by the users requesting the homepage, it returns a broken image (because there is no image do resize).

As far as I understand, timthumb saves some information on the cache, because, if I request the page again (after confirming that the default article image is on the correct location), it keeps giving me an error, until the cache time is expired.

My question is… is it possible to not cache any kind of information wo, when the image that’s being passed to timthumb is available, will be properly cached and served?

Thank you for your help.

Reply
Idham Perdameian says:

July 4, 2013 at 07:36

Hi, how can i know about timthumb change log?

Reply
1. Ben says:
  
  July 5, 2013 at 10:04
  
  It’s all on Google Code – https://code.google.com/p/timthumb/source/list
  
  Reply
prakash says:

August 20, 2013 at 06:08

How to completely remove an noise from the image…

Reply
1. Ben says:
  
  August 21, 2013 at 14:34
  
  Photoshop is your best bet. There’s no way to do this through TimThumb.
  
  Reply
Melissa says:

September 5, 2013 at 21:59

I’m getting this error from TimThumb on a site that uses symlinks to point to a single web server for images. “Could not find the internal image you specified” Does timthumb allow symlink usage, if so, is it by default or is there a setting to allow it? thank you.

Reply
SDA says:

September 17, 2013 at 16:20

We installed WP Better Security on one of our WordPress sites. We get daily warnings about file changes like wp-content/themes/aperture/cache/timthumb_int_539c43f6c9fb64270f768f466cea4b2e.timthumb.txt

When we open those files it’s mostly gobildy goop characters. We can’t tell if it’s something nefarious or maintenance the plugin is doing. Another reason I am concerned is that I am seeing lots of failed login attempts.

Thanks for educating us about the warning and what those files are.

Reply
1. Ben says:
  
  September 28, 2013 at 08:45
  
  Those are the cache files for the thumbnails. They are nothing to worry about 🙂
  
  Reply
Cepat Hamil says:

May 12, 2014 at 03:08

Hi Ben, how to increase the security of the timthumb, as i read there are some vulnerabilities of the tim thumb?

Reply
1. Ben says:
  
  May 12, 2014 at 11:10
  
  Hi – there were some vulnerabilities a few years ago. The best thing to do is update the script and make sure you keep it up to date.
  
  Reply