Update Timthumb for All cPanel Users

A simple script to check all cPanel user accounts for timthumb.php(WordPress) and update them to the latest version if needed. Also checks for timthumb being used as thumb.php. Uses check to insure thumb.php is not affected for scripts like joomla, which does not use timthumb.

#! /bin/bash
# Detects and updates timthumb.php to latest version for all cPanel users.
# dropdeaddick.com

latest=`lynx -source http://timthumb.googlecode.com/svn/trunk/timthumb.php |grep "define ('VERSION'" $file |cut -f4 -d"'"`
if [ -z "$latest" ]; then
echo "could not get latest timthumb release, aborting!"
exit 1
fi
for user in `awk -F':' '{ if ($3 > 499) print $0 }' /etc/passwd | grep home | cut -d':' -f1`; do
for file in `find /home*/$user/public_html/ -type f \( -name 'thumb.php' -o -name 'timthumb.php' \) 2>/dev/null | tr ' ' '%'`; do
file=`echo $file | tr '%' ' '`
check=`grep -c "code.google.com/p/timthumb" "$file"`
if [ -z "$check" ]; then
break
fi
if [ "$check" -gt "0" ]; then
version=`grep "define ('VERSION'" "$file" |cut -f4 -d"'"`
if [ "$version" != "$latest" ]; then
echo -e "\e[1;31mWARNING version $version\e[0m updating $file!"
# rm -f $file #delete current file before replacing.
wget -nv -t3 -T3 http://timthumb.googlecode.com/svn/trunk/timthumb.php -O "$file"
chown $user: "$file"
else
echo -e "\e[1;32mOK version $version\e[0m skipping $file"
fi
fi
done
done

4 thoughts on “Update Timthumb for All cPanel Users”

  1. Thank you good sir for providing this code. This has saved me, I had previously written a bash script that merely checks for outdated versions and I wasnt sure how to write it to get it from the google code repository.

    <3

  2. I’ve noticed a bug,

    When I have TimThumb version 2.8.10 on the server, the bash script will confirm “OK version 2.8.11”

    I double checked all the files and it seems that all 2.8.10 versions are being confirmed “OK version 2.8.11” and not updating.

Comments are closed.