<?php
if (!$User) return;
-list ($size, $imgpath) = explode('/', ltrim($Page->path, '/'), 2);
+$imgpath = ltrim($Page->path, '/');
+if (!preg_match('{^[0-9x]+/}', $imgpath)) {
+ return;
+}
+list ($size, $imgpath) = explode('/', $imgpath, 2);
$imgpath = preg_replace('{^(?=[0-9]+/)}', 'data/', $imgpath, 1);
if (!file_exists($imgpath)) {