thumb: validate path before extracting missing parts

Silence PHP warning about undefined offset on invalid requests.

diff --git a/thumb/index.php b/thumb/index.php
index a6b5bd7d66cce6d27560b120955a3fae695aaaa1..7de4f456939152bd931f61a15094b4a061ebbe08 100644 (file)
--- a/thumb/index.php
+++ b/thumb/index.php
@@ -1,6 +1,10 @@
 <?php
 if (!$User) return;
-list ($size, $imgpath) = explode('/', ltrim($Page->path, '/'), 2);
+$imgpath = ltrim($Page->path, '/');
+if (!preg_match('{^[0-9x]+/}', $imgpath)) {
+       return;
+}
+list ($size, $imgpath) = explode('/', $imgpath, 2);
 $imgpath = preg_replace('{^(?=[0-9]+/)}', 'data/', $imgpath, 1);
 
 if (!file_exists($imgpath)) {