From c1e16f04396f7f76f94f0ef6bbaadc33be20a60e Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Sun, 27 Dec 2020 02:36:04 +0100
Subject: [PATCH] thumb: validate path before extracting missing parts

Silence PHP warning about undefined offset on invalid requests.
---
 thumb/index.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/thumb/index.php b/thumb/index.php
index a6b5bd7..7de4f45 100644
--- a/thumb/index.php
+++ b/thumb/index.php
@@ -1,6 +1,10 @@
 <?php
 if (!$User) return;
-list ($size, $imgpath) = explode('/', ltrim($Page->path, '/'), 2);
+$imgpath = ltrim($Page->path, '/');
+if (!preg_match('{^[0-9x]+/}', $imgpath)) {
+	return;
+}
+list ($size, $imgpath) = explode('/', $imgpath, 2);
 $imgpath = preg_replace('{^(?=[0-9]+/)}', 'data/', $imgpath, 1);
 
 if (!file_exists($imgpath)) {
-- 
2.30.0