X-Git-Url: http://positon.org/gitweb/?p=bizou.git;a=blobdiff_plain;f=view.php;h=1f98767131ff38112f996d2c3d755fcf570e9767;hp=33b935f8a3735b1c525428696dca58c9d5522602;hb=4c7e1533e440cb6c88756a5677bf70f9a058e724;hpb=3287102a856be64262a9db0c98e7be7f9c26dbb8

diff --git a/view.php b/view.php
index 33b935f..1f98767 100644
--- a/view.php
+++ b/view.php
@@ -24,6 +24,11 @@ if ($shortPath == '/') $shortPath = '';
 // extra security check to avoid /photos/index/../.. like urls, maybe useless but..
 if (strpos($shortPath, '..') !== false) die(".. found in url");
 
+if (! is_file(IMAGES_DIR.$shortPath)) {
+	header("HTTP/1.1 404 Not Found");
+	die("File Not Found");
+}
+
 $scriptPath = $_SERVER["SCRIPT_NAME"];
 
 // get all images in an array