$realDir = IMAGES_DIR.$shortPath;
+if (! is_dir($realDir)) {
+ header("HTTP/1.1 404 Not Found");
+ die("Directory Not Found");
+}
+
foreach (scandir($realDir) as $file) if ($file != '.' and $file != '..')
{
if (is_dir("$realDir/$file"))
// extra security check to avoid /photos/index/../.. like urls, maybe useless but..
if (strpos($shortPath, '..') !== false) die(".. found in url");
+if (! is_file(IMAGES_DIR.$shortPath)) {
+ header("HTTP/1.1 404 Not Found");
+ die("File Not Found");
+}
+
$scriptPath = $_SERVER["SCRIPT_NAME"];
// get all images in an array