Add more Strings::isHex() checks to photos

diff --git a/mod/photos.php b/mod/photos.php
index 6a84e61388cec16e76698090ae5fd158431900aa..07693742c184c59f90915fca0d71e987fa244a27 100644 (file)
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -188,6 +188,9 @@ function photos_post(App $a)
        }
 
        if ($a->argc > 3 && $a->argv[2] === 'album') {
+               if (!Strings::isHex($a->argv[3])) {
+                       $a->internalRedirect();
+               }
                $album = hex2bin($a->argv[3]);
 
                if ($album === L10n::t('Profile Photos') || $album === 'Contact Photos' || $album === L10n::t('Contact Photos')) {
@@ -960,7 +963,7 @@ function photos_content(App $a)
                        return;
                }
 
-               $selname = $datum ? hex2bin($datum) : '';
+               $selname = Strings::isHex($datum) ? hex2bin($datum) : '';
 
                $albumselect = '';
 

diff --git a/src/Util/Strings.php b/src/Util/Strings.php
index 14fbde899c2dad26a86b2784a0e24f698f9108fc..88dd1d39f81edd151151dac1ba6b7449528dd871 100644 (file)
--- a/src/Util/Strings.php
+++ b/src/Util/Strings.php
@@ -40,7 +40,7 @@ class Strings
         */
     public static function isHex($hexCode)
     {
-           return @preg_match("/^[a-f0-9]{2,}$/i", $hexCode) && !(strlen($hexCode) & 1);
+           return !empty($hexCode) ? @preg_match("/^[a-f0-9]{2,}$/i", $hexCode) && !(strlen($hexCode) & 1) : false;
     }
 
     /**