From 3de540d1d101ee376ce6e50969aea2482a87b202 Mon Sep 17 00:00:00 2001
From: Philipp Holzer <admin+github@philipp.info>
Date: Wed, 29 May 2019 20:28:25 +0200
Subject: [PATCH] Adding hexadecimal check for photos see
 https://github.com/friendica/friendica/issues/6917#issuecomment-492798238

---
 mod/photos.php       |  4 ++++
 src/Util/Strings.php | 12 ++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/mod/photos.php b/mod/photos.php
index b18c06e2a3..6a84e61388 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -1027,6 +1027,10 @@ function photos_content(App $a)
 
 	// Display a single photo album
 	if ($datatype === 'album') {
+		// if $datum is not a valid hex, redirect to the default page
+		if (!Strings::isHex($datum)) {
+			$a->internalRedirect();
+		}
 		$album = hex2bin($datum);
 
 		$total = 0;
diff --git a/src/Util/Strings.php b/src/Util/Strings.php
index 3f8990d6c1..14fbde899c 100644
--- a/src/Util/Strings.php
+++ b/src/Util/Strings.php
@@ -31,6 +31,18 @@ class Strings
         return $return;
     }
 
+	/**
+	 * Checks, if the given string is a valid hexadecimal code
+	 *
+	 * @param string $hexCode
+	 *
+	 * @return bool
+	 */
+    public static function isHex($hexCode)
+    {
+	    return @preg_match("/^[a-f0-9]{2,}$/i", $hexCode) && !(strlen($hexCode) & 1);
+    }
+
     /**
      * @brief This is our primary input filter.
      *
-- 
2.39.5