diff --git a/mod/photos.php b/mod/photos.php
index 6a84e61388..07693742c1 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -188,6 +188,9 @@ function photos_post(App $a)
 	}
 
 	if ($a->argc > 3 && $a->argv[2] === 'album') {
+		if (!Strings::isHex($a->argv[3])) {
+			$a->internalRedirect();
+		}
 		$album = hex2bin($a->argv[3]);
 
 		if ($album === L10n::t('Profile Photos') || $album === 'Contact Photos' || $album === L10n::t('Contact Photos')) {
@@ -960,7 +963,7 @@ function photos_content(App $a)
 			return;
 		}
 
-		$selname = $datum ? hex2bin($datum) : '';
+		$selname = Strings::isHex($datum) ? hex2bin($datum) : '';
 
 		$albumselect = '';
 
diff --git a/src/Util/Strings.php b/src/Util/Strings.php
index 14fbde899c..88dd1d39f8 100644
--- a/src/Util/Strings.php
+++ b/src/Util/Strings.php
@@ -40,7 +40,7 @@ class Strings
 	 */
     public static function isHex($hexCode)
     {
-	    return @preg_match("/^[a-f0-9]{2,}$/i", $hexCode) && !(strlen($hexCode) & 1);
+	    return !empty($hexCode) ? @preg_match("/^[a-f0-9]{2,}$/i", $hexCode) && !(strlen($hexCode) & 1) : false;
     }
 
     /**