From 4c5dd9f47c538e70ae4348b74948c83d91ab6ff4 Mon Sep 17 00:00:00 2001
From: Philipp Holzer <admin+github@philipp.info>
Date: Thu, 30 May 2019 10:30:15 +0200
Subject: [PATCH] Add more Strings::isHex() checks to photos

---
 mod/photos.php       | 5 ++++-
 src/Util/Strings.php | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/mod/photos.php b/mod/photos.php
index 6a84e61388..07693742c1 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -188,6 +188,9 @@ function photos_post(App $a)
 	}
 
 	if ($a->argc > 3 && $a->argv[2] === 'album') {
+		if (!Strings::isHex($a->argv[3])) {
+			$a->internalRedirect();
+		}
 		$album = hex2bin($a->argv[3]);
 
 		if ($album === L10n::t('Profile Photos') || $album === 'Contact Photos' || $album === L10n::t('Contact Photos')) {
@@ -960,7 +963,7 @@ function photos_content(App $a)
 			return;
 		}
 
-		$selname = $datum ? hex2bin($datum) : '';
+		$selname = Strings::isHex($datum) ? hex2bin($datum) : '';
 
 		$albumselect = '';
 
diff --git a/src/Util/Strings.php b/src/Util/Strings.php
index 14fbde899c..88dd1d39f8 100644
--- a/src/Util/Strings.php
+++ b/src/Util/Strings.php
@@ -40,7 +40,7 @@ class Strings
 	 */
     public static function isHex($hexCode)
     {
-	    return @preg_match("/^[a-f0-9]{2,}$/i", $hexCode) && !(strlen($hexCode) & 1);
+	    return !empty($hexCode) ? @preg_match("/^[a-f0-9]{2,}$/i", $hexCode) && !(strlen($hexCode) & 1) : false;
     }
 
     /**