--- image.php	2009-10-24 16:18:40.000000000 -0400
+++ ../sites-backup/all/modules/brilliant_gallery/image.php	2009-10-27 22:23:31.000000000 -0400
@@ -1,8 +1,13 @@
 <?php
 /* $Id: image.php,v 1.15.2.3.2.2.2.8 2009/10/24 20:18:40 tjfulopp Exp $ */
 
-if (strpos(base64_decode($_GET['imgp']), "://") !== false) {
-  # Fixing a possible URL injection problem. Using ':' was not enough because Windows paths contain it as well.
+/* check for bad URL inputs */
+$urlpath = base64_decode($_GET['imgp']);
+if (strpos($urlpath, "://") !== false ||
+	strpos($urlpath, "..") !== false ||
+	preg_match('/\D/', ($_GET['imgw'] . $_GET['imgh'])) > 0 ||
+	($_GET['imgw'] + $_GET['imgh']) < 10 ||
+	($_GET['imgw'] + $_GET['imgh']) > 20000 ) {
   header("HTTP/1.0 404 Not Found");
   exit();
 }
@@ -14,11 +19,14 @@
   }
   #module_load_include('/includes/bootstrap.inc', 'image', 'includes/bootstrap');
   require_once './includes/bootstrap.inc';
+  require_once './includes/file.inc';
   drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); // See http://drupal.org/node/211378#comment-924059
   #drupal_bootstrap(DRUPAL_BOOTSTRAP_DATABASE);
   #drupal_cron_run();
 }
 
+$imagepath = realpath(file_directory_path() . $urlpath);
+
 // Crucial - to suppress Devel (if installed and enabled) output appearing in the generated XML!
 $GLOBALS['devel_shutdown'] = FALSE;
 
@@ -123,9 +131,8 @@
 
 #function resizeimage($imgp, $imgw, $imgh) {
 function resizeimage($imgp, $imgw, $imgh, $imgcrop) {
-  $imagepath = base64_decode($imgp);
-  #echo '.... ' . base64_decode( $imgp );
-  #flush();die(' stop!');
+  global $imagepath;
+
   # Thanks to Michał Albrecht!
   $suffix = strtolower(substr($imagepath, -4));
   $imgsize = @getimagesize($imagepath);