From 95c5ed6a32cbdd94b4ed623c3e65a001c4359ade Mon Sep 17 00:00:00 2001
From: James Collins <james.collins@outlook.com.au>
Date: Tue, 28 Feb 2023 12:17:58 +1000
Subject: [PATCH] fix strpos looking at the wrong variable

---
 public/media.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/media.php b/public/media.php
index 6a5cbc0..dbd30e3 100644
--- a/public/media.php
+++ b/public/media.php
@@ -7,7 +7,7 @@ if (isset($_GET['url'])) {
     $filepath = realpath($_GET['url']);
 }
 
-if ($filepath !== false && strlen($filepath) > 0 && strpos($filepath, 'uploads/') === 0 && is_file($filepath)) {
+if ($filepath !== false && strlen($filepath) > 0 && strpos($_GET['url'], 'uploads/') === 0 && is_file($filepath)) {
     $image = imagecreatefromstring(file_get_contents($filepath));
 
     $newWidth = (isset($_GET['w']) ? intval($_GET['w']) : -1);