From c240ee117d95b8eee4d5ef1d3622060d083ca245 Mon Sep 17 00:00:00 2001
From: Lars Jung <lrsjng@gmail.com>
Date: Wed, 18 Jun 2014 00:49:21 +0200
Subject: [PATCH] Disable thumbs in cache folder itself.

---
 CHANGELOG.md                             | 1 +
 src/_h5ai/server/php/inc/class-thumb.php | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f647ab33..d22dfae6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@
 * adds Google UA support
 * extends selectable icon sizes (adds 128px, 192px, 256px, 384px)
 * improves preview GUI
+* disable thumbs in `cache` folder
 * fixes QR code URI origin (issue [#287](https://github.com/lrsjng/h5ai/issues/287))
 * removes server side file manipulation extensions `dropbox`, `delete` and `rename`
 * updates H5BP to 4.3.0
diff --git a/src/_h5ai/server/php/inc/class-thumb.php b/src/_h5ai/server/php/inc/class-thumb.php
index 8ac0b390..308707f4 100644
--- a/src/_h5ai/server/php/inc/class-thumb.php
+++ b/src/_h5ai/server/php/inc/class-thumb.php
@@ -22,6 +22,9 @@ class Thumb {
 	public function thumb($type, $source_url, $mode, $width, $height) {
 
 		$source_path = $this->app->to_path($source_url);
+		if (!file_exists($source_path) || starts_with($source_path, CACHE_PATH)) {
+			return null;
+		}
 
 		if ($type === "img") {
 			$capture_path = $source_path;