--- ../sites-backup/all/modules/brilliant_gallery/image.php	2009-10-27 22:23:31.000000000 -0400
+++ image.php	2009-10-24 16:18:40.000000000 -0400
@@ -1,13 +1,8 @@
 <?php
 /* $Id: image.php,v 1.15.2.3.2.2.2.8 2009/10/24 20:18:40 tjfulopp Exp $ */
 
-/* check for bad URL inputs */
-$urlpath = base64_decode($_GET['imgp']);
-if (strpos($urlpath, "://") !== false ||
-	strpos($urlpath, "..") !== false ||
-	preg_match('/\D/', ($_GET['imgw'] . $_GET['imgh'])) > 0 ||
-	($_GET['imgw'] + $_GET['imgh']) < 10 ||
-	($_GET['imgw'] + $_GET['imgh']) > 20000 ) {
+if (strpos(base64_decode($_GET['imgp']), "://") !== false) {
+  # Fixing a possible URL injection problem. Using ':' was not enough because Windows paths contain it as well.
   header("HTTP/1.0 404 Not Found");
   exit();
 }
@@ -19,14 +14,11 @@
   }
   #module_load_include('/includes/bootstrap.inc', 'image', 'includes/bootstrap');
   require_once './includes/bootstrap.inc';
-  require_once './includes/file.inc';
   drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); // See http://drupal.org/node/211378#comment-924059
   #drupal_bootstrap(DRUPAL_BOOTSTRAP_DATABASE);
   #drupal_cron_run();
 }
 
-$imagepath = realpath(file_directory_path() . $urlpath);
-
 // Crucial - to suppress Devel (if installed and enabled) output appearing in the generated XML!
 $GLOBALS['devel_shutdown'] = FALSE;
 
@@ -131,8 +123,9 @@
 
 #function resizeimage($imgp, $imgw, $imgh) {
 function resizeimage($imgp, $imgw, $imgh, $imgcrop) {
-  global $imagepath;
-
+  $imagepath = base64_decode($imgp);
+  #echo '.... ' . base64_decode( $imgp );
+  #flush();die(' stop!');
   # Thanks to Michał Albrecht!
   $suffix = strtolower(substr($imagepath, -4));
   $imgsize = @getimagesize($imagepath);