From d9e4862b71de71289e76fdf16a251ffda3190426 Mon Sep 17 00:00:00 2001
From: Alice <alice@akuma.me>
Date: Fri, 27 Jun 2025 19:07:46 +0000
Subject: [PATCH 1/2] Fix security vulnerability - image_metadata.json is
 publicly accessible, therefore all uploads are visible to all users

---
 .htaccess | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 .htaccess

diff --git a/.htaccess b/.htaccess
new file mode 100644
index 0000000..6af108f
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1,4 @@
+<Files "image_metadata.json">
+Deny from all
+</Files>
+

From 800993cf549d7e075b237d069040b72d2061a831 Mon Sep 17 00:00:00 2001
From: Alice <alice@akuma.me>
Date: Fri, 27 Jun 2025 19:15:05 +0000
Subject: [PATCH 2/2] Fix security vulnerability - subfolders are indexable,
 therefore all images are being exposed.

---
 index.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 6300fe8..29631b0 100644
--- a/index.php
+++ b/index.php
@@ -20,6 +20,8 @@ function generate_unique_id() {
 function ensure_directory_exists($dir) {
   if (!file_exists($dir)) {
     mkdir($dir, 0755, true);
+    $filename=$dir."index.php";
+    file_put_contents($filename,"");
   }
 }
 
@@ -470,4 +472,4 @@ function previewImage(event) {
       }
     </script>
   </body>
-</html>
\ No newline at end of file
+</html>