From 4ce56e9cb070c08edc5abab629b78c7634a16c39 Mon Sep 17 00:00:00 2001
From: ilotterytea <iltsu@alright.party>
Date: Mon, 29 Sep 2025 17:10:13 +0500
Subject: upd: return 404 if file does not exist on disk

---
 public/index.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'public')

diff --git a/public/index.php b/public/index.php
index cdb53ad..e64dd65 100644
--- a/public/index.php
+++ b/public/index.php
@@ -84,14 +84,13 @@ if (FILE_CATALOG_FANCY_VIEW && $file_id) {
     ');
     $stmt->execute([$file_id, $file_ext]);
     $file = $stmt->fetch(PDO::FETCH_ASSOC) ?: null;
+    $file_exists = is_file(FILE_UPLOAD_DIRECTORY . "/$file_id.$file_ext");
 
-    if (!$file) {
+    if (!$file || !$file_exists) {
         http_response_code(404);
         exit();
     }
 
-    $file_exists = is_file(FILE_UPLOAD_DIRECTORY . "/$file_id.$file_ext");
-
     // counting views
     $viewed_file_ids = $_SESSION['viewed_file_ids'] ?? [];
     if (!in_array($file['id'], $viewed_file_ids)) {
-- 
cgit v1.2.3