gistfile1.php

<?php
//$thumbdir = str_replace('/..', '', $thumbdir); // Prevent directory traversal attacks.

if(strstr($thumbdir, '..') !== FALSE) {
    $requestedDir = '';
    $thumbdir = rtrim('photos/','/');
}
?>