+Fix CVE-2008-5620 which was caused by insufficient input sanitizing for quota bar.
+
+diff --git a/bin/quotaimg.php b/bin/quotaimg.php
+index 354f4eb..4e73c21 100644
+--- a/bin/quotaimg.php
++++ b/bin/quotaimg.php
+@@ -18,10 +18,10 @@
+
+ */
+
+-$used = ((isset($_GET['u']) && !empty($_GET['u'])) || $_GET['u']=='0')?(int)$_GET['u']:'??';
+-$quota = ((isset($_GET['q']) && !empty($_GET['q'])) || $_GET['q']=='0')?(int)$_GET['q']:'??';
+-$width = empty($_GET['w']) ? 100 : (int)$_GET['w'];
+-$height = empty($_GET['h']) ? 14 : (int)$_GET['h'];
++$used = isset($_GET['u']) ? intval($_GET['u']) : '??';
++$quota = isset($_GET['q']) ? intval($_GET['q']) : '??';
++$width = empty($_GET['w']) ? 100 : min(300, intval($_GET['w']));
++$height = empty($_GET['h']) ? 14 : min(50, intval($_GET['h']));
+
+ /**
+ * Quota display
+@@ -159,7 +159,7 @@ function genQuota($used, $total, $width, $height)
+ }
+
+ $quota_width = $quota / 100 * $width;
+- imagefilledrectangle($im, $border, 0, $quota, $height-2*$border, $fill);
++ imagefilledrectangle($im, $border, 0, $quota_width, $height-2*$border, $fill);
+
+ $string = $quota . '%';
+ $mid = floor(($width-(strlen($string)*imagefontwidth($font)))/2)+1;
+@@ -178,6 +178,12 @@ function genQuota($used, $total, $width, $height)
+ imagedestroy($im);
+ }
+
+-genQuota($used, $quota, $width, $height);
++if ($width > 1 && $height > 1) {
++ genQuota($used, $quota, $width, $height);
++}
++else {
++ header("HTTP/1.0 404 Not Found");
++}
++
+ exit;
+ ?>
+\ No newline at end of file