From e7924f462ed9e49e8a46fd2355b2855c92afb2f1 Mon Sep 17 00:00:00 2001
From: Chris <christian@haschek.at>
Date: Tue, 21 Apr 2026 12:04:05 +0200
Subject: [PATCH] fix: reject zero-dimension viewport values

---
 web/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/index.php b/web/index.php
index 79d3abd..dd1297c 100755
--- a/web/index.php
+++ b/web/index.php
@@ -41,7 +41,7 @@ switch ($url[0]) {
             exit;
         }
         $vpParts = array_map('intval', explode('x', $viewport));
-        if ($vpParts[0] > 3840 || $vpParts[1] > 2160) {
+        if ($vpParts[0] < 1 || $vpParts[1] < 1 || $vpParts[0] > 3840 || $vpParts[1] > 2160) {
             header('HTTP/1.0 400 Bad Request');
             echo 'Viewport exceeds maximum (3840x2160)';
             exit;