diff --git a/docs/Changelog.md b/docs/Changelog.md
index 940790f..2295e5e 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -1,3 +1,10 @@
+## v2.7.2
+
+Released April 13, 2015
+
+- `Fixed` Prevented remote code execution of photos imported using "Import from URL" (Thanks Segment S.r.l)
+- `Fixed` Stopped view.php from returning data of private photos
+
 ## v2.7.1
 
 Released January 26, 2015
diff --git a/php/modules/Import.php b/php/modules/Import.php
index abbe669..618e39d 100644
--- a/php/modules/Import.php
+++ b/php/modules/Import.php
@@ -11,6 +11,9 @@ class Import extends Module {
 
 	static function photo($database, $plugins, $settings, $path, $albumID = 0, $description = '', $tags = '') {
 
+		# No need to validate photo type and extension in this function.
+		# $photo->add will take care of it.
+
 		$info	= getimagesize($path);
 		$size	= filesize($path);
 		$photo	= new Photo($database, $plugins, $settings, null);
@@ -37,7 +40,16 @@ class Import extends Module {
 
 		foreach ($urls as &$url) {
 
-			if (@exif_imagetype($url)===false) {
+			# Verify extension
+			$extension = getExtension($url);
+			if (!in_array(strtolower($extension), Photo::$validExtensions, true)) {
+				$error = true;
+				continue;
+			}
+
+			# Verify image
+			$type = @exif_imagetype($url);
+			if (!in_array($type, Photo::$validTypes, true)) {
 				$error = true;
 				continue;
 			}
diff --git a/php/modules/Photo.php b/php/modules/Photo.php
index 15cc9c4..26d7f11 100755
--- a/php/modules/Photo.php
+++ b/php/modules/Photo.php
@@ -13,12 +13,12 @@ class Photo extends Module {
 	private $settings	= null;
 	private $photoIDs	= null;
 
-	private $allowedTypes = array(
+	public static $validTypes = array(
 		IMAGETYPE_JPEG,
 		IMAGETYPE_GIF,
 		IMAGETYPE_PNG
 	);
-	private $validExtensions = array(
+	public static $validExtensions = array(
 		'.jpg',
 		'.jpeg',
 		'.png',
@@ -87,11 +87,17 @@ class Photo extends Module {
 
 			# Verify extension
 			$extension = getExtension($file['name']);
-			if (!in_array(strtolower($extension), $this->validExtensions, true)) continue;
+			if (!in_array(strtolower($extension), Photo::$validExtensions, true)) {
+				Log::error($this->database, __METHOD__, __LINE__, 'Photo format not supported');
+				exit('Error: Photo format not supported!');
+			}
 
 			# Verify image
 			$type = @exif_imagetype($file['tmp_name']);
-			if (!in_array($type, $this->allowedTypes, true)) continue;
+			if (!in_array($type, Photo::$validTypes, true)) {
+				Log::error($this->database, __METHOD__, __LINE__, 'Photo type not supported');
+				exit('Error: Photo type not supported!');
+			}
 
 			# Generate id
 			$id = str_replace('.', '', microtime(true));
diff --git a/php/modules/misc.php b/php/modules/misc.php
index 2614fda..f5b9ba3 100755
--- a/php/modules/misc.php
+++ b/php/modules/misc.php
@@ -73,6 +73,9 @@ function getGraphHeader($database, $photoID) {
 
 	if (!isset($database, $photoID)) return false;
 
+	$photo = new Photo($database, null, null, $photoID);
+	if ($photo->getPublic('')===false) return false;
+
 	$query	= Database::prepare($database, "SELECT title, description, url, medium FROM ? WHERE id = '?'", array(LYCHEE_TABLE_PHOTOS, $photoID));
 	$result	= $database->query($query);
 	$row	= $result->fetch_object();