--- timthumb.php	2011-08-02 08:15:25.000000000 -0700
+++ timthumb.new	2011-08-02 11:08:55.000000000 -0700
@@ -641,7 +641,9 @@
 				display_error ('source filename invalid');
 			}			
 
-			if (($url_info['host'] == 'www.youtube.com' || $url_info['host'] == 'youtube.com') && preg_match ('/v=([^&]+)/i', $url_info['query'], $matches)) {
+			$url_host = preg_replace( '/^www\./', '', strtolower( $url_info['host'] ) );
+
+			if ( $url_host == 'youtube.com' && preg_match ('/v=([^&]+)/i', $url_info['query'], $matches) ) {
 				$v = $matches[1];
 				$src = 'http://img.youtube.com/vi/' . $v . '/0.jpg';
 				$url_info['host'] = 'img.youtube.com';
@@ -650,19 +652,10 @@
 			$isAllowedSite = false;
 
 			// check allowed sites (if required)
-			if (ALLOW_EXTERNAL) {
-
+			if (ALLOW_EXTERNAL)
 				$isAllowedSite = true;
-
-			} else {
-
-				foreach ($allowedSites as $site) {
-					if (preg_match ('/(?:^|\.)' . $site . '$/i', $url_info['host'])) {
-						$isAllowedSite = true;
-					}
-				}
-
-			}
+			else
+				$isAllowedSite = (bool)count( preg_grep( '/^' . preg_quote( $url_host ) . '$/i', $allowedSites ) );
 
 			// if allowed
 			if ($isAllowedSite) {
@@ -861,4 +854,4 @@
 	echo '<br />TimThumb version : ' . VERSION . '</pre>';
     die ();
 
-}
\ No newline at end of file
+}