diff --git a/modules/chatMember.sh b/modules/chatMember.sh
index 237e9b0..c21a331 100644
--- a/modules/chatMember.sh
+++ b/modules/chatMember.sh
@@ -5,7 +5,7 @@
 # This file is public domain in the USA and all free countries.
 # Elsewhere, consider it to be WTFPLv2. (wtfpl.net/txt/copying)
 #
-#### $$VERSION$$ v1.45-dev-0-g9d36f23
+#### $$VERSION$$ v1.45-dev-23-g805a74e
 
 # will be automatically sourced from bashbot
 
@@ -30,6 +30,34 @@ set_chat_description() {
 	sendJson "$1" '"description": "'"$2"'"' "${URL}/setChatDescription"
 }
 
+# $1 chat  $2 file
+set_chat_photo() {
+	local file=$2
+#XXX factor out to checkFileLocation ??
+	[[ "${file}" = *'..'* || "${file}" = '.'* ]] && err=1 	# no directory traversal
+	if [[ "${file}" = '/'* ]] ; then
+		[[ ! "${file}" =~ ${FILE_REGEX} ]] && err=2	# absolute must match REGEX
+	else
+		file="${UPLOADDIR:-NOUPLOADDIR}/${file}"	# others must be in UPLOADDIR
+	fi
+	[ ! -r "${file}" ] && err=3	# and file must exits of course
+	# file path error, generate error response
+	if [ -n "${err}" ]; then
+	    BOTSENT=(); BOTSENT[OK]="false"
+	    case "${err}" in
+		1) BOTSENT[ERROR]="Path to file $2 contains to much '../' or starts with '.'";;
+		2) BOTSENT[ERROR]="Path to file $2 does not match regex: ${FILE_REGEX} ";;
+		3) if [[ "$2" == "/"* ]];then
+			BOTSENT[ERROR]="File not found: $2"
+		   else
+			BOTSENT[ERROR]="File not found: ${UPLOADDIR}/$2"
+		   fi;;
+	    esac
+	    [ -n "${BASHBOTDEBUG}" ] && log_debug "set_chat_photo: CHAT=$1 FILE=$2 MSG=${BOTSENT[DESCRIPTION]}"
+	    return
+	fi
+	sendUpload "$1" "photo" "${file}" "${URL}/setChatPhoto" 
+}
 # $1 chat 
 delete_chat_photo() {
 	sendJson "$1" "" "${URL}/deleteChatPhoto"
diff --git a/modules/sendMessage.sh b/modules/sendMessage.sh
index 6b1ec46..bf6a78e 100644
--- a/modules/sendMessage.sh
+++ b/modules/sendMessage.sh
@@ -6,7 +6,7 @@
 # Elsewhere, consider it to be WTFPLv2. (wtfpl.net/txt/copying)
 #
 # shellcheck disable=SC1117
-#### $$VERSION$$ v1.45-dev-15-gd3a1cec
+#### $$VERSION$$ v1.45-dev-23-g805a74e
 
 # will be automatically sourced from bashbot
 
@@ -277,6 +277,7 @@ send_file(){
 	else
 		# we have a file, check file location ...
 		media="FILE"
+#XXX factor out to checkFileLocation ??
 		[[ "${file}" = *'..'* || "${file}" = '.'* ]] && err=1 	# no directory traversal
 		if [[ "${file}" = '/'* ]] ; then
 			[[ ! "${file}" =~ ${FILE_REGEX} ]] && err=2	# absolute must match REGEX