What about sending to the full sizeimage if a size
bigger than the image
is requested?
Also, as you're issuing a redirect, what are the risks if someone was
able to upload a malicious file to the servers? (the thumbnailing
process may guard against it)
Make it only deliver the original if explicitly asked for it. Then it would
also be a replacement for Special:Filepath