diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/widgets.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/widgets.php b/include/widgets.php index 0f6d70ff7..0ed79f1eb 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -746,6 +746,11 @@ function widget_photo($arr) { if(array_key_exists('style',$arr) && isset($arr['style'])) $style = $arr['style']; + // ensure they can't sneak in an eval(js) function + + if(strpos($style,'(') !== false) + return ''; + if(array_key_exists('zrl',$arr) && isset($arr['zrl'])) $zrl = (($arr['zrl']) ? true : false); |