aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/widgets.php5
1 files changed, 5 insertions, 0 deletions
diff --git a/include/widgets.php b/include/widgets.php
index 0f6d70ff7..0ed79f1eb 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -746,6 +746,11 @@ function widget_photo($arr) {
if(array_key_exists('style',$arr) && isset($arr['style']))
$style = $arr['style'];
+ // ensure they can't sneak in an eval(js) function
+
+ if(strpos($style,'(') !== false)
+ return '';
+
if(array_key_exists('zrl',$arr) && isset($arr['zrl']))
$zrl = (($arr['zrl']) ? true : false);