xss prevention

include/widgets.php

@@ -746,6 +746,11 @@ function widget_photo($arr) {
 	if(array_key_exists('style',$arr) && isset($arr['style']))
 		$style = $arr['style'];
 
+	// ensure they can't sneak in an eval(js) function
+
+	if(strpos($style,'(') !== false)
+		return '';
+
 	if(array_key_exists('zrl',$arr) && isset($arr['zrl']))
 		$zrl = (($arr['zrl']) ? true : false);
 

version.inc

@@ -1 +1 @@
-2014-05-13.674
+2014-05-14.675

view/css/choklet_bannertwo.css

@@ -10,6 +10,8 @@ header #banner {
 	margin-top: 75px;
 	width: 100%;
 	margin-bottom: 20px;
+	margin-left: auto;
+	margin-right: auto;
 	overflow-x: hidden;
 }