harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xss prevention

Browse Source
This commit is contained in:
friendica
2014-05-14 00:55:32 -07:00
parent de550d45ff
commit 2f1e4a6370
3 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
include/widgets.php
View File

@@ -746,6 +746,11 @@ function widget_photo($arr) {
if(array_key_exists('style',$arr) && isset($arr['style']))
$style = $arr['style'];
// ensure they can't sneak in an eval(js) function
if(strpos($style,'(') !== false)
return '';
if(array_key_exists('zrl',$arr) && isset($arr['zrl']))
$zrl = (($arr['zrl']) ? true : false);