harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xss prevention

Browse Source
This commit is contained in:
friendica 2014-05-14 00:55:32 -07:00
parent de550d45ff
commit 2f1e4a6370
3 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/widgets.php
View File

@ -746,6 +746,11 @@ function widget_photo($arr) {
if(array_key_exists('style',$arr) && isset($arr['style'])) if(array_key_exists('style',$arr) && isset($arr['style']))
$style = $arr['style']; $style = $arr['style'];
// ensure they can't sneak in an eval(js) function
if(strpos($style,'(') !== false)
return '';
if(array_key_exists('zrl',$arr) && isset($arr['zrl'])) if(array_key_exists('zrl',$arr) && isset($arr['zrl']))
$zrl = (($arr['zrl']) ? true : false); $zrl = (($arr['zrl']) ? true : false);

2
version.inc
View File

@ -1 +1 @@
2014-05-13.674 2014-05-14.675

2
view/css/choklet_bannertwo.css
View File

@ -10,6 +10,8 @@ header #banner {
margin-top: 75px; margin-top: 75px;
width: 100%; width: 100%;
margin-bottom: 20px; margin-bottom: 20px;
margin-left: auto;
margin-right: auto;
overflow-x: hidden; overflow-x: hidden;
} }