From a4dc92b00459dc1536d978469dff7595b16c83a1 Mon Sep 17 00:00:00 2001
From: YJSoft <yjsoft@yjsoft.xyz>
Date: Thu, 6 Jul 2023 05:05:34 +0000
Subject: [PATCH] Fix widgetStyle escape is not applied

---
 modules/widget/widget.model.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/widget/widget.model.php b/modules/widget/widget.model.php
index 002881f45d..77ec9619f3 100644
--- a/modules/widget/widget.model.php
+++ b/modules/widget/widget.model.php
@@ -263,7 +263,7 @@ function getWidgetInfo($widget)
 	 */
 	function getWidgetStyleInfo($widgetStyle)
 	{
-		$widget = escape($widgetStyle);
+		$widgetStyle = preg_replace('/[^a-zA-Z0-9-_]/', '', $widgetStyle);
 		$widgetStyle_path = $this->getWidgetStylePath($widgetStyle);
 		if(!$widgetStyle_path) return;
 		$xml_file = sprintf("%sskin.xml", $widgetStyle_path);