Fixed css.php user variable checking


Active member
css.php doesn't check user variables' data types, so passing an array for example will cause a (harmless) error. This shouldn't happen under normal usage, and doesn't appear to have any potential security concern so long as the error is caught, however, some functions may return unexpected values because they don't throw an error.

Example: css.php?dir[]=test
ErrorException: strtoupper() expects parameter 1 to be string, array given - library/XenForo/CssOutput.php:97

The "style" and "d" params don't throw an error from an array being passed because intval accepts arrays and returns 0 if empty and 1 if not. The "css" param also doesn't throw an error, as strval will return "Array" if an array is passed.