--- html/style.php	2005-04-15 09:17:23.000000000 -0500
+++ html/style.php-new	2005-04-15 09:15:13.000000000 -0500
@@ -25,6 +25,10 @@
 
 /* get style info */
 $style = $_GET['style'];
+$style = basename($_GET['style']);
+if(substr($style, -4) != '.css') {
+       $style = 'default.css';
+}
 $style_sheet = implode("\n", file('../themes/'.$style));
 if (isset($_GET['size'])) {
     $n_size = intval($_GET['size']);