From 641e6a294b4bad7f4e226946c14df2633ae1c6d8 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Sat, 7 Apr 2012 21:05:42 +0000
Subject: merge r13959 from branch 2.3 to trunk

bug 2613 fixed: on the theme configuration screen, make sure the
$_GET['theme'] is a theme id already installed.



git-svn-id: http://piwigo.org/svn/trunk@13960 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/theme.php | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'admin/theme.php')

diff --git a/admin/theme.php b/admin/theme.php
index 9fda1162a..69dc5ab9a 100644
--- a/admin/theme.php
+++ b/admin/theme.php
@@ -34,6 +34,13 @@ if (empty($_GET['theme']))
   die('Invalid theme URL');
 }
 
+include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php');
+$themes = new themes();
+if (!in_array($_GET['theme'], array_keys($themes->fs_themes)))
+{
+  die('Invalid theme');
+}
+
 $filename = PHPWG_THEMES_PATH.$_GET['theme'].'/admin/admin.inc.php';
 if (is_file($filename))
 {
-- 
cgit v1.2.3