diff options
author | plegall <plg@piwigo.org> | 2012-04-07 21:04:56 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2012-04-07 21:04:56 +0000 |
commit | e40bcacc3eb84016a10ca23f928ec3efbbff822d (patch) | |
tree | 80a239240e1b301af28ff64275ee9eaa989e73d1 | |
parent | 4a4fc8ccb7edd2caabf9fdba8d4f571e25b128a3 (diff) |
bug 2613 fixed: on the theme configuration screen, make sure the
$_GET['theme'] is a theme id already installed.
git-svn-id: http://piwigo.org/svn/branches/2.3@13959 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r-- | admin/theme.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/admin/theme.php b/admin/theme.php index 3e641bf12..2771b728d 100644 --- a/admin/theme.php +++ b/admin/theme.php @@ -34,6 +34,13 @@ if (empty($_GET['theme'])) die('Invalid theme URL'); } +include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php'); +$themes = new themes(); +if (!in_array($_GET['theme'], array_keys($themes->fs_themes))) +{ + die('Invalid theme'); +} + $filename = PHPWG_THEMES_PATH.$_GET['theme'].'/admin/admin.inc.php'; if (is_file($filename)) { |