aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2012-04-07 21:04:56 +0000
committerplegall <plg@piwigo.org>2012-04-07 21:04:56 +0000
commite40bcacc3eb84016a10ca23f928ec3efbbff822d (patch)
tree80a239240e1b301af28ff64275ee9eaa989e73d1
parent4a4fc8ccb7edd2caabf9fdba8d4f571e25b128a3 (diff)
bug 2613 fixed: on the theme configuration screen, make sure the
$_GET['theme'] is a theme id already installed. git-svn-id: http://piwigo.org/svn/branches/2.3@13959 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--admin/theme.php7
1 files changed, 7 insertions, 0 deletions
diff --git a/admin/theme.php b/admin/theme.php
index 3e641bf12..2771b728d 100644
--- a/admin/theme.php
+++ b/admin/theme.php
@@ -34,6 +34,13 @@ if (empty($_GET['theme']))
die('Invalid theme URL');
}
+include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php');
+$themes = new themes();
+if (!in_array($_GET['theme'], array_keys($themes->fs_themes)))
+{
+ die('Invalid theme');
+}
+
$filename = PHPWG_THEMES_PATH.$_GET['theme'].'/admin/admin.inc.php';
if (is_file($filename))
{