diff options
| author | plegall <plg@piwigo.org> | 2012-04-07 21:05:42 +0000 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2012-04-07 21:05:42 +0000 |
| commit | 641e6a294b4bad7f4e226946c14df2633ae1c6d8 (patch) | |
| tree | d49e45facf2b7b96dc69283dbdc9ba980c6dd95d | |
| parent | d2c7671d931c0e1eb12437924d1b37590a6185ee (diff) | |
merge r13959 from branch 2.3 to trunk
bug 2613 fixed: on the theme configuration screen, make sure the
$_GET['theme'] is a theme id already installed.
git-svn-id: http://piwigo.org/svn/trunk@13960 68402e56-0260-453c-a942-63ccdbb3a9ee
| -rw-r--r-- | admin/theme.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/admin/theme.php b/admin/theme.php index 9fda1162a..69dc5ab9a 100644 --- a/admin/theme.php +++ b/admin/theme.php @@ -34,6 +34,13 @@ if (empty($_GET['theme'])) die('Invalid theme URL'); } +include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php'); +$themes = new themes(); +if (!in_array($_GET['theme'], array_keys($themes->fs_themes))) +{ + die('Invalid theme'); +} + $filename = PHPWG_THEMES_PATH.$_GET['theme'].'/admin/admin.inc.php'; if (is_file($filename)) { |