diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2010-08-08 17:29:22 -0700 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2010-08-08 17:29:22 -0700 |
| commit | 1ad1f9517f91875875f2e062bda7d834827c3430 (patch) | |
| tree | c544ea44066358e652767a27bc4a3e5effad2312 | |
| parent | cc43c37a1c71c54d03979489ee7f1d5884a648af (diff) | |
Fix for ticket #1279. In admin themes sanitize the theme name before checking that theme.info exists.
| -rw-r--r-- | modules/gallery/controllers/admin_themes.php | 7 | ||||
| -rw-r--r-- | modules/gallery/helpers/theme.php | 2 |
2 files changed, 5 insertions, 4 deletions
diff --git a/modules/gallery/controllers/admin_themes.php b/modules/gallery/controllers/admin_themes.php index e59eadaf..a88e1e89 100644 --- a/modules/gallery/controllers/admin_themes.php +++ b/modules/gallery/controllers/admin_themes.php @@ -31,10 +31,11 @@ class Admin_Themes_Controller extends Admin_Controller { private function _get_themes() { $themes = array(); foreach (scandir(THEMEPATH) as $theme_name) { + if ($theme_name[0] == ".") { + continue; + } + $theme_name = preg_replace("/[^a-zA-Z0-9\._-]/", "", $theme_name); if (file_exists(THEMEPATH . "$theme_name/theme.info")) { - if ($theme_name[0] == ".") { - continue; - } $themes[$theme_name] = theme::get_info($theme_name); } diff --git a/modules/gallery/helpers/theme.php b/modules/gallery/helpers/theme.php index 3589a5b7..9df3eaf2 100644 --- a/modules/gallery/helpers/theme.php +++ b/modules/gallery/helpers/theme.php @@ -111,7 +111,7 @@ class theme_Core { } static function get_info($theme_name) { - $theme_name = preg_replace("/[^\w]/", "", $theme_name); + $theme_name = preg_replace("/[^a-zA-Z0-9\._-]/", "", $theme_name); $file = THEMEPATH . "$theme_name/theme.info"; $theme_info = new ArrayObject(parse_ini_file($file), ArrayObject::ARRAY_AS_PROPS); $theme_info->description = t($theme_info->description); |