diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2010-08-08 17:29:22 -0700 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2010-08-08 17:29:22 -0700 |
| commit | 1ad1f9517f91875875f2e062bda7d834827c3430 (patch) | |
| tree | c544ea44066358e652767a27bc4a3e5effad2312 /modules/gallery/controllers/admin_themes.php | |
| parent | cc43c37a1c71c54d03979489ee7f1d5884a648af (diff) | |
Fix for ticket #1279. In admin themes sanitize the theme name before checking that theme.info exists.
Diffstat (limited to 'modules/gallery/controllers/admin_themes.php')
| -rw-r--r-- | modules/gallery/controllers/admin_themes.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/modules/gallery/controllers/admin_themes.php b/modules/gallery/controllers/admin_themes.php index e59eadaf..a88e1e89 100644 --- a/modules/gallery/controllers/admin_themes.php +++ b/modules/gallery/controllers/admin_themes.php @@ -31,10 +31,11 @@ class Admin_Themes_Controller extends Admin_Controller { private function _get_themes() { $themes = array(); foreach (scandir(THEMEPATH) as $theme_name) { + if ($theme_name[0] == ".") { + continue; + } + $theme_name = preg_replace("/[^a-zA-Z0-9\._-]/", "", $theme_name); if (file_exists(THEMEPATH . "$theme_name/theme.info")) { - if ($theme_name[0] == ".") { - continue; - } $themes[$theme_name] = theme::get_info($theme_name); } |