3 files changed, 21 insertions, 2 deletions

diff --git a/modules/gallery/libraries/Admin_View.php b/modules/gallery/libraries/Admin_View.php
index fcfe7aa2..66b8c20c 100644
--- a/modules/gallery/libraries/Admin_View.php
+++ b/modules/gallery/libraries/Admin_View.php
@@ -31,7 +31,12 @@ class Admin_View_Core extends Gallery_View {
 
     $this->theme_name = module::get_var("gallery", "active_admin_theme");
     if (identity::active_user()->admin) {
-      $this->theme_name = Input::instance()->get("theme", $this->theme_name);
+      $theme_name = Input::instance()->get("theme");
+      if ($theme_name &&
+          file_exists(THEMEPATH . $theme_name) &&
+          strpos(realpath(THEMEPATH . $theme_name), THEMEPATH) == 0) {
+        $this->theme_name = $theme_name;
+      }
     }
     $this->sidebar = "";
     $this->set_global(array("theme" => $this,
diff --git a/modules/gallery/libraries/IdentityProvider.php b/modules/gallery/libraries/IdentityProvider.php
index 66c68dad..c9e8688f 100644
--- a/modules/gallery/libraries/IdentityProvider.php
+++ b/modules/gallery/libraries/IdentityProvider.php
@@ -85,6 +85,10 @@ class IdentityProvider_Core {
         call_user_func("{$new_provider}_installer::initialize");
       }
 
+      if (!$provider->admin_user()) {
+        throw new Exception("IdentityProvider $new_provider: Couldn't find the admin user!");
+      }
+
       module::event("identity_provider_changed", $current_provider, $new_provider);
 
       identity::set_active_user($provider->admin_user());
@@ -100,7 +104,12 @@ class IdentityProvider_Core {
         // Make sure new provider is not in the database
         try {
           module::uninstall($new_provider);
+        } catch (Exception $e2) {
+          Kohana_Log::add("error", "Error uninstalling failed new provider\n" .
+                          $e2->getMessage() . "\n" . $e2->getTraceAsString());
+        }
 
+        try {
           // Lets reset to the current provider so that the gallery installation is still
           // working.
           module::set_var("gallery", "identity_provider", null);
diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php
index 031da6de..78b74cde 100644
--- a/modules/gallery/libraries/Theme_View.php
+++ b/modules/gallery/libraries/Theme_View.php
@@ -33,7 +33,12 @@ class Theme_View_Core extends Gallery_View {
 
     $this->theme_name = module::get_var("gallery", "active_site_theme");
     if (identity::active_user()->admin) {
-      $this->theme_name = Input::instance()->get("theme", $this->theme_name);
+      $theme_name = Input::instance()->get("theme");
+      if ($theme_name &&
+          file_exists(THEMEPATH . $theme_name) &&
+          strpos(realpath(THEMEPATH . $theme_name), THEMEPATH) == 0) {
+        $this->theme_name = $theme_name;
+      }
     }
     $this->item = null;
     $this->tag = null;