From 1ad1f9517f91875875f2e062bda7d834827c3430 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sun, 8 Aug 2010 17:29:22 -0700 Subject: Fix for ticket #1279. In admin themes sanitize the theme name before checking that theme.info exists. --- modules/gallery/helpers/theme.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/theme.php b/modules/gallery/helpers/theme.php index 3589a5b7..9df3eaf2 100644 --- a/modules/gallery/helpers/theme.php +++ b/modules/gallery/helpers/theme.php @@ -111,7 +111,7 @@ class theme_Core { } static function get_info($theme_name) { - $theme_name = preg_replace("/[^\w]/", "", $theme_name); + $theme_name = preg_replace("/[^a-zA-Z0-9\._-]/", "", $theme_name); $file = THEMEPATH . "$theme_name/theme.info"; $theme_info = new ArrayObject(parse_ini_file($file), ArrayObject::ARRAY_AS_PROPS); $theme_info->description = t($theme_info->description); -- cgit v1.2.3