From 34ac1a466d1ad9e1ba23bf9b7265c6b2b2376ad9 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 11 May 2012 15:12:30 -0700
Subject: Verify that theme names are well formed.  Fixes #1856.

---
 modules/gallery/libraries/Theme_View.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'modules/gallery/libraries/Theme_View.php')

diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php
index 031da6de..78b74cde 100644
--- a/modules/gallery/libraries/Theme_View.php
+++ b/modules/gallery/libraries/Theme_View.php
@@ -33,7 +33,12 @@ class Theme_View_Core extends Gallery_View {
 
     $this->theme_name = module::get_var("gallery", "active_site_theme");
     if (identity::active_user()->admin) {
-      $this->theme_name = Input::instance()->get("theme", $this->theme_name);
+      $theme_name = Input::instance()->get("theme");
+      if ($theme_name &&
+          file_exists(THEMEPATH . $theme_name) &&
+          strpos(realpath(THEMEPATH . $theme_name), THEMEPATH) == 0) {
+        $this->theme_name = $theme_name;
+      }
     }
     $this->item = null;
     $this->tag = null;
-- 
cgit v1.2.3