diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-08-13 15:13:05 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-08-13 15:13:05 +0000 |
| commit | bfa3b629e0d67016ec83050c5db762479af40609 (patch) | |
| tree | 4c9ae204172d0fad3ae056ccc65ffe9ea91134d2 /wp-includes/theme.php | |
| parent | 7258ea2d7eeedb439607b72a1f74dee98e4b9d12 (diff) | |
| download | wordpress-mu-bfa3b629e0d67016ec83050c5db762479af40609.tar.gz wordpress-mu-bfa3b629e0d67016ec83050c5db762479af40609.tar.xz wordpress-mu-bfa3b629e0d67016ec83050c5db762479af40609.zip | |
Merge with WP revision 8635
git-svn-id: http://svn.automattic.com/wordpress-mu/branches/2.6@1421 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-includes/theme.php')
| -rw-r--r-- | wp-includes/theme.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/wp-includes/theme.php b/wp-includes/theme.php index 6376075..2ed7335 100644 --- a/wp-includes/theme.php +++ b/wp-includes/theme.php @@ -486,12 +486,17 @@ function preview_theme() { if ( !current_user_can( 'switch_themes' ) ) return; - $_GET[template] = preg_replace('|[^a-z0-9_-]|i', '', $_GET[template]); + $_GET[template] = preg_replace('|[^a-z0-9_.-]|i', '', $_GET[template]); + + if ( validate_file($_GET[template]) ) + return; add_filter('template', create_function('', "return '$_GET[template]';") ); if ( isset($_GET['stylesheet']) ) { - $_GET[stylesheet] = preg_replace('|[^a-z0-9_-]|i', '', $_GET[stylesheet]); + $_GET[stylesheet] = preg_replace('|[^a-z0-9_.-]|i', '', $_GET[stylesheet]); + if ( validate_file($_GET[stylesheet]) ) + return; add_filter('stylesheet', create_function('', "return '$_GET[stylesheet]';") ); } |