diff options
Diffstat (limited to 'wp-includes/theme.php')
| -rw-r--r-- | wp-includes/theme.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/wp-includes/theme.php b/wp-includes/theme.php index 6376075..2ed7335 100644 --- a/wp-includes/theme.php +++ b/wp-includes/theme.php @@ -486,12 +486,17 @@ function preview_theme() { if ( !current_user_can( 'switch_themes' ) ) return; - $_GET[template] = preg_replace('|[^a-z0-9_-]|i', '', $_GET[template]); + $_GET[template] = preg_replace('|[^a-z0-9_.-]|i', '', $_GET[template]); + + if ( validate_file($_GET[template]) ) + return; add_filter('template', create_function('', "return '$_GET[template]';") ); if ( isset($_GET['stylesheet']) ) { - $_GET[stylesheet] = preg_replace('|[^a-z0-9_-]|i', '', $_GET[stylesheet]); + $_GET[stylesheet] = preg_replace('|[^a-z0-9_.-]|i', '', $_GET[stylesheet]); + if ( validate_file($_GET[stylesheet]) ) + return; add_filter('stylesheet', create_function('', "return '$_GET[stylesheet]';") ); } |