diff --git a/includes/galleryfunctions.php b/includes/galleryfunctions.php
index 2ce398c..32179c5 100644
--- a/includes/galleryfunctions.php
+++ b/includes/galleryfunctions.php
@@ -46,7 +46,13 @@ if (array_key_exists('logfile', $configuration)) {
 }
 
 require_once('theme.class.php');
-$theme = new Theme($configuration['defaulttheme']);
+
+if (array_key_exists('theme', $_GET) &&
+    preg_match('/^[a-zA-Z0-9_-]+$/', $_GET['theme'])) {
+  $theme = new Theme($_GET['theme']);
+} else {
+  $theme = new Theme($configuration['defaulttheme']);
+}
 
 /**
  * Breite der Vorschaubilder.
diff --git a/includes/theme.class.php b/includes/theme.class.php
index 67b2be7..6617f3c 100644
--- a/includes/theme.class.php
+++ b/includes/theme.class.php
@@ -64,9 +64,12 @@ class Theme {
    * @param string $name the directory name of the theme
    */
   function __construct($name) {
-    $themeconfig = parse_ini_file(
-      realpath(implode(DIRECTORY_SEPARATOR,
-        array('themes', $name, 'theme.ini'))));
+    $themeini = realpath(implode(DIRECTORY_SEPARATOR,
+      array('themes', $name, 'theme.ini')));
+    if (!$themeini) {
+      die("invalid theme $name");
+    }
+    $themeconfig = parse_ini_file($themeini);
     $this->name = $name;
     $this->themetype = $themeconfig['themetype'];
     $this->previewsize = intval($themeconfig['previewsize']);