From 5be4c55b97ebeb94e42fa05af7279b06fda81caf Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Sat, 11 Jul 2009 15:13:48 +0000 Subject: [PATCH] add support for a theme request parameter (fixes #51) * includes/galleryfunctions.php: - check for request parameter theme and whether it matches an allowed directory name * includes/theme.class.php: - die if the theme cannot be initialized properly --- includes/galleryfunctions.php | 8 +++++++- includes/theme.class.php | 9 ++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/includes/galleryfunctions.php b/includes/galleryfunctions.php index 2ce398c..32179c5 100644 --- a/includes/galleryfunctions.php +++ b/includes/galleryfunctions.php @@ -46,7 +46,13 @@ if (array_key_exists('logfile', $configuration)) { } require_once('theme.class.php'); -$theme = new Theme($configuration['defaulttheme']); + +if (array_key_exists('theme', $_GET) && + preg_match('/^[a-zA-Z0-9_-]+$/', $_GET['theme'])) { + $theme = new Theme($_GET['theme']); +} else { + $theme = new Theme($configuration['defaulttheme']); +} /** * Breite der Vorschaubilder. diff --git a/includes/theme.class.php b/includes/theme.class.php index 67b2be7..6617f3c 100644 --- a/includes/theme.class.php +++ b/includes/theme.class.php @@ -64,9 +64,12 @@ class Theme { * @param string $name the directory name of the theme */ function __construct($name) { - $themeconfig = parse_ini_file( - realpath(implode(DIRECTORY_SEPARATOR, - array('themes', $name, 'theme.ini')))); + $themeini = realpath(implode(DIRECTORY_SEPARATOR, + array('themes', $name, 'theme.ini'))); + if (!$themeini) { + die("invalid theme $name"); + } + $themeconfig = parse_ini_file($themeini); $this->name = $name; $this->themetype = $themeconfig['themetype']; $this->previewsize = intval($themeconfig['previewsize']);