Archived
1
0
Fork 0

add support for a theme request parameter (fixes #51)

* includes/galleryfunctions.php:
  - check for request parameter theme and whether it matches an
    allowed directory name
 * includes/theme.class.php:
  - die if the theme cannot be initialized properly
This commit is contained in:
Jan Dittberner 2009-07-11 15:13:48 +00:00
parent ded7232146
commit 5be4c55b97
2 changed files with 13 additions and 4 deletions

View file

@ -46,7 +46,13 @@ if (array_key_exists('logfile', $configuration)) {
} }
require_once('theme.class.php'); require_once('theme.class.php');
$theme = new Theme($configuration['defaulttheme']);
if (array_key_exists('theme', $_GET) &&
preg_match('/^[a-zA-Z0-9_-]+$/', $_GET['theme'])) {
$theme = new Theme($_GET['theme']);
} else {
$theme = new Theme($configuration['defaulttheme']);
}
/** /**
* Breite der Vorschaubilder. * Breite der Vorschaubilder.

View file

@ -64,9 +64,12 @@ class Theme {
* @param string $name the directory name of the theme * @param string $name the directory name of the theme
*/ */
function __construct($name) { function __construct($name) {
$themeconfig = parse_ini_file( $themeini = realpath(implode(DIRECTORY_SEPARATOR,
realpath(implode(DIRECTORY_SEPARATOR, array('themes', $name, 'theme.ini')));
array('themes', $name, 'theme.ini')))); if (!$themeini) {
die("invalid theme $name");
}
$themeconfig = parse_ini_file($themeini);
$this->name = $name; $this->name = $name;
$this->themetype = $themeconfig['themetype']; $this->themetype = $themeconfig['themetype'];
$this->previewsize = intval($themeconfig['previewsize']); $this->previewsize = intval($themeconfig['previewsize']);