add support for a theme request parameter (fixes #51)

* includes/galleryfunctions.php:
  - check for request parameter theme and whether it matches an
    allowed directory name
 * includes/theme.class.php:
  - die if the theme cannot be initialized properly

includes/galleryfunctions.php

@@ -46,7 +46,13 @@ if (array_key_exists('logfile', $configuration)) {
 }
 
 require_once('theme.class.php');
-$theme = new Theme($configuration['defaulttheme']);
+
+if (array_key_exists('theme', $_GET) &&
+    preg_match('/^[a-zA-Z0-9_-]+$/', $_GET['theme'])) {
+  $theme = new Theme($_GET['theme']);
+} else {
+  $theme = new Theme($configuration['defaulttheme']);
+}
 
 /**
  * Breite der Vorschaubilder.

includes/theme.class.php

@@ -64,9 +64,12 @@ class Theme {
    * @param string $name the directory name of the theme
    */
   function __construct($name) {
-    $themeconfig = parse_ini_file(
+    $themeini = realpath(implode(DIRECTORY_SEPARATOR,
-      realpath(implode(DIRECTORY_SEPARATOR,
+      array('themes', $name, 'theme.ini')));
-        array('themes', $name, 'theme.ini'))));
+    if (!$themeini) {
+      die("invalid theme $name");
+    }
+    $themeconfig = parse_ini_file($themeini);
     $this->name = $name;
     $this->themetype = $themeconfig['themetype'];
     $this->previewsize = intval($themeconfig['previewsize']);