add support for a theme request parameter (fixes #51)

* includes/galleryfunctions.php: - check for request parameter theme and whether it matches an allowed directory name * includes/theme.class.php: - die if the theme cannot be initialized properly
2009-07-11 15:13:48 +00:00 · 2009-07-11 15:13:48 +00:00 · 5be4c55b97
commit 5be4c55b97
parent ded7232146
2 changed files with 13 additions and 4 deletions
--- a/includes/galleryfunctions.php
+++ b/includes/galleryfunctions.php
@ -46,7 +46,13 @@ if (array_key_exists('logfile', $configuration)) {
 }

 require_once('theme.class.php');
+
+if (array_key_exists('theme', $_GET) &&
+    preg_match('/^[a-zA-Z0-9_-]+$/', $_GET['theme'])) {
+  $theme = new Theme($_GET['theme']);
+} else {
  $theme = new Theme($configuration['defaulttheme']);
+}

 /**
 * Breite der Vorschaubilder.
--- a/includes/theme.class.php
+++ b/includes/theme.class.php
@ -64,9 +64,12 @@ class Theme {
   * @param string $name the directory name of the theme
   */
  function __construct($name) {
-    $themeconfig = parse_ini_file(
-      realpath(implode(DIRECTORY_SEPARATOR,
-        array('themes', $name, 'theme.ini'))));
+    $themeini = realpath(implode(DIRECTORY_SEPARATOR,
+      array('themes', $name, 'theme.ini')));
+    if (!$themeini) {
+      die("invalid theme $name");
+    }
+    $themeconfig = parse_ini_file($themeini);
    $this->name = $name;
    $this->themetype = $themeconfig['themetype'];
    $this->previewsize = intval($themeconfig['previewsize']);