- $file = PATH."theme/".$_POST['theme']."/theme.php";
- if (file_exists($file))
- {
- include($file);
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_themes (theme_path, theme_active, theme_ver)
-VALUES ('%s', 'N', '%s')",
- array($_POST['theme'], $THEME_VERSION), __FILE__, __LINE__);
- $msg = ADMIN_THEME_IMPORTED_1.$_POST['theme'].ADMIN_THEME_IMPORTED_2;
- }
- else
- {
+ $INC = sprintf("theme/%s/theme.php", SQL_ESCAPE(REQUEST_POST('theme')));
+ if (INCLUDE_READABLE($INC)) {
+ // Load the theme header file
+ LOAD_INC($INC);
+
+ // Register it ith the exchange
+ SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_themes` (`theme_path`,`theme_active`,`theme_ver`,`theme_name`)
+VALUES ('%s','N','%s','%s')",
+ array(REQUEST_POST('theme'), $GLOBALS['theme_data']['version'], $GLOBALS['theme_data']['name']), __FILE__, __LINE__);
+
+ // Destroy cache
+ rebuildCacheFiles("themes", "them");
+
+ // Prepare message
+ $msg = sprintf(getMessage('ADMIN_THEME_IMPORTED'), REQUEST_POST('theme'));
+ } else {