- $file = PATH."theme/".$_POST['theme']."/theme.php";
- if (file_exists($file))
- {
- include($file);
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_themes (theme_path, theme_active, theme_ver)
-VALUES ('%s', 'N', '%s')",
- array($_POST['theme'], $THEME_VERSION), __FILE__, __LINE__);
- $msg = ADMIN_THEME_IMPORTED_1.$_POST['theme'].ADMIN_THEME_IMPORTED_2;
- }
- else
- {
+ $inc = sprintf("theme/%s/theme.php", SQL_ESCAPE(postRequestParameter('theme')));
+
+ // Is the theme readable?
+ if (isIncludeReadable($inc)) {
+ // Load the theme header file
+ loadInclude($inc);
+
+ // Register it ith the exchange
+ SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_themes` (`theme_path`,`theme_active`,`theme_ver`,`theme_name`)
+VALUES ('%s','N','%s','%s')",
+ array(
+ postRequestParameter('theme'),
+ $GLOBALS['theme_data']['version'],
+ $GLOBALS['theme_data']['name']
+ ), __FILE__, __LINE__);
+
+ // Destroy cache
+ rebuildCache('themes', 'them');
+
+ // Prepare message
+ $message = getMaskedMessage('ADMIN_THEME_IMPORTED', postRequestParameter('theme'));
+ } else {