- $NEW_THEME = "default";
- if (!empty($_GET['theme'])) $NEW_THEME = $_GET['theme'];
- if (!empty($_POST['theme'])) $NEW_THEME = $_POST['theme'];
- OUTPUT_HTML("?theme=".$NEW_THEME."&installing=1", false);
- }
- OUTPUT_HTML("\">");
+ $newTheme = 'default';
+ if (REQUEST_ISSET_GET('theme')) $newTheme = REQUEST_GET('theme');
+ if (REQUEST_ISSET_POST('theme')) $newTheme = SQL_ESCAPE(REQUEST_POST('theme'));
+ OUTPUT_HTML('?theme=' . $newTheme . '&installing=1', false);
+ } // END - if
+ OUTPUT_HTML('" />');