X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=inc%2Fstylesheet.php;h=10341b96e8652fcb0e7832a3922b69beca7866dd;hb=524c58a61b0a074fed8d7c9dc2f9ddab7f653595;hp=17572429a25e349180352895c422a46b8ac4a8b3;hpb=c3822adad779fbfc5650f2a50880765375578200;p=mailer.git

diff --git a/inc/stylesheet.php b/inc/stylesheet.php
index 17572429a2..10341b96e8 100644
--- a/inc/stylesheet.php
+++ b/inc/stylesheet.php
@@ -32,8 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
@@ -50,11 +49,9 @@ if ((basename($_SERVER['PHP_SELF']) == "install.php") || (!isBooleanConstantAndT
 if (empty($_CONFIG['css_php'])) $_CONFIG['css_php'] = "FILE";
 
 // Output CSS files or content or link to css.php ?
-if (($CSS == "1") || ($_CONFIG['css_php'] == "DIRECT"))
-{
+if (($CSS == "1") || ($_CONFIG['css_php'] == "DIRECT")) {
 	// Load CSS files
-	if (is_array($EXT_CSS_FILES))
-	{
+	if (is_array($EXT_CSS_FILES)) {
 		// Load extension's CSS files
 		foreach ($EXT_CSS_FILES as $value) $STYLES[] = $value;
 	}
@@ -65,20 +62,19 @@ if (($CSS == "1") || ($_CONFIG['css_php'] == "DIRECT"))
 		function GET_CURR_THEME () {
 			return "default";
 		}
-	}
+	} // END - if
 
 	// Output inclusion lines
-	foreach ($STYLES as $value)
-	{
+	foreach ($STYLES as $value) {
 		// Only include found CSS files (to reduce 404 requests)
 		$BASE = sprintf("%stheme/%s/css/", PATH, GET_CURR_THEME());
 		$file = $BASE.$value;
 
 		// Do include only existing files and whose are not empty
-		if ((file_exists($file)) && (filesize($file) > 0)) {
+		if ((FILE_READABLE($file)) && (filesize($file) > 0)) {
 			switch ($_CONFIG['css_php']) {
 				case "DIRECT":
-					OUTPUT_HTML("<link rel=\"stylesheet\" type=\"text/css\" href=\"".URL."/".$BASE."\" />");
+					OUTPUT_HTML("<link rel=\"stylesheet\" type=\"text/css\" href=\"".URL."/theme/".GET_CURR_THEME()."/".$value."\" />");
 					break;
 
 				case "FILE":
@@ -94,8 +90,8 @@ if (($CSS == "1") || ($_CONFIG['css_php'] == "DIRECT"))
 	if (isBooleanConstantAndTrue('mxchange_installing')) {
 		// Default theme first
 		$NEW_THEME = "default";
-		if (!empty($_GET['theme'])) $NEW_THEME = $_GET['theme'];
-		if (!empty($_POST['theme'])) $NEW_THEME = $_POST['theme'];
+		if (!empty($_GET['theme'])) $NEW_THEME = SQL_ESCAPE($_GET['theme']);
+		if (!empty($_POST['theme'])) $NEW_THEME = SQL_ESCAPE($_POST['theme']);
 		OUTPUT_HTML("?theme=".$NEW_THEME."&amp;installing=1", false);
 	}
 	OUTPUT_HTML("\" />");