X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=inc%2Ftheme-manager.php;h=c188a19663ec6eddfa515822c669825101e61147;hb=60494e212a67fe360bfbb481eb4928480a6f379b;hp=8e573ff37a9ec21f537447c6b2cd18a3e1c9dce8;hpb=75ad748a68473ace540251427a74fb781b1145e9;p=mailer.git

diff --git a/inc/theme-manager.php b/inc/theme-manager.php
index 8e573ff37a..c188a19663 100644
--- a/inc/theme-manager.php
+++ b/inc/theme-manager.php
@@ -39,44 +39,38 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 }
 
 //
-function GET_CURR_THEME()
-{
-	global $_COOKIE, $INC_POOL, $CONFIG, $_GET, $_POST, $CSS;
+function GET_CURR_THEME() {
+	global $INC_POOL, $_CONFIG, $CSS;
+
 	// The default theme is 'default'... ;-)
 	$ret = "default";
 
 	// Load default theme if not empty from configuration
-	if (!empty($CONFIG['default_theme'])) $ret = $CONFIG['default_theme'];
+	if (!empty($_CONFIG['default_theme'])) $ret = $_CONFIG['default_theme'];
 
-	if (empty($_COOKIE['mxchange_theme']))
-	{
+	if (empty($_COOKIE['mxchange_theme'])) {
 		// Set default theme
 		@setcookie("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);
-	}
-	 elseif ((!empty($_COOKIE['mxchange_theme'])) && (GET_EXT_VERSION("sql_patches") >= "0.1.4"))
-	{
+	} elseif ((!empty($_COOKIE['mxchange_theme'])) && (GET_EXT_VERSION("sql_patches") >= "0.1.4")) {
 		// Get theme from cookie
 		$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' LIMIT 1", array($_COOKIE['mxchange_theme']), __FILE__, __LINE__);
-		if (SQL_NUMROWS($result) == 1)
-		{
+		if (SQL_NUMROWS($result) == 1) {
 			// Design is valid!
 			$ret = $_COOKIE['mxchange_theme'];
 		}
 
 		// Free memory
 		SQL_FREERESULT($result);
-	}
-	 elseif ((!mxchange_installed) && ((mxchange_installing) || ($CSS == true)) && ((!empty($_GET['theme'])) || (!empty($_POST['theme']))))
-	{
+	} elseif ((!mxchange_installed) && ((mxchange_installing) || ($CSS == true)) && ((!empty($_GET['theme'])) || (!empty($_POST['theme'])))) {
+		// Prepare FQFN for checking
+		$theme = sprintf("%stheme/%s/theme.php", PATH, $_GET['theme']);
+
 		// Installation mode active
-		if ((!empty($_GET['theme'])) && (file_exists(PATH."theme/".$_GET['theme']."/theme.php")))
-		{
+		if ((!empty($_GET['theme'])) && (file_exists($theme)) && (is_readable($theme))) {
 			// Set cookie from URL data
 			@setcookie("mxchange_theme", $_GET['theme'], (time() + 60*60*24*365), COOKIE_PATH);
 			$_COOKIE['mxchange_theme'] = $_GET['theme'];
-		}
-		 elseif (file_exists(PATH."theme/".$_POST['theme']."/theme.php"))
-		{
+		} elseif (file_exists(PATH."theme/".$_POST['theme']."/theme.php")) {
 			// Set cookie from posted data
 			@setcookie("mxchange_theme", $_POST['theme'], (time() + 60*60*24*365), COOKIE_PATH);
 			$_COOKIE['mxchange_theme'] = $_POST['theme'];
@@ -84,16 +78,16 @@ function GET_CURR_THEME()
 
 		// Set return value
 		$ret = $_COOKIE['mxchange_theme'];
-	}
-	 else
-	{
+	} else {
 		// Invalid design, reset cookie
 		@setcookie("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);
 	}
 
 	// Add (maybe) found theme.php file to inclusion list
-	$theme = PATH."theme/".$ret."/theme.php";
-	if (@file_exists($theme)) $INC_POOL[] = $theme;
+	$theme = sprintf("%stheme/%s/theme.php", PATH, SQL_ESCAPE($ret));
+
+	// Try to load the requested include file
+	if ((@file_exists($theme)) && (is_readable($theme))) $INC_POOL[] = $theme;
 
 	// Return theme value
 	return $ret;