// Load all themes
while ($content = SQL_FETCHARRAY($result)) {
// Construct relative include file name
- $inc = sprintf("theme/%s/theme.php", SQL_ESCAPE($content['theme_path']));
+ $inc = sprintf("theme/%s/theme.php", secureString($content['theme_path']));
// Load it's theme.php file if found
if (isIncludeReadable($inc)) {