- if (!empty($_GET['theme'])) $NEW_THEME = $_GET['theme'];
- if (!empty($_POST['theme'])) $NEW_THEME = $_POST['theme'];
- OUTPUT_HTML ("?theme=".$NEW_THEME."&installing=1", false);
+ if (!empty($_GET['theme'])) $NEW_THEME = SQL_ESCAPE($_GET['theme']);
+ if (!empty($_POST['theme'])) $NEW_THEME = SQL_ESCAPE($_POST['theme']);
+ OUTPUT_HTML("?theme=".$NEW_THEME."&installing=1", false);