wernis extension is now alpha code (only listing in admin area is missing), naming...

[mailer.git] / inc / theme-manager.php
diff --git a/inc/theme-manager.php b/inc/theme-manager.php

index 8e573ff37a9ec21f537447c6b2cd18a3e1c9dce8..c188a19663ec6eddfa515822c669825101e61147 100644 (file)
--- a/inc/theme-manager.php
+++ b/inc/theme-manager.php
@@ -39,44 +39,38 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
  }
  
  //
-function GET_CURR_THEME()
-{
-       global $_COOKIE, $INC_POOL, $CONFIG, $_GET, $_POST, $CSS;
+function GET_CURR_THEME() {
+       global $INC_POOL, $_CONFIG, $CSS;
+
         // The default theme is 'default'... ;-)
         $ret = "default";
  
         // Load default theme if not empty from configuration
-       if (!empty($CONFIG['default_theme'])) $ret = $CONFIG['default_theme'];
+       if (!empty($_CONFIG['default_theme'])) $ret = $_CONFIG['default_theme'];
  
-       if (empty($_COOKIE['mxchange_theme']))
-       {
+       if (empty($_COOKIE['mxchange_theme'])) {
                 // Set default theme
                 @setcookie("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);
-       }
-        elseif ((!empty($_COOKIE['mxchange_theme'])) && (GET_EXT_VERSION("sql_patches") >= "0.1.4"))
-       {
+       } elseif ((!empty($_COOKIE['mxchange_theme'])) && (GET_EXT_VERSION("sql_patches") >= "0.1.4")) {
                 // Get theme from cookie
                 $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' LIMIT 1", array($_COOKIE['mxchange_theme']), __FILE__, __LINE__);
-               if (SQL_NUMROWS($result) == 1)
-               {
+               if (SQL_NUMROWS($result) == 1) {
                         // Design is valid!
                         $ret = $_COOKIE['mxchange_theme'];
                 }
  
                 // Free memory
                 SQL_FREERESULT($result);
-       }
-        elseif ((!mxchange_installed) && ((mxchange_installing) || ($CSS == true)) && ((!empty($_GET['theme'])) || (!empty($_POST['theme']))))
-       {
+       } elseif ((!mxchange_installed) && ((mxchange_installing) || ($CSS == true)) && ((!empty($_GET['theme'])) || (!empty($_POST['theme'])))) {
+               // Prepare FQFN for checking
+               $theme = sprintf("%stheme/%s/theme.php", PATH, $_GET['theme']);
+
                 // Installation mode active
-               if ((!empty($_GET['theme'])) && (file_exists(PATH."theme/".$_GET['theme']."/theme.php")))
-               {
+               if ((!empty($_GET['theme'])) && (file_exists($theme)) && (is_readable($theme))) {
                         // Set cookie from URL data
                         @setcookie("mxchange_theme", $_GET['theme'], (time() + 60*60*24*365), COOKIE_PATH);
                         $_COOKIE['mxchange_theme'] = $_GET['theme'];
-               }
-                elseif (file_exists(PATH."theme/".$_POST['theme']."/theme.php"))
-               {
+               } elseif (file_exists(PATH."theme/".$_POST['theme']."/theme.php")) {
                         // Set cookie from posted data
                         @setcookie("mxchange_theme", $_POST['theme'], (time() + 60*60*24*365), COOKIE_PATH);
                         $_COOKIE['mxchange_theme'] = $_POST['theme'];
@@ -84,16 +78,16 @@ function GET_CURR_THEME()
  
                 // Set return value
                 $ret = $_COOKIE['mxchange_theme'];
-       }
-        else
-       {
+       } else {
                 // Invalid design, reset cookie
                 @setcookie("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);
         }
  
         // Add (maybe) found theme.php file to inclusion list
-       $theme = PATH."theme/".$ret."/theme.php";
-       if (@file_exists($theme)) $INC_POOL[] = $theme;
+       $theme = sprintf("%stheme/%s/theme.php", PATH, SQL_ESCAPE($ret));
+
+       // Try to load the requested include file
+       if ((@file_exists($theme)) && (is_readable($theme))) $INC_POOL[] = $theme;
  
         // Return theme value
         return $ret;