}
//
-function GET_CURR_THEME()
-{
- global $_COOKIE, $INC_POOL, $CONFIG, $_GET, $_POST, $CSS;
+function GET_CURR_THEME() {
+ global $INC_POOL, $_CONFIG, $CSS;
+
// The default theme is 'default'... ;-)
$ret = "default";
// Load default theme if not empty from configuration
- if (!empty($CONFIG['default_theme'])) $ret = $CONFIG['default_theme'];
+ if (!empty($_CONFIG['default_theme'])) $ret = $_CONFIG['default_theme'];
- if (empty($_COOKIE['mxchange_theme']))
- {
+ if (empty($_COOKIE['mxchange_theme'])) {
// Set default theme
@setcookie("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);
- }
- elseif ((!empty($_COOKIE['mxchange_theme'])) && (GET_EXT_VERSION("sql_patches") >= "0.1.4"))
- {
+ } elseif ((!empty($_COOKIE['mxchange_theme'])) && (GET_EXT_VERSION("sql_patches") >= "0.1.4")) {
// Get theme from cookie
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' LIMIT 1", array($_COOKIE['mxchange_theme']), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ if (SQL_NUMROWS($result) == 1) {
// Design is valid!
$ret = $_COOKIE['mxchange_theme'];
}
// Free memory
SQL_FREERESULT($result);
- }
- elseif ((!mxchange_installed) && ((mxchange_installing) || ($CSS == true)) && ((!empty($_GET['theme'])) || (!empty($_POST['theme']))))
- {
+ } elseif ((!mxchange_installed) && ((mxchange_installing) || ($CSS == true)) && ((!empty($_GET['theme'])) || (!empty($_POST['theme'])))) {
+ // Prepare FQFN for checking
+ $theme = sprintf("%stheme/%s/theme.php", PATH, $_GET['theme']);
+
// Installation mode active
- if ((!empty($_GET['theme'])) && (file_exists(PATH."theme/".$_GET['theme']."/theme.php")))
- {
+ if ((!empty($_GET['theme'])) && (file_exists($theme)) && (is_readable($theme))) {
// Set cookie from URL data
@setcookie("mxchange_theme", $_GET['theme'], (time() + 60*60*24*365), COOKIE_PATH);
$_COOKIE['mxchange_theme'] = $_GET['theme'];
- }
- elseif (file_exists(PATH."theme/".$_POST['theme']."/theme.php"))
- {
+ } elseif (file_exists(PATH."theme/".$_POST['theme']."/theme.php")) {
// Set cookie from posted data
@setcookie("mxchange_theme", $_POST['theme'], (time() + 60*60*24*365), COOKIE_PATH);
$_COOKIE['mxchange_theme'] = $_POST['theme'];
// Set return value
$ret = $_COOKIE['mxchange_theme'];
- }
- else
- {
+ } else {
// Invalid design, reset cookie
@setcookie("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);
}
// Add (maybe) found theme.php file to inclusion list
- $theme = PATH."theme/".$ret."/theme.php";
- if (@file_exists($theme)) $INC_POOL[] = $theme;
+ $theme = sprintf("%stheme/%s/theme.php", PATH, SQL_ESCAPE($ret));
+
+ // Try to load the requested include file
+ if ((@file_exists($theme)) && (is_readable($theme))) $INC_POOL[] = $theme;
// Return theme value
return $ret;