Ticket #9244: theme-preview-bug.diff

Index: wp-includes/theme.php
===================================================================
--- wp-includes/theme.php       (revision 10669)
+++ wp-includes/theme.php       (working copy)
@@ -849,7 +849,7 @@
        if ( !current_user_can( 'switch_themes' ) )
                return;
 
-       $_GET['template'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['template']);
+       $_GET['template'] = preg_replace('|[^a-z0-9_.\-/]|i', '', $_GET['template']);
 
        if ( validate_file($_GET['template']) )
                return;
@@ -857,7 +857,7 @@
        add_filter('template', create_function('', "return '{$_GET['template']}';") );
 
        if ( isset($_GET['stylesheet']) ) {
-               $_GET['stylesheet'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['stylesheet']);
+               $_GET['stylesheet'] = preg_replace('|[^a-z0-9_.\-/]|i', '', $_GET['stylesheet']);
                if ( validate_file($_GET['stylesheet']) )
                        return;
                add_filter('stylesheet', create_function('', "return '{$_GET['stylesheet']}';") );