Index: wp-includes/theme.php
===================================================================
--- wp-includes/theme.php	(revision 19969)
+++ wp-includes/theme.php	(working copy)
@@ -181,6 +181,7 @@
  * @return array Theme data.
  */
 function get_theme_data( $theme_file ) {
+	global $themes_allowed_tags;
 	$default_headers = array(
 		'Name' => 'Theme Name',
 		'URI' => 'Theme URI',
Index: wp-admin/theme-editor.php
===================================================================
--- wp-admin/theme-editor.php	(revision 19969)
+++ wp-admin/theme-editor.php	(working copy)
@@ -52,6 +52,9 @@
 	$theme = stripslashes($theme);
 }
 
+global $themes_allowed_tags;
+$theme = wp_kses( $theme, $themes_allowed_tags );	
+
 if ( ! isset($themes[$theme]) )
 	wp_die(__('The requested theme does not exist.'));