Make WordPress Core

Ticket #41901: patch-41901.2.diff

File patch-41901.2.diff, 805 bytes (added by inc2734, 7 years ago)
  • wp-admin/includes/ajax-actions.php

    diff --git a/wp-admin/includes/ajax-actions.php b/wp-admin/includes/ajax-actions.php
    index e132ac8..58f797e 100644
    a b function wp_ajax_update_theme() { 
    34773477                ) );
    34783478        }
    34793479
    3480         $stylesheet = preg_replace( '/[^A-z0-9_\-]/', '', wp_unslash( $_POST['slug'] ) );
     3480        $stylesheet = preg_replace( '|[^A-z0-9_/\-]|', '', $_POST['slug'] );
    34813481        $status     = array(
    34823482                'update'     => 'theme',
    34833483                'slug'       => $stylesheet,
    function wp_ajax_delete_theme() { 
    35623562                ) );
    35633563        }
    35643564
    3565         $stylesheet = preg_replace( '/[^A-z0-9_\-]/', '', wp_unslash( $_POST['slug'] ) );
     3565        $stylesheet = preg_replace( '|[^A-z0-9_/\-]|', '', $_POST['slug'] );
    35663566        $status     = array(
    35673567                'delete' => 'theme',
    35683568                'slug'   => $stylesheet,