WordPress.org

Make WordPress Core

Ticket #8548: themefix.diff

File themefix.diff, 923 bytes (added by zedlander, 5 years ago)

Diff to avoid filtering out '/' from theme filenames.

  • wp-includes/theme.php

     
    849849        if ( !current_user_can( 'switch_themes' ) ) 
    850850                return; 
    851851 
    852         $_GET['template'] = preg_replace('|[^a-z0-9_.-]|i', '', $_GET['template']); 
     852        $_GET['template'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['template']); 
    853853 
    854854        if ( validate_file($_GET['template']) ) 
    855855                return; 
     
    857857        add_filter('template', create_function('', "return '{$_GET['template']}';") ); 
    858858 
    859859        if ( isset($_GET['stylesheet']) ) { 
    860                 $_GET['stylesheet'] = preg_replace('|[^a-z0-9_.-]|i', '', $_GET['stylesheet']); 
     860                $_GET['stylesheet'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['stylesheet']); 
    861861                if ( validate_file($_GET['stylesheet']) ) 
    862862                        return; 
    863863                add_filter('stylesheet', create_function('', "return '{$_GET['stylesheet']}';") );