WordPress.org

Make WordPress Core

Ticket #9329: 9329.diff

File 9329.diff, 1004 bytes (added by Denis-de-Bernardy, 9 years ago)
  • Users/denis/Sites/sem-pro/wp-includes/theme.php

     
    849849        if ( !current_user_can( 'switch_themes' ) )
    850850                return;
    851851
    852         $_GET['template'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['template']);
     852        $_GET['template'] = preg_replace('|[^a-z0-9_./-]|i', '', $_GET['template']);
    853853
    854854        if ( validate_file($_GET['template']) )
    855855                return;
     
    857857        add_filter('template', create_function('', "return '{$_GET['template']}';") );
    858858
    859859        if ( isset($_GET['stylesheet']) ) {
    860                 $_GET['stylesheet'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['stylesheet']);
     860                $_GET['stylesheet'] = preg_replace('|[^a-z0-9_./-]|i', '', $_GET['stylesheet']);
    861861                if ( validate_file($_GET['stylesheet']) )
    862862                        return;
    863863                add_filter('stylesheet', create_function('', "return '{$_GET['stylesheet']}';") );