WordPress.org

Make WordPress Core

Changeset 10677


Ignore:
Timestamp:
03/01/09 19:59:41 (6 years ago)
Author:
ryan
Message:

Escape hyphen in regex. Props chrisbliss18. fixes #8548 #9244 for 2.7

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.7/wp-includes/theme.php

    r10484 r10677  
    850850        return; 
    851851 
    852     $_GET['template'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['template']); 
     852    $_GET['template'] = preg_replace('|[^a-z0-9_.\-/]|i', '', $_GET['template']); 
    853853 
    854854    if ( validate_file($_GET['template']) ) 
     
    858858 
    859859    if ( isset($_GET['stylesheet']) ) { 
    860         $_GET['stylesheet'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['stylesheet']); 
     860        $_GET['stylesheet'] = preg_replace('|[^a-z0-9_.\-/]|i', '', $_GET['stylesheet']); 
    861861        if ( validate_file($_GET['stylesheet']) ) 
    862862            return; 
Note: See TracChangeset for help on using the changeset viewer.