Make WordPress Core


Ignore:
Timestamp:
03/01/2009 07:59:41 PM (16 years ago)
Author:
ryan
Message:

Escape hyphen in regex. Props chrisbliss18. fixes #8548 #9244 for 2.7

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.7/wp-includes/theme.php

    r10484 r10677  
    850850        return;
    851851
    852     $_GET['template'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['template']);
     852    $_GET['template'] = preg_replace('|[^a-z0-9_.\-/]|i', '', $_GET['template']);
    853853
    854854    if ( validate_file($_GET['template']) )
     
    858858
    859859    if ( isset($_GET['stylesheet']) ) {
    860         $_GET['stylesheet'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['stylesheet']);
     860        $_GET['stylesheet'] = preg_replace('|[^a-z0-9_.\-/]|i', '', $_GET['stylesheet']);
    861861        if ( validate_file($_GET['stylesheet']) )
    862862            return;
Note: See TracChangeset for help on using the changeset viewer.