Changeset 21755 for trunk/wp-admin/theme-editor.php

Timestamp:

09/04/2012 10:35:12 PM (14 years ago)

Author:

nacin

Message:

Always URL-encode a stylesheet directory value before using it in a URL. These situations are saved by wp_nonce_url(), but we should not depend on that. see #21749, for trunk only.

File:

• trunk/wp-admin/theme-editor.php (modified) (2 diffs)

trunk/wp-admin/theme-editor.php

@@ -47 +47 @@
 
 if ( $theme )
-    $stylesheet = urldecode( $theme );
+    $stylesheet = $theme;
 else
     $stylesheet = get_stylesheet();
@@ -69 +69 @@
     $file = $allowed_files['style.css'];
 } else {
-    $relative_file = urldecode( stripslashes( $file ) );
+    $relative_file = stripslashes( $file );
     $file = $theme->get_stylesheet_directory() . '/' . $relative_file;
 }