Changeset 3286539
- Timestamp:
- 05/02/2025 09:00:32 PM (10 months ago)
- File:
-
- 1 edited
-
section-widget/trunk/themes/theme-loader.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
section-widget/trunk/themes/theme-loader.php
r3286504 r3286539 1 1 <?php 2 2 3 $theme = isset( $_GET['theme'])? strtolower(trim($_GET['theme'])) : 'base';4 $scope = isset( $_GET['scope'])? trim($_GET['scope']) : '';3 $theme = isset( $_GET['theme'] ) ? strtolower( trim( wp_unslash( $_GET['theme'] ) ) ) : 'base'; 4 $scope = isset( $_GET['scope'] ) ? trim( wp_unslash( $_GET['scope'] ) ) : ''; 5 5 6 $content = @file_get_contents(SECTION_WIDGET_DIR_PATH . "themes/{$theme}/sw-theme.css"); 6 // Remove any path traversal characters. 7 $theme = str_replace( array( '..', '/' ), '', $theme ); 8 9 $content = @file_get_contents(SECTION_WIDGET_DIR_PATH . "/themes/{$theme}/sw-theme.css"); 7 10 8 11 if(!$content) {
Note: See TracChangeset
for help on using the changeset viewer.