diff options
| author | Andrew Nacin <nacin@git.wordpress.org> | 2012-06-26 21:47:41 +0000 |
|---|---|---|
| committer | Andrew Nacin <nacin@git.wordpress.org> | 2012-06-26 21:47:41 +0000 |
| commit | 173e43ed3f7f1ff1fd9b710823f2740e2093b8d5 (patch) | |
| tree | 9c56ba6b663495027e38f717df4a222c2858b3d8 | |
| parent | 62650f7059222ac27255067e9db5026d0065267b (diff) | |
| download | wordpress-173e43ed3f7f1ff1fd9b710823f2740e2093b8d5.tar.gz wordpress-173e43ed3f7f1ff1fd9b710823f2740e2093b8d5.zip | |
Use stylesheet to identify themes, not template. Sanity check values before switching.
git-svn-id: https://develop.svn.wordpress.org/branches/3.3@21147 602fd350-edb4-49c9-b593-d223f7449a82
| -rw-r--r-- | wp-admin/includes/class-wp-themes-list-table.php | 2 | ||||
| -rw-r--r-- | wp-admin/includes/class-wp-upgrader.php | 4 | ||||
| -rw-r--r-- | wp-admin/themes.php | 12 |
3 files changed, 14 insertions, 4 deletions
diff --git a/wp-admin/includes/class-wp-themes-list-table.php b/wp-admin/includes/class-wp-themes-list-table.php index 4839b504e2..0e29cbb5f2 100644 --- a/wp-admin/includes/class-wp-themes-list-table.php +++ b/wp-admin/includes/class-wp-themes-list-table.php @@ -146,7 +146,7 @@ class WP_Themes_List_Table extends WP_List_Table { $preview_text = esc_attr( sprintf( __( 'Preview of “%s”' ), $title ) ); $tags = $themes[$theme_name]['Tags']; $thickbox_class = 'thickbox thickbox-preview'; - $activate_link = wp_nonce_url( "themes.php?action=activate&template=".urlencode( $template )."&stylesheet=".urlencode( $stylesheet ), 'switch-theme_' . $template ); + $activate_link = wp_nonce_url( "themes.php?action=activate&template=".urlencode( $template )."&stylesheet=".urlencode( $stylesheet ), 'switch-theme_' . $stylesheet ); $activate_text = esc_attr( sprintf( __( 'Activate “%s”' ), $title ) ); $actions = array(); $actions[] = '<a href="' . $activate_link . '" class="activatelink" title="' . $activate_text . '">' . __( 'Activate' ) . '</a>'; diff --git a/wp-admin/includes/class-wp-upgrader.php b/wp-admin/includes/class-wp-upgrader.php index e61e0ef5e4..e75cadea95 100644 --- a/wp-admin/includes/class-wp-upgrader.php +++ b/wp-admin/includes/class-wp-upgrader.php @@ -1415,7 +1415,7 @@ class Theme_Installer_Skin extends WP_Upgrader_Skin { $template = !empty($theme_info['Template']) ? $theme_info['Template'] : $stylesheet; $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'preview_iframe' => 1, 'TB_iframe' => 'true' ), trailingslashit(esc_url(get_option('home'))) ) ); - $activate_link = wp_nonce_url("themes.php?action=activate&template=" . urlencode($template) . "&stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template); + $activate_link = wp_nonce_url("themes.php?action=activate&template=" . urlencode($template) . "&stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $stylesheet); $install_actions = array( 'preview' => '<a href="' . $preview_link . '" class="thickbox thickbox-preview" title="' . esc_attr(sprintf(__('Preview “%s”'), $name)) . '">' . __('Preview') . '</a>', @@ -1423,7 +1423,7 @@ class Theme_Installer_Skin extends WP_Upgrader_Skin { ); if ( is_network_admin() && current_user_can( 'manage_network_themes' ) ) - $install_actions['network_enable'] = '<a href="' . esc_url( wp_nonce_url( 'themes.php?action=enable&theme=' . $template, 'enable-theme_' . $template ) ) . '" title="' . esc_attr__( 'Enable this theme for all sites in this network' ) . '" target="_parent">' . __( 'Network Enable' ) . '</a>'; + $install_actions['network_enable'] = '<a href="' . esc_url( wp_nonce_url( 'themes.php?action=enable&theme=' . $stylesheet, 'enable-theme_' . $stylesheet ) ) . '" title="' . esc_attr__( 'Enable this theme for all sites in this network' ) . '" target="_parent">' . __( 'Network Enable' ) . '</a>'; if ( $this->type == 'web' ) $install_actions['themes_page'] = '<a href="' . self_admin_url('theme-install.php') . '" title="' . esc_attr__('Return to Theme Installer') . '" target="_parent">' . __('Return to Theme Installer') . '</a>'; diff --git a/wp-admin/themes.php b/wp-admin/themes.php index bb84ca1143..feb5fd7c8a 100644 --- a/wp-admin/themes.php +++ b/wp-admin/themes.php @@ -16,7 +16,17 @@ $wp_list_table = _get_list_table('WP_Themes_List_Table'); if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) { if ( 'activate' == $_GET['action'] ) { - check_admin_referer('switch-theme_' . $_GET['template']); + check_admin_referer('switch-theme_' . $_GET['stylesheet']); + $themes = get_allowed_themes(); + foreach ( $themes as $theme ) { + if ( $theme['Stylesheet'] == $_GET['stylesheet'] && + $theme['Template'] == $_GET['template'] ) { + $found = true; + break; + } + } + if ( empty( $found ) ) + wp_die( __( 'Cheatin’ uh?' ) ); switch_theme($_GET['template'], $_GET['stylesheet']); wp_redirect( admin_url('themes.php?activated=true') ); exit; |