<?php
/**
* Display Available Themes
*
* This file spits out a list of available themes to the control panel.
* This is provided thru an ajax call.
*
* @package GetSimple
* @subpackage Available-Themes
*/
// Include common.php
include('common.php');
// Make sure register globals don't make this hackable again.
if (isset($TEMPLATE)) unset($TEMPLATE);
/**
* Sanitise first
* @todo Maybe use Anti-XSS on this instead?
*/
if (isset($_GET['dir'])) {
$TEMPLATE = '';
$segments = explode('/',implode('/',explode('\\',$_GET['dir'])));
foreach ($segments as $part) if ($part !== '..') $TEMPLATE .= $part.'/';
$TEMPLATE = preg_replace('/\/+/','/',$TEMPLATE);
if (strlen($TEMPLATE)<=0||$TEMPLATE=='/') unset($TEMPLATE);
}
// Send back list of theme files from a certain directory for theme-edit.php
if (isset($TEMPLATE)) {
$TEMPLATE_FILE = ''; $template = ''; $theme_templates = '';
if ($template == '') { $template = 'template.php'; }
if(!filepath_is_safe(GSTHEMESPATH . $TEMPLATE,GSTHEMESPATH)) die();
$templates = directoryToArray(GSTHEMESPATH . $TEMPLATE . '/', true);
$allowed_extensions=array('php','css','js','html','htm');
$theme_templates .= '<select class="text" id="theme_files" style="width:425px;" name="f" >';
foreach ($templates as $file) {
$extension=pathinfo($file,PATHINFO_EXTENSION);
if (in_array($extension, $allowed_extensions)){
$filename=pathinfo($file,PATHINFO_BASENAME);
$filenamefull=substr(strstr($file,'/theme/'.$TEMPLATE.'/'),strlen('/theme/'.$TEMPLATE.'/'));
if ($TEMPLATE_FILE == $filename){
$sel="selected";
} else {
$sel="";
}
if ($filename == 'template.php'){
$templatename=i18n_r('DEFAULT_TEMPLATE');
} else {
$templatename=$filenamefull;
}
$theme_templates .= '<option '.$sel.' value="'.$templatename.'" >'.$templatename.'</option>';
}
}
$theme_templates .= "</select>";
echo $theme_templates;
}
?>