Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

#396224 by pwolanin: Further harden template file name discovery

5.x
Neil Drumm 2009-04-29 17:49:52 +00:00
parent ce2f78fa2a
commit d930ca09fc
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
themes/engines/phptemplate/phptemplate.engine
View File

@ -257,7 +257,7 @@ function phptemplate_page($content, $show_blocks = TRUE) {
$suggestion = 'page';
$suggestions = array($suggestion);
while ($arg = arg($i++)) {
$arg = str_replace(array('/', '\\', '\0'), '', $arg);
$arg = str_replace(array("/", "\\", "\0"), '', $arg);
$suggestions[] = $suggestion . '-' . $arg;
if (!is_numeric($arg)) {
$suggestion .= '-' . $arg;
@ -377,9 +377,14 @@ function phptemplate_box($title, $content, $region = 'main') {
function _phptemplate_default($hook, $variables, $suggestions = array(), $extension = '.tpl.php') {
global $theme_engine;
// Remove slashes or null to prevent files from being included from
// an unexpected location (especially on Windows servers).
$extension = str_replace(array("/", "\\", "\0"), '', $extension);
// Loop through any suggestions in FIFO order.
$suggestions = array_reverse($suggestions);
foreach ($suggestions as $suggestion) {
$suggestion = str_replace(array("/", "\\", "\0"), '', $suggestion);
if (!empty($suggestion) && file_exists(path_to_theme() .'/'. $suggestion . $extension)) {
$file = path_to_theme() .'/'. $suggestion . $extension;
break;