Wordpress 2.0.11-scripts

[autoinstalls/wordpress.git] / wp-admin / theme-editor.php

diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php
index b2788cf3a7490bb544cda73e854a7de3f24a9c04..9aa846bfeed83daaed270682d2c2ced28fd4a9de 100644 (file)
--- a/wp-admin/theme-editor.php
+++ b/wp-admin/theme-editor.php
@@ -58,11 +58,15 @@ case 'update':
                $f = fopen($real_file, 'w+');
                fwrite($f, $newcontent);
                fclose($f);
                $f = fopen($real_file, 'w+');
                fwrite($f, $newcontent);
                fclose($f);

-               wp_redirect("theme-editor.php?file=$file&theme=$theme&a=te");
+               $location = "theme-editor.php?file=$file&theme=$theme&a=te";

        } else {
        } else {

-               wp_redirect("theme-editor.php?file=$file&theme=$theme");
+               $location = "theme-editor.php?file=$file&theme=$theme";

        }
 
        }
 

+       $location = wp_kses_no_null($location);
+       $strip = array('%0d', '%0a');
+       $location = str_replace($strip, '', $location);
+       header("Location: $location");

        exit();
 
 break;
        exit();
 
 break;


@@ -97,7 +101,7 @@ default:
                $theme_name = $a_theme['Name'];
                if ($theme_name == $theme) $selected = " selected='selected'";
                else $selected = '';
                $theme_name = $a_theme['Name'];
                if ($theme_name == $theme) $selected = " selected='selected'";
                else $selected = '';

-               $theme_name = wp_specialchars($theme_name, true);
+               $theme_name = attribute_escape($theme_name);

                echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>";
        }
 ?>
                echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>";
        }
 ?>