- global $wp_file_descriptions;
-
- if ( isset( $wp_file_descriptions[basename( $file )] ) ) {
- return $wp_file_descriptions[basename( $file )];
- }
- elseif ( file_exists( $file ) && is_file( $file ) ) {
- $template_data = implode( '', file( $file ) );
- if ( preg_match( '|Template Name:(.*)$|mi', $template_data, $name ))
- return sprintf( __( '%s Page Template' ), _cleanup_header_comment($name[1]) );
+ global $wp_file_descriptions, $allowed_files;
+
+ $relative_pathinfo = pathinfo( $file );
+ $file_path = $allowed_files[ $file ];
+ if ( isset( $wp_file_descriptions[ basename( $file ) ] ) && '.' === $relative_pathinfo['dirname'] ) {
+ return $wp_file_descriptions[ basename( $file ) ];
+ } elseif ( file_exists( $file_path ) && is_file( $file_path ) ) {
+ $template_data = implode( '', file( $file_path ) );
+ if ( preg_match( '|Template Name:(.*)$|mi', $template_data, $name ) ) {
+ return sprintf( __( '%s Page Template' ), _cleanup_header_comment( $name[1] ) );
+ }