require_once('admin.php');
if ( isset($_GET['action']) ) {
- check_admin_referer();
+ check_admin_referer('switch-theme_' . $_GET['template']);
if ('activate' == $_GET['action']) {
if ( isset($_GET['template']) )
do_action('switch_theme', get_current_theme());
- header('Location: themes.php?activated=true');
+ wp_redirect('themes.php?activated=true');
exit;
}
}
$author = $themes[$theme_name]['Author'];
$screenshot = $themes[$theme_name]['Screenshot'];
$stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
- $activate_link = "themes.php?action=activate&template=$template&stylesheet=$stylesheet";
+ $activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme_' . $template);
?>
<div class="available-theme">
<h3><a href="<?php echo $activate_link; ?>"><?php echo "$title $version"; ?></a></h3>