Minor security issue in theme switcher
Permalink Browser Info Environment
If you provide a theme to the t variable that doesn't exist the block will display errors giving away the PHP path (which normally contains the system username).
The block should ensure a default theme is selected or sanitize the input based on available themes.
The block should ensure a default theme is selected or sanitize the input based on available themes.
Type: | Discussion |
---|---|
Status: | New |