Minor security issue in theme switcher

Permalink Browser Info Environment
If you provide a theme to the t variable that doesn't exist the block will display errors giving away the PHP path (which normally contains the system username).

The block should ensure a default theme is selected or sanitize the input based on available themes.

Type: Discussion
Status: New
defunct
View Replies: View Best Answer
Mnkras replied on at Permalink Reply
Mnkras
interesting, something must have changed in a recent version, ill get a fix out asap :)
Mnkras replied on at Permalink Best Answer Reply
Mnkras
all done :) no more error :D

concrete5 Environment Information

Browser User-Agent String

Hide Post Content

This will replace the post content with the message: "Content has been removed by an Administrator"

Hide Content

Request Refund

You have not specified a license for this support ticket. You must have a valid license assigned to a support ticket to request a refund.