From 58e9c3655248914b1b6a0b3b68fcc4ccfafd73b7 Mon Sep 17 00:00:00 2001
From: Antonio Terceiro <terceiro@colivre.coop.br>
Date: Fri, 17 Dec 2010 15:22:37 -0300
Subject: [PATCH] Refuse unexisting theme via GET parameter

---
 app/helpers/application_helper.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 398a523..bfa4b97 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -340,7 +340,7 @@ module ApplicationHelper
           if ENV['RAILS_ENV'] == 'development' && environment.theme == 'random'
             @random_theme ||= Dir.glob('public/designs/themes/*').map { |f| File.basename(f) }.rand
             @random_theme
-          elsif ENV['RAILS_ENV'] == 'development' && params[:theme]
+          elsif ENV['RAILS_ENV'] == 'development' && params[:theme] && File.exists?(File.join(Rails.root, 'public/designs/themes', params[:theme]))
             params[:theme]
           else
             if profile && !profile.theme.nil?
--
libgit2 0.21.2