From ed978bda9b0dc7be50f1294ff8171648e90725ee Mon Sep 17 00:00:00 2001
From: "fly.dvorkin" <fly.dvorkin@a8ac35ab-4ca4-ca47-4c2d-a49a94f06293>
Date: Mon, 1 Jul 2013 07:16:41 +0000
Subject: [PATCH] r510
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Чуток марафета для неуязвимости выбора шаблона. Сверка выбора шаблона с прописанными в конфиге. git-svn-id: https://torrentpier2.googlecode.com/svn/trunk@510 a8ac35ab-4ca4-ca47-4c2d-a49a94f06293
---
 upload/config.php                       |  4 ++--
 upload/includes/functions.php           |  8 +++++++
 upload/includes/ucp/usercp_register.php | 30 ++++++++++++++++---------
 3 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/upload/config.php b/upload/config.php
index 926788dda..b2765e377 100644
--- a/upload/config.php
+++ b/upload/config.php
@@ -56,8 +56,8 @@ $domain_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : $do
 
 // Increase number of revision after update
 $bb_cfg['tp_version'] = '2.5 pre-stable';
-$bb_cfg['tp_release_date'] = '29-06-2013';
-$bb_cfg['tp_release_state'] = 'R509';
+$bb_cfg['tp_release_date'] = '01-07-2013';
+$bb_cfg['tp_release_state'] = 'R510';
 
 // Database
 $charset  = 'utf8';
diff --git a/upload/includes/functions.php b/upload/includes/functions.php
index caddb8f64..20e5853f4 100644
--- a/upload/includes/functions.php
+++ b/upload/includes/functions.php
@@ -1553,6 +1553,14 @@ function setup_style ()
 	$tpl_dir_name = defined('IN_ADMIN') ? 'default'   : basename((IS_GUEST || empty($userdata['tpl_name'])) ? $bb_cfg['tpl_name'] : $userdata['tpl_name']);
 	$stylesheet   = defined('IN_ADMIN') ? 'main.css'  : basename($bb_cfg['stylesheet']);
 
+	if (!IS_GUEST && !empty($userdata['tpl_name']))
+	{
+		foreach ($bb_cfg['templates'] as $folder => $name)
+		{
+			if ($userdata['tpl_name'] == $folder) $tpl_dir_name = basename($userdata['tpl_name']);
+		}
+	}
+
 	$template = new Template(TEMPLATES_DIR . $tpl_dir_name);
 	$css_dir = basename(TEMPLATES_DIR) ."/$tpl_dir_name/css/";
 
diff --git a/upload/includes/ucp/usercp_register.php b/upload/includes/ucp/usercp_register.php
index 4586b3613..603d7d09c 100644
--- a/upload/includes/ucp/usercp_register.php
+++ b/upload/includes/ucp/usercp_register.php
@@ -721,19 +721,27 @@ foreach ($profile_fields as $field => $can_edit)
 		}
 		break;
 
-		/**
-		*  Выбор шаблона (edit, reg)
-		*/
-		case 'tpl_name':
-			$templates = isset($_POST['tpl_name']) ? (string) $_POST['tpl_name'] : $pr_data['tpl_name'];
-			$templates = htmlCHR($templates);
-			if ($submit && $templates != $pr_data['tpl_name'])
+	/**
+	*  Выбор шаблона (edit, reg)
+	*/
+	case 'tpl_name':
+		$templates = isset($_POST['tpl_name']) ? (string) $_POST['tpl_name'] : $pr_data['tpl_name'];
+		$templates = htmlCHR($templates);
+		if ($submit && $templates != $pr_data['tpl_name'])
+		{
+			$pr_data['tpl_name'] = $bb_cfg['tpl_name'];
+			$db_data['tpl_name'] = (string) $bb_cfg['tpl_name'];
+			foreach ($bb_cfg['templates'] as $folder => $name)
 			{
-				$pr_data['tpl_name'] = $templates;
-				$db_data['tpl_name'] = (string) $templates;
+				if ($templates == $folder)
+				{
+					$pr_data['tpl_name'] = $templates;
+					$db_data['tpl_name'] = (string) $templates;
+				}
 			}
-			$tp_data['TEMPLATES_SELECT'] = templates_select($pr_data['tpl_name'], 'tpl_name');
-			break;
+		}
+		$tp_data['TEMPLATES_SELECT'] = templates_select($pr_data['tpl_name'], 'tpl_name');
+		break;
 
 	/**
 	*  default