echo '<span>' . $LANG['themes_edit_subtitle'] . '</span>';
}
echo '</div>';
if (isset($_GET['id']) && is_dir(DIR . '/' . THEMES_LOC . '/' . str_replace(array('../', './', '..\\', '.\\'), '', $_GET['id']))) {
if (empty($_GET['page'])) {
$page = DIRECTORY_SEPARATOR . 'index.php';
} else {
if (file_exists(DIR . '/' . THEMES_LOC . '/' . $_GET['id'] . '/' . str_replace(array('../', './', '..\\', '.\\'), '', $_GET['page']))) {
$page = $_GET['page'];
} else {
$page = DIRECTORY_SEPARATOR . 'index.php';
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && check_csrf($_POST['csrf'], 'themes_csrf')) {
if (isset($_POST['text'])) {
if (actions::edit_theme_page($_GET['id'], array('page' => $page, 'text' => $_POST['text']))) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
$csrf = $_SESSION['themes_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
' . sprintf($LANG['theme_edit_title'], htmlspecialchars($_GET['id'])) . '
<form action="#" method="GET" autocomplete="off" style="float: right;">
<input type="hidden" name="route" value="themes.php" />
<input type="hidden" name="action" value="editor" />
<input type="hidden" name="id" value="' . htmlspecialchars($_GET['id']) . '" />
