echo '<span>' . $LANG['themes_edit_subtitle'] . '</span>'; } echo '</div>'; if (isset($_GET['id']) && is_dir(DIR . '/' . THEMES_LOC . '/' . str_replace(array('../', './', '..\\', '.\\'), '', $_GET['id']))) { if (empty($_GET['page'])) { $page = DIRECTORY_SEPARATOR . 'index.php'; } else { if (file_exists(DIR . '/' . THEMES_LOC . '/' . $_GET['id'] . '/' . str_replace(array('../', './', '..\\', '.\\'), '', $_GET['page']))) { $page = $_GET['page']; } else { $page = DIRECTORY_SEPARATOR . 'index.php'; } } if ($_SERVER['REQUEST_METHOD'] == 'POST' && check_csrf($_POST['csrf'], 'themes_csrf')) { if (isset($_POST['text'])) { if (actions::edit_theme_page($_GET['id'], array('page' => $page, 'text' => $_POST['text']))) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } $csrf = $_SESSION['themes_csrf'] = \site\utils::str_random(10); echo '<div class="page-toolbar"> ' . sprintf($LANG['theme_edit_title'], htmlspecialchars($_GET['id'])) . ' <form action="#" method="GET" autocomplete="off" style="float: right;"> <input type="hidden" name="route" value="themes.php" /> <input type="hidden" name="action" value="editor" /> <input type="hidden" name="id" value="' . htmlspecialchars($_GET['id']) . '" />