Ticket #625: Ticket-625.2.patch

bb-admin/plugins.php

@@ -13 +13 @@
         }
 
 if ( isset($_GET['action']) ) {
-        $plugin = stripslashes(trim($_GET['plugin']));
+        $plugin = trim(urldecode($_GET['plugin']));
         if ('activate' == $_GET['action']) {
                 bb_check_admin_referer( 'activate-plugin_' . $plugin );
                 if ( !in_array($plugin, array_keys($plugins)) )

bb-admin/themes.php

@@ -7 +7 @@
                 exit;
         }
         bb_check_admin_referer( 'switch-theme' );
-        $activetheme = stripslashes($_GET['theme']);
+        $activetheme = urldecode($_GET['theme']);
         bb_update_option( 'bb_active_theme', $activetheme );
         wp_redirect( bb_get_option( 'uri' ) . 'bb-admin/themes.php?activated' );
         exit;