From 125f57c5b4074914965ed485eab867b35da89956 Mon Sep 17 00:00:00 2001
From: El RIDO <elrido@gmx.net>
Date: Tue, 11 Nov 2025 17:52:48 +0100
Subject: [PATCH] ensure template cookie cannot be a path

---
 lib/TemplateSwitcher.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/TemplateSwitcher.php b/lib/TemplateSwitcher.php
index 256f2543..7151c611 100644
--- a/lib/TemplateSwitcher.php
+++ b/lib/TemplateSwitcher.php
@@ -73,8 +73,11 @@ class TemplateSwitcher
      */
     public static function getTemplate(): string
     {
-        if (array_key_exists('template', $_COOKIE) && self::isTemplateAvailable($_COOKIE['template'])) {
-            return $_COOKIE['template'];
+        if (array_key_exists('template', $_COOKIE)) {
+            $template = basename($_COOKIE['template']);
+            if (self::isTemplateAvailable($template)) {
+                return $template;
+            }
         }
         return self::$_templateFallback;
     }