Description: Ensure valid theme in customizer preview
 Fixes a path traversal vulnerability in the customizer
 CVE-2017-14722
Author: ocean90@wordpress.org
Origin: upstream, https://core.trac.wordpress.org/changeset/41430/branches/4.7
Bug-Debian: https://bugs.debian.org/876274
Applied-Upstream: 4.8.2
Reviewed-by: Craig Small <csmall@debian.org>
Last-Update: 2017-09-23
--- a/wp-includes/class-wp-customize-manager.php
+++ b/wp-includes/class-wp-customize-manager.php
@@ -173,7 +173,7 @@
 
 		$this->original_stylesheet = get_stylesheet();
 
-		$this->theme = wp_get_theme( isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : null );
+		$this->theme = wp_get_theme( ( isset( $_REQUEST['theme'] ) && ( 0 === validate_file( $_REQUEST['theme'] ) ) ) ? $_REQUEST['theme'] : null );
 
 		/*
 		 * Clear incoming post data if the user lacks a CSRF token (nonce). Note that the customizer
