upport 1.7.6 security fixes

plugins/serendipity_event_templatechooser/serendipity_event_templatechooser.php

@@ -51,6 +51,15 @@ class serendipity_event_templatechooser extends serendipity_event
                     serendipity_setCookie('user_template', $_REQUEST['user_template'], false);
                 }
 
+                // If the requested template is the same as the current default template,
+                // we will not set this variable. This is important so that templates/plugins
+                // which detect serendipityUseTemplate can use reasonable defaults in case
+                // template configuration options do not exist. Guess nobody understands
+                // this explanation anyways, and who reads this stuff, heh?
+                if ($_SESSION['serendipityUseTemplate'] == $eventData['template']) {
+                    unset($_SESSION['serendipityUseTemplate'];
+                }
+
                 if (isset($_SESSION['serendipityUseTemplate']) ) {
                     $templateInfo = serendipity_fetchTemplateInfo($_SESSION['serendipityUseTemplate']);
                     $eventData['template'] = $_SESSION['serendipityUseTemplate'];

plugins/serendipity_plugin_templatedropdown/serendipity_plugin_templatedropdown.php

@@ -61,6 +61,7 @@ class serendipity_plugin_templatedropdown extends serendipity_plugin {
         echo '<form id="theme_chooser" action="' . $url . '" method="post">';
         echo '<select name="user_template" onchange="document.getElementById(\'theme_chooser\').submit();">';
         foreach (serendipity_fetchTemplates() as $template) {
+            if ($template == 'default-php' || $template == 'default-xml') continue;
             $templateInfo = serendipity_fetchTemplateInfo($template);
             echo '<option value="' . $template . '" ' . (serendipity_get_config_var('template', 'default') == $template ? 'selected="selected"' : '') . '>' . substr($templateInfo['name'], 0, 25) . '</option>';
         }