detaint language file.

This commit is contained in:
Isaac Connor 2022-02-08 14:17:30 -05:00
parent 6268652520
commit 2396e98fb9
1 changed files with 6 additions and 5 deletions

View File

@ -30,20 +30,21 @@ function translate($name) {
function loadLanguage($prefix='') { function loadLanguage($prefix='') {
global $user; global $user;
if ( $prefix ) if ($prefix)
$prefix = $prefix.'/'; $prefix = $prefix.'/';
if ( isset($user['Language']) and $user['Language'] ) { if (isset($user['Language']) and $user['Language']) {
$userLangFile = $prefix.'lang/'.$user['Language'].'.php'; # Languages can only have letters, numbers and underscore
$userLangFile = $prefix.'lang/'.preg_replace('/[^[:alnum:]_]+/', '', $user['Language']).'.php';
if ( file_exists($userLangFile) ) { if (file_exists($userLangFile)) {
return $userLangFile; return $userLangFile;
} else { } else {
ZM\Warning("User language file $userLangFile does not exist."); ZM\Warning("User language file $userLangFile does not exist.");
} }
} }
$systemLangFile = $prefix.'lang/'.ZM_LANG_DEFAULT.'.php'; $systemLangFile = $prefix.'lang/'.preg_replace('/[^[:alnum:]_]+/', '', ZM_LANG_DEFAULT).'.php';
if ( file_exists($systemLangFile) ) { if ( file_exists($systemLangFile) ) {
return $systemLangFile; return $systemLangFile;
} else { } else {