detaint language file.
This commit is contained in:
parent
2db781ed44
commit
9fee64b62f
|
@ -34,7 +34,8 @@ function loadLanguage($prefix='') {
|
||||||
$prefix = $prefix.'/';
|
$prefix = $prefix.'/';
|
||||||
|
|
||||||
if (isset($user['Language']) and $user['Language']) {
|
if (isset($user['Language']) and $user['Language']) {
|
||||||
$userLangFile = $prefix.'lang/'.$user['Language'].'.php';
|
# Languages can only have letters, numbers and underscore
|
||||||
|
$userLangFile = $prefix.'lang/'.preg_replace('/[^[:alnum:]_]+/', '', $user['Language']).'.php';
|
||||||
|
|
||||||
if (file_exists($userLangFile)) {
|
if (file_exists($userLangFile)) {
|
||||||
return $userLangFile;
|
return $userLangFile;
|
||||||
|
@ -43,7 +44,7 @@ function loadLanguage($prefix='') {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$systemLangFile = $prefix.'lang/'.ZM_LANG_DEFAULT.'.php';
|
$systemLangFile = $prefix.'lang/'.preg_replace('/[^[:alnum:]_]+/', '', ZM_LANG_DEFAULT).'.php';
|
||||||
if ( file_exists($systemLangFile) ) {
|
if ( file_exists($systemLangFile) ) {
|
||||||
return $systemLangFile;
|
return $systemLangFile;
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in New Issue