detaint language file.

This commit is contained in:
Isaac Connor 2022-02-08 14:17:30 -05:00
parent 2db781ed44
commit 9fee64b62f
1 changed files with 6 additions and 5 deletions

View File

@ -34,7 +34,8 @@ function loadLanguage($prefix='') {
$prefix = $prefix.'/';
if (isset($user['Language']) and $user['Language']) {
$userLangFile = $prefix.'lang/'.$user['Language'].'.php';
# Languages can only have letters, numbers and underscore
$userLangFile = $prefix.'lang/'.preg_replace('/[^[:alnum:]_]+/', '', $user['Language']).'.php';
if (file_exists($userLangFile)) {
return $userLangFile;
@ -43,7 +44,7 @@ function loadLanguage($prefix='') {
}
}
$systemLangFile = $prefix.'lang/'.ZM_LANG_DEFAULT.'.php';
$systemLangFile = $prefix.'lang/'.preg_replace('/[^[:alnum:]_]+/', '', ZM_LANG_DEFAULT).'.php';
if ( file_exists($systemLangFile) ) {
return $systemLangFile;
} else {