[geeklog-cvs] Geeklog-1.x/public_html/admin/install help.php, 1.6, 1.7
Dirk Haun
dhaun at qs1489.pair.com
Sat Jun 7 03:56:38 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/admin/install
In directory qs1489.pair.com:/tmp/cvs-serv40710
Modified Files:
help.php
Log Message:
Sanitize language name (Thanks, Mark!) and also check the language cookie
Index: help.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/install/help.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** help.php 31 May 2008 21:36:15 -0000 1.6
--- help.php 7 Jun 2008 07:56:36 -0000 1.7
***************
*** 47,52 ****
}
! $language = (isset( $_GET['language'] ) && !empty( $_GET['language'] )) ? $_GET['language'] : 'english';
! require_once( 'language/' . $language . '.php' );
// $display holds all the outputted HTML and content
--- 47,66 ----
}
! $language = 'english';
! if (isset($_GET['language'])) {
! $lng = $_GET['language'];
! } else if (isset($_COOKIE['language'])) {
! // Okay, so the name of the language cookie is configurable, so it may not
! // be named 'language' after all. Still worth a try ...
! $lng = $_COOKIE['language'];
! } else {
! $lng = $language;
! }
! // sanitize value and check for file
! $lng = preg_replace('/[^a-z0-9\-_]/', '', $lng);
! if (!empty($lng) && is_file('language/' . $lng . '.php')) {
! $language = $lng;
! }
! require_once 'language/' . $language . '.php';
// $display holds all the outputted HTML and content
More information about the geeklog-cvs
mailing list