Hello, Please find attached a patch to fix this bug. Since there was nu response from the maintainer at all, for 10 days now, is a NMU warranted?
regards, Thijs
--- include/functions.inc.php.orig 2005-05-10 18:59:08.805797600 +0200
+++ include/functions.inc.php 2005-05-10 18:58:52.287308792 +0200
@@ -72,6 +72,10 @@
if ($lang_conf == '') {
$lang_conf = 'francais.inc.php';
}
+ if ( ! preg_match ( '/^[A-Za-z0-9_.]+$/', $lang_conf ) ) {
+ die ( "Invalid character in language file name");
+ }
+
### Getting the good $txt var from the lang res file
include './lang/'.$lang_conf;
signature.asc
Description: This is a digitally signed message part
