Commit: a7331299c46c8faacff15e36fb66482eba050961 Author: Hannes Magnusson <[email protected]> Wed, 29 Dec 2010 11:03:16 +0000 Parents: 46c9d053ff204dd97f0b0044a96329e86e386bea Branches: master
Link: http://git.php.net/?p=web/php.git;a=commitdiff;h=a7331299c46c8faacff15e36fb66482eba050961 Log: Fix potentional XSS by cleaning the langcode input Changed paths: M include/languages.inc Diff: diff --git a/include/languages.inc b/include/languages.inc index 615a83e..d95a385 100644 --- a/include/languages.inc +++ b/include/languages.inc @@ -89,13 +89,19 @@ $ACTIVE_ONLINE_LANGUAGES = array_diff($LANGUAGES, $INACTIVE_ONLINE_LANGUAGES); // is needed when communicating with the outside world] function language_convert($langcode, $to_phpweb_format = TRUE) { + global $LANGUAGES; if ($to_phpweb_format) { switch ($langcode) { case 'zh_cn': return 'zh'; case 'zh_hk': return 'hk'; case 'zh_tw': return 'tw'; case 'ko' : return 'kr'; - default: return $langcode; + default: + if (isset($LANGUAGES[$langcode])) { + return $langcode; + } + // Fallback on english if we got something wacky + return "en"; } } else { @@ -104,7 +110,12 @@ function language_convert($langcode, $to_phpweb_format = TRUE) case 'hk': return 'zh_hk'; case 'tw': return 'zh_tw'; case 'kr': return 'ko'; - default: return $langcode; + default: + if (isset($LANGUAGES[$langcode])) { + return $langcode; + } + // Fallback on english if we got something wacky + return "en"; } } } -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
