Path traversal attack fix #384

bbalet · Apr 30, 2023 · 51a3cd2 · 51a3cd2
1 parent f0352a1
commit 51a3cd2
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/application/controllers/Connection.php b/application/controllers/Connection.php
@@ -193,8 +193,14 @@ public function logout() {
      */
     public function language() {
         $this->load->helper('form');
-        $this->session->set_userdata('language_code', $this->input->get_post('language', true));
-        $this->session->set_userdata('language', $this->polyglot->code2language($this->input->get_post('language', true)));
+
+        //Prevent transversal path attack and the selection of an unavailable language
+        $languages = explode(",", $this->config->item('languages'));
+        $language = $this->input->get_post('language', true);
+        if (in_array($language, $languages)) {
+            $this->session->set_userdata('language_code', $language);
+            $this->session->set_userdata('language', $this->polyglot->code2language($language));
+        }
         if ($this->input->post('last_page') == FALSE) {
             $this->redirectToLastPage();
         } else {