Skip to content
Permalink
Browse files Browse the repository at this point in the history
[#21464023] Security: arbitrary file inclusion
Poor input cleansing can allow a well-constructed cookie
to return the contents of arbitrary file system objects.
  • Loading branch information
ctfliblime committed Nov 25, 2011
1 parent d11b325 commit 8ea6f7b
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions C4/Output.pm
Expand Up @@ -143,6 +143,7 @@ sub themelanguage {
if $http_accept_language;
# But, if there's a cookie set, obey it
$lang = $query->cookie('KohaOpacLanguage') if $query->cookie('KohaOpacLanguage');
$lang =~ s/[^\p{IsAlnum}\-_]//g;
# Fall back to English
my @languages;
if ($interface eq 'intranet') {
Expand Down

0 comments on commit 8ea6f7b

Please sign in to comment.