Skip to content
Permalink
Browse files

Added valid checks to make sure selected language is valid

  • Loading branch information...
renlok committed Aug 24, 2016
1 parent 756878e commit 12650ec97263ba708c971a6befcf1b48afa98790
Showing with 42 additions and 29 deletions.
  1. +42 −29 includes/messages.inc.php
@@ -14,22 +14,42 @@
if (!defined('InWeBid')) exit();
// find installed languages
$LANGUAGES = array();
if ($handle = opendir(MAIN_PATH . 'language'))
{
while (false !== ($file = readdir($handle)))
{
if ('.' != $file && '..' != $file)
{
if (preg_match('/^([a-zA-Z_]{2,})$/i', $file))
{
$LANGUAGES[$file] = $file;
}
}
}
}
closedir($handle);
// Language management
if (isset($_GET['lan']) && !empty($_GET['lan']))
{
$language = preg_replace("/[^a-zA-Z_]/", '', $_GET['lan']);
if ($user->logged_in)
{
$query = "UPDATE " . $DBPrefix . "users SET language = :language WHERE id = :user_id";
$params = array();
$params[] = array(':language', $language, 'str');
$params[] = array(':user_id', $user->user_data['id'], 'int');
$db->query($query, $params);
}
else
if (isValidLanguage($language))
{
// Set language cookie
setcookie('USERLANGUAGE', $language, time() + 31536000, '/');
if ($user->logged_in)
{
$query = "UPDATE " . $DBPrefix . "users SET language = :language WHERE id = :user_id";
$params = array();
$params[] = array(':language', $language, 'str');
$params[] = array(':user_id', $user->user_data['id'], 'int');
$db->query($query, $params);
}
else
{
// Set language cookie
setcookie('USERLANGUAGE', $language, time() + 31536000, '/');
}
}
}
elseif ($user->logged_in)
@@ -39,6 +59,10 @@
elseif (isset($_COOKIE['USERLANGUAGE']))
{
$language = preg_replace("/[^a-zA-Z_]/", '', $_COOKIE['USERLANGUAGE']);
if (!isValidLanguage($language))
{
setcookie('USERLANGUAGE', $system->SETTINGS['defaultlanguage'], time() + 31536000, '/');
}
}
if (!isset($language) || empty($language))
@@ -48,27 +72,16 @@
include MAIN_PATH . 'language/' . $language . '/messages.inc.php';
//find installed languages
$LANGUAGES = array();
if ($handle = opendir(MAIN_PATH . 'language'))
function isValidLanguage(&$language)
{
while (false !== ($file = readdir($handle)))
global $LANGUAGES, $system;
// check language exists
if (!in_array($language, $LANGUAGES))
{
if ('.' != $file && '..' != $file)
{
if (preg_match('/^([a-zA-Z_]{2,})$/i', $file))
{
$LANGUAGES[$file] = $file;
}
}
$language = $system->SETTINGS['defaultlanguage'];
return false;
}
}
closedir($handle);
// check language exists
if (!in_array($language, $LANGUAGES))
{
$language = $system->SETTINGS['defaultlanguage'];
return true;
}
function get_lang_img($string)

0 comments on commit 12650ec

Please sign in to comment.
You can’t perform that action at this time.