فهرست منبع

Disallow setting non-existent language (#7878)

The set language is used inside paths and can lead to issues by including PHP files from other locations
Inverle 10 ماه پیش
والد
کامیت
379a387dde
2فایلهای تغییر یافته به همراه9 افزوده شده و 1 حذف شده
  1. 4 1
      app/Controllers/configureController.php
  2. 5 0
      lib/Minz/Translate.php

+ 4 - 1
app/Controllers/configureController.php

@@ -45,7 +45,10 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController {
 	 */
 	public function displayAction(): void {
 		if (Minz_Request::isPost()) {
-			FreshRSS_Context::userConf()->language = Minz_Request::paramString('language') ?: 'en';
+			$language = Minz_Request::paramString('language') ?: 'en';
+			if (Minz_Translate::exists($language)) {
+				FreshRSS_Context::userConf()->language = $language;
+			}
 			FreshRSS_Context::userConf()->timezone = Minz_Request::paramString('timezone');
 			$theme = Minz_Request::paramString('theme') ?: FreshRSS_Themes::$defaultTheme;
 			if (FreshRSS_Themes::exists($theme)) {

+ 5 - 0
lib/Minz/Translate.php

@@ -84,6 +84,10 @@ class Minz_Translate {
 		return array_values(array_unique($list_langs));
 	}
 
+	public static function exists(string $lang): bool {
+		return in_array($lang, Minz_Translate::availableLanguages(), true);
+	}
+
 	/**
 	 * Return the language to use in the application.
 	 * It returns the connected language if it exists then returns the first match from the
@@ -95,6 +99,7 @@ class Minz_Translate {
 	 */
 	public static function getLanguage(?string $user, array $preferred, ?string $default): string {
 		if (null !== $user) {
+			if (!self::exists($user)) return 'en';
 			return $user;
 		}