Disallow setting non-existent language (#7878)

The set language is used inside paths and can lead to issues by including PHP files from other locations

app/Controllers/configureController.php

@@ -45,7 +45,10 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController {
 	 */
 	public function displayAction(): void {
 		if (Minz_Request::isPost()) {
-			FreshRSS_Context::userConf()->language = Minz_Request::paramString('language') ?: 'en';
+			$language = Minz_Request::paramString('language') ?: 'en';
+			if (Minz_Translate::exists($language)) {
+				FreshRSS_Context::userConf()->language = $language;
+			}
 			FreshRSS_Context::userConf()->timezone = Minz_Request::paramString('timezone');
 			$theme = Minz_Request::paramString('theme') ?: FreshRSS_Themes::$defaultTheme;
 			if (FreshRSS_Themes::exists($theme)) {

lib/Minz/Translate.php

@@ -84,6 +84,10 @@ class Minz_Translate {
 		return array_values(array_unique($list_langs));
 	}
 
+	public static function exists(string $lang): bool {
+		return in_array($lang, Minz_Translate::availableLanguages(), true);
+	}
+
 	/**
 	 * Return the language to use in the application.
 	 * It returns the connected language if it exists then returns the first match from the
@@ -95,6 +99,7 @@ class Minz_Translate {
 	 */
 	public static function getLanguage(?string $user, array $preferred, ?string $default): string {
 		if (null !== $user) {
+			if (!self::exists($user)) return 'en';
 			return $user;
 		}