diff options
| author | Josh Woody <a_jelly_doughnut@phpbb.com> | 2011-01-05 18:48:57 -0600 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2011-03-07 00:41:14 +0100 |
| commit | f7723b3e959b0cfd5ae738f9745f367aef1f0d47 (patch) | |
| tree | 1a761061dbfe9aec14ba8c9ec9d085a6a65208b5 /phpBB/includes/functions_user.php | |
| parent | 7027489c8ebbd1f3a77a6357db8dc6e862cd978d (diff) | |
| download | forums-f7723b3e959b0cfd5ae738f9745f367aef1f0d47.tar forums-f7723b3e959b0cfd5ae738f9745f367aef1f0d47.tar.gz forums-f7723b3e959b0cfd5ae738f9745f367aef1f0d47.tar.bz2 forums-f7723b3e959b0cfd5ae738f9745f367aef1f0d47.tar.xz forums-f7723b3e959b0cfd5ae738f9745f367aef1f0d47.zip | |
[ticket/9970] User language input is checked for existance
Users could select a language which did not exist in the database by altering
form fields because there was no back-end verification.
PHPBB3-9970
Diffstat (limited to 'phpBB/includes/functions_user.php')
| -rw-r--r-- | phpBB/includes/functions_user.php | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 0420aa70ab..7bab51323b 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1422,6 +1422,36 @@ function validate_match($string, $optional = false, $match = '') } /** +* Validate Language string +* +* Tests whether a language string is valid and exists on the disk +* This is the same criteria used to determine whether to include it or not. +* +* @param $lang - The language string to test +* +* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) +*/ +function validate_language($lang) +{ + global $phpbb_root_path; + + // Note: Two language strings are identical here because the English + // version "Language you specified is not valid" is correct for both + // cases + if (!preg_match('#^[a-z_\-]{2,}$#i', $lang)) + { + return 'WRONG_DATA'; + } + + if (!file_exists($phpbb_root_path . 'language/' . $lang . '/')) + { + return 'WRONG_DATA'; + } + + return false; +} + +/** * Check to see if the username has been taken, or if it is disallowed. * Also checks if it includes the " character, which we don't allow in usernames. * Used for registering, changing names, and posting anonymously with a username |