diff options
| author | Josh Woody <a_jelly_doughnut@phpbb.com> | 2011-01-05 18:48:57 -0600 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2011-03-07 00:41:14 +0100 |
| commit | f7723b3e959b0cfd5ae738f9745f367aef1f0d47 (patch) | |
| tree | 1a761061dbfe9aec14ba8c9ec9d085a6a65208b5 | |
| parent | 7027489c8ebbd1f3a77a6357db8dc6e862cd978d (diff) | |
| download | forums-f7723b3e959b0cfd5ae738f9745f367aef1f0d47.tar forums-f7723b3e959b0cfd5ae738f9745f367aef1f0d47.tar.gz forums-f7723b3e959b0cfd5ae738f9745f367aef1f0d47.tar.bz2 forums-f7723b3e959b0cfd5ae738f9745f367aef1f0d47.tar.xz forums-f7723b3e959b0cfd5ae738f9745f367aef1f0d47.zip | |
[ticket/9970] User language input is checked for existance
Users could select a language which did not exist in the database by altering
form fields because there was no back-end verification.
PHPBB3-9970
| -rw-r--r-- | phpBB/includes/functions_user.php | 30 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_prefs.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_register.php | 2 |
3 files changed, 32 insertions, 2 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 0420aa70ab..7bab51323b 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1422,6 +1422,36 @@ function validate_match($string, $optional = false, $match = '') } /** +* Validate Language string +* +* Tests whether a language string is valid and exists on the disk +* This is the same criteria used to determine whether to include it or not. +* +* @param $lang - The language string to test +* +* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) +*/ +function validate_language($lang) +{ + global $phpbb_root_path; + + // Note: Two language strings are identical here because the English + // version "Language you specified is not valid" is correct for both + // cases + if (!preg_match('#^[a-z_\-]{2,}$#i', $lang)) + { + return 'WRONG_DATA'; + } + + if (!file_exists($phpbb_root_path . 'language/' . $lang . '/')) + { + return 'WRONG_DATA'; + } + + return false; +} + +/** * Check to see if the username has been taken, or if it is disallowed. * Also checks if it includes the " character, which we don't allow in usernames. * Used for registering, changing names, and posting anonymously with a username diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index cc8565e69d..76393530b2 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -65,7 +65,7 @@ class ucp_prefs $error = validate_data($data, array( 'dateformat' => array('string', false, 1, 30), - 'lang' => array('match', false, '#^[a-z0-9_\-]{2,}$#i'), + 'lang' => array('language'), 'tz' => array('num', false, -14, 14), )); diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 7fd99da55a..88f3343f6f 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -210,7 +210,7 @@ class ucp_register array('email')), 'email_confirm' => array('string', false, 6, 60), 'tz' => array('num', false, -14, 14), - 'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'), + 'lang' => array('language'), )); if (!check_form_key('ucp_register')) |