aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/acp/acp_language.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/acp/acp_language.php')
-rw-r--r--phpBB/includes/acp/acp_language.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php
index 60e338ae7c..bddc2be9cb 100644
--- a/phpBB/includes/acp/acp_language.php
+++ b/phpBB/includes/acp/acp_language.php
@@ -34,7 +34,10 @@ class acp_language
global $config, $db, $user, $template;
global $phpbb_root_path, $phpEx, $request;
- include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+ if (!function_exists('validate_language_iso_name'))
+ {
+ include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+ }
// Check and set some common vars
$action = (isset($_POST['update_details'])) ? 'update_details' : '';
@@ -241,6 +244,11 @@ class acp_language
break;
case 'install':
+ if (!check_link_hash($request->variable('hash', ''), 'acp_language'))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
$lang_iso = request_var('iso', '');
$lang_iso = basename($lang_iso);
@@ -420,7 +428,7 @@ class acp_language
'ISO' => htmlspecialchars($lang_ary['iso']),
'LOCAL_NAME' => htmlspecialchars($lang_ary['local_name'], ENT_COMPAT, 'UTF-8'),
'NAME' => htmlspecialchars($lang_ary['name'], ENT_COMPAT, 'UTF-8'),
- 'U_INSTALL' => $this->u_action . '&action=install&iso=' . urlencode($lang_ary['iso']))
+ 'U_INSTALL' => $this->u_action . '&action=install&iso=' . urlencode($lang_ary['iso']) . '&hash=' . generate_link_hash('acp_language'))
);
}
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-02 10:51:13 +0000