From 6e094613712e9aabca1fac62beff2b1f8ee0b33e Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Fri, 17 Aug 2018 17:33:41 +0200
Subject: [PATCH] Fixed #5102
---
interface/lib/classes/functions.inc.php | 22 +++++++++++++++++++
interface/lib/classes/listform.inc.php | 2 +-
.../lib/classes/listform_actions.inc.php | 2 +-
.../classes/listform_tpl_generator.inc.php | 4 ++--
.../lib/classes/plugin_backuplist.inc.php | 2 +-
.../classes/plugin_backuplist_mail.inc.php | 2 +-
.../classes/plugin_directive_snippets.inc.php | 2 +-
interface/lib/classes/plugin_listview.inc.php | 2 +-
.../lib/classes/searchform_actions.inc.php | 4 ++--
interface/lib/classes/tform_base.inc.php | 4 ++--
.../lib/classes/tform_tpl_generator.inc.php | 2 +-
interface/web/admin/language_add.php | 2 +-
interface/web/admin/language_complete.php | 2 +-
interface/web/admin/language_edit.php | 2 +-
interface/web/admin/language_export.php | 2 +-
interface/web/admin/language_import.php | 2 +-
interface/web/admin/language_list.php | 2 +-
.../web/admin/remote_action_ispcupdate.php | 2 +-
.../web/admin/remote_action_osupdate.php | 2 +-
interface/web/admin/software_package_list.php | 2 +-
interface/web/admin/software_update_list.php | 2 +-
interface/web/client/client_del.php | 2 +-
interface/web/client/client_message.php | 2 +-
interface/web/client/domain_del.php | 2 +-
interface/web/client/domain_edit.php | 2 +-
interface/web/dashboard/dashboard.php | 2 +-
interface/web/dns/dns_import.php | 2 +-
interface/web/dns/dns_wizard.php | 2 +-
interface/web/js/scrigo.js.php | 1 +
interface/web/login/index.php | 4 ++--
interface/web/login/login_as.php | 2 +-
interface/web/login/logout.php | 2 +-
interface/web/login/password_reset.php | 2 +-
interface/web/mailuser/index.php | 2 +-
interface/web/nav.php | 2 +-
interface/web/sites/aps_install_package.php | 2 +-
.../web/sites/aps_packagedetails_show.php | 2 +-
.../web/sites/aps_update_packagelist.php | 2 +-
interface/web/tools/import_ispconfig.php | 2 +-
interface/web/tools/import_vpopmail.php | 2 +-
interface/web/tools/index.php | 2 +-
interface/web/tools/tpl_default.php | 2 +-
interface/web/tools/user_settings.php | 10 ++++-----
interface/web/vm/openvz_action.php | 2 +-
44 files changed, 72 insertions(+), 51 deletions(-)
diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php
index 57e5fdc64d..c948534616 100644
--- a/interface/lib/classes/functions.inc.php
+++ b/interface/lib/classes/functions.inc.php
@@ -477,6 +477,28 @@ class functions {
return $out;
}
+
+ // Function to check paths before we use it as include. Use with absolute paths only.
+ public function check_include_path($path) {
+ if(strpos($path,'//')) die('Include path seems to be an URL: '.$this->htmlentities($path));
+ if(strpos($path,'..')) die('Two dots are not allowed in include path: '.$this->htmlentities($path));
+ if(!preg_match("/^[a-zA-Z0-9_\/\.\-]{1,}$/", $path)) die('Wrong chars in include path: '.$this->htmlentities($path));
+ $path = realpath($path);
+ if($path == '') die('Include path does not exist.');
+ if(substr($path,0,strlen(ISPC_ROOT_PATH)) != ISPC_ROOT_PATH) die('Path '.$this->htmlentities($path).' is outside of ISPConfig installation directory.');
+ return $path;
+ }
+
+ // Function to check language strings
+ public function check_language($language) {
+ global $app;
+ if(preg_match('/^[a-z]{2}$/',$language)) {
+ return $language;
+ } else {
+ die('Invalid language string: '.$this->htmlentities($language));
+ }
+ }
+
}
?>
diff --git a/interface/lib/classes/listform.inc.php b/interface/lib/classes/listform.inc.php
index 15a1a53add..4b92daa73c 100644
--- a/interface/lib/classes/listform.inc.php
+++ b/interface/lib/classes/listform.inc.php
@@ -60,7 +60,7 @@ class listform {
}
//* Set local Language File
- $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_'.$this->listDef['name'].'_list.lng';
+ $lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_'.$this->listDef['name'].'_list.lng';
if(!file_exists($lng_file)) $lng_file = 'lib/lang/en_'.$this->listDef['name'].'_list.lng';
include $lng_file;
diff --git a/interface/lib/classes/listform_actions.inc.php b/interface/lib/classes/listform_actions.inc.php
index b4366feaa6..a13c3fdb73 100644
--- a/interface/lib/classes/listform_actions.inc.php
+++ b/interface/lib/classes/listform_actions.inc.php
@@ -249,7 +249,7 @@ class listform_actions {
global $app;
//* Set global Language File
- $lng_file = ISPC_LIB_PATH.'/lang/'.$_SESSION['s']['language'].'.lng';
+ $lng_file = ISPC_LIB_PATH.'/lang/'.$app->functions->check_language($_SESSION['s']['language']).'.lng';
if(!file_exists($lng_file))
$lng_file = ISPC_LIB_PATH.'/lang/en.lng';
include $lng_file;
diff --git a/interface/lib/classes/listform_tpl_generator.inc.php b/interface/lib/classes/listform_tpl_generator.inc.php
index 0cb158bb39..031f7a1e56 100644
--- a/interface/lib/classes/listform_tpl_generator.inc.php
+++ b/interface/lib/classes/listform_tpl_generator.inc.php
@@ -153,10 +153,10 @@ class listform_tpl_generator {
}
function lng_add($lang, $listDef, $module = '') {
- global $go_api, $go_info, $conf;
+ global $app, $conf;
if($module == '') {
- $lng_file = "lib/lang/".$conf["language"]."_".$listDef['name']."_list.lng";
+ $lng_file = "lib/lang/".$app->functions->check_language($conf["language"])."_".$listDef['name']."_list.lng";
} else {
$lng_file = '../'.$module."/lib/lang/en_".$listDef['name']."_list.lng";
}
diff --git a/interface/lib/classes/plugin_backuplist.inc.php b/interface/lib/classes/plugin_backuplist.inc.php
index 8e62589f76..e96be012e3 100644
--- a/interface/lib/classes/plugin_backuplist.inc.php
+++ b/interface/lib/classes/plugin_backuplist.inc.php
@@ -45,7 +45,7 @@ class plugin_backuplist extends plugin_base {
$listTpl->newTemplate('templates/web_backup_list.htm');
//* Loading language file
- $lng_file = "lib/lang/".$_SESSION["s"]["language"]."_web_backup_list.lng";
+ $lng_file = "lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_web_backup_list.lng";
include $lng_file;
$listTpl->setVar($wb);
diff --git a/interface/lib/classes/plugin_backuplist_mail.inc.php b/interface/lib/classes/plugin_backuplist_mail.inc.php
index 512fb8c9f0..af13355609 100644
--- a/interface/lib/classes/plugin_backuplist_mail.inc.php
+++ b/interface/lib/classes/plugin_backuplist_mail.inc.php
@@ -46,7 +46,7 @@ class plugin_backuplist_mail extends plugin_base {
$listTpl->newTemplate('templates/mail_user_backup_list.htm');
//* Loading language file
- $lng_file = "lib/lang/".$_SESSION["s"]["language"]."_mail_backup_list.lng";
+ $lng_file = "lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_mail_backup_list.lng";
include($lng_file);
$listTpl->setVar($wb);
diff --git a/interface/lib/classes/plugin_directive_snippets.inc.php b/interface/lib/classes/plugin_directive_snippets.inc.php
index 41138bca1e..5555264446 100644
--- a/interface/lib/classes/plugin_directive_snippets.inc.php
+++ b/interface/lib/classes/plugin_directive_snippets.inc.php
@@ -18,7 +18,7 @@ class plugin_directive_snippets extends plugin_base
$listTpl->newTemplate('templates/web_directive_snippets.htm');
//* Loading language file
- $lng_file = "lib/lang/".$_SESSION["s"]["language"]."_web_directive_snippets.lng";
+ $lng_file = "lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_web_directive_snippets.lng";
include $lng_file;
$listTpl->setVar($wb);
diff --git a/interface/lib/classes/plugin_listview.inc.php b/interface/lib/classes/plugin_listview.inc.php
index c9d8340e02..bd0aa0e160 100644
--- a/interface/lib/classes/plugin_listview.inc.php
+++ b/interface/lib/classes/plugin_listview.inc.php
@@ -120,7 +120,7 @@ class plugin_listview extends plugin_base {
}
// Loading language field
- $lng_file = "lib/lang/".$_SESSION["s"]["language"]."_".$app->listform->listDef['name']."_list.lng";
+ $lng_file = "lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_".$app->listform->listDef['name']."_list.lng";
include $lng_file;
$listTpl->setVar($wb);
diff --git a/interface/lib/classes/searchform_actions.inc.php b/interface/lib/classes/searchform_actions.inc.php
index e48eb8544d..c4372982c0 100644
--- a/interface/lib/classes/searchform_actions.inc.php
+++ b/interface/lib/classes/searchform_actions.inc.php
@@ -151,10 +151,10 @@ class searchform_actions {
global $app;
// Language File setzen
- $lng_file = ISPC_WEB_PATH.'/lang/lib/lang/'.$_SESSION['s']['language'].'_list.lng';
+ $lng_file = ISPC_WEB_PATH.'/lang/lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_list.lng';
if(!file_exists($lng_file)) $lng_file = ISPC_WEB_PATH.'/lang/lib/lang/en_'.'_list.lng';
include $lng_file;
- $lng_file = "lib/lang/".$_SESSION["s"]["language"]."_".$app->searchform->listDef['name']."_search.lng";
+ $lng_file = "lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_".$app->searchform->listDef['name']."_search.lng";
if(!file_exists($lng_file)) $lng_file = 'lib/lang/en_'.$app->searchform->listDef['name']."_search.lng";
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
index 0e839c53d3..3dc9edacc1 100644
--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -134,7 +134,7 @@ class tform_base {
$this->module = $module;
$wb = array();
- include_once ISPC_ROOT_PATH.'/lib/lang/'.$_SESSION['s']['language'].'.lng';
+ include_once ISPC_ROOT_PATH.'/lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'.lng';
if(is_array($wb)) $wb_global = $wb;
@@ -143,7 +143,7 @@ class tform_base {
if(!file_exists($lng_file)) $lng_file = "lib/lang/en_".$this->formDef["name"].".lng";
include $lng_file;
} else {
- $lng_file = "../$module/lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng";
+ $lng_file = "../$module/lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_".$this->formDef["name"].".lng";
if(!file_exists($lng_file)) $lng_file = "../$module/lib/lang/en_".$this->formDef["name"].".lng";
include $lng_file;
}
diff --git a/interface/lib/classes/tform_tpl_generator.inc.php b/interface/lib/classes/tform_tpl_generator.inc.php
index f841a09a69..f0d9649b9c 100644
--- a/interface/lib/classes/tform_tpl_generator.inc.php
+++ b/interface/lib/classes/tform_tpl_generator.inc.php
@@ -298,7 +298,7 @@ class tform_tpl_generator {
function lng_add($lang, $formDef) {
global $go_api, $go_info, $conf;
- $lng_file = "lib/lang/".$conf["language"]."_".$formDef['name'].".lng";
+ $lng_file = "lib/lang/".$app->functions->check_language($conf["language"])."_".$formDef['name'].".lng";
if(is_file($lng_file)) {
include $lng_file;
} else {
diff --git a/interface/web/admin/language_add.php b/interface/web/admin/language_add.php
index f58a2db16d..f36fd946d2 100644
--- a/interface/web/admin/language_add.php
+++ b/interface/web/admin/language_add.php
@@ -104,7 +104,7 @@ $app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_add.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_language_add.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/admin/language_complete.php b/interface/web/admin/language_complete.php
index d28e89aa25..234685498d 100644
--- a/interface/web/admin/language_complete.php
+++ b/interface/web/admin/language_complete.php
@@ -166,7 +166,7 @@ $app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_complete.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_language_complete.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/admin/language_edit.php b/interface/web/admin/language_edit.php
index c94a5eb280..f17c4ae9a8 100644
--- a/interface/web/admin/language_edit.php
+++ b/interface/web/admin/language_edit.php
@@ -104,7 +104,7 @@ $app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_edit.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_language_edit.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/admin/language_export.php b/interface/web/admin/language_export.php
index 44bc787bd3..3f54e53af8 100644
--- a/interface/web/admin/language_export.php
+++ b/interface/web/admin/language_export.php
@@ -111,7 +111,7 @@ if(isset($_POST['lng_select']) && $error == '') {
$app->tpl->setVar('msg', $msg);
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_export.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_language_export.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/admin/language_import.php b/interface/web/admin/language_import.php
index 2e70219804..6a2d0b5ba6 100644
--- a/interface/web/admin/language_import.php
+++ b/interface/web/admin/language_import.php
@@ -194,7 +194,7 @@ $app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_import.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_language_import.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/admin/language_list.php b/interface/web/admin/language_list.php
index 2cb28dc187..b935bddd95 100644
--- a/interface/web/admin/language_list.php
+++ b/interface/web/admin/language_list.php
@@ -97,7 +97,7 @@ $app->tpl->setLoop('records', $language_files_list);
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_list.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_language_list.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/admin/remote_action_ispcupdate.php b/interface/web/admin/remote_action_ispcupdate.php
index f22661e1d4..938f25a1a3 100644
--- a/interface/web/admin/remote_action_ispcupdate.php
+++ b/interface/web/admin/remote_action_ispcupdate.php
@@ -44,7 +44,7 @@ $app->tpl->newTemplate('form.tpl.htm');
$app->tpl->setInclude('content_tpl', 'templates/remote_action_ispcupdate.htm');
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_remote_action.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_remote_action.lng';
include $lng_file;
/*
diff --git a/interface/web/admin/remote_action_osupdate.php b/interface/web/admin/remote_action_osupdate.php
index 5e73cdfd0f..e39cf0eedf 100644
--- a/interface/web/admin/remote_action_osupdate.php
+++ b/interface/web/admin/remote_action_osupdate.php
@@ -43,7 +43,7 @@ $app->tpl->newTemplate('form.tpl.htm');
$app->tpl->setInclude('content_tpl', 'templates/remote_action_osupdate.htm');
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_remote_action.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_remote_action.lng';
include $lng_file;
/*
diff --git a/interface/web/admin/software_package_list.php b/interface/web/admin/software_package_list.php
index 5e552dbee7..b6664d4234 100644
--- a/interface/web/admin/software_package_list.php
+++ b/interface/web/admin/software_package_list.php
@@ -184,7 +184,7 @@ if(is_array($packages) && count($packages) > 0) {
$app->tpl->setLoop('records', $packages);
$language = (isset($_SESSION['s']['language']))?$_SESSION['s']['language']:$conf['language'];
-include_once 'lib/lang/'.$language.'_software_package_list.lng';
+include_once 'lib/lang/'.$app->functions->check_language($language).'_software_package_list.lng';
$app->tpl->setVar($wb);
diff --git a/interface/web/admin/software_update_list.php b/interface/web/admin/software_update_list.php
index c987e9e04b..6d680c0ec1 100644
--- a/interface/web/admin/software_update_list.php
+++ b/interface/web/admin/software_update_list.php
@@ -193,7 +193,7 @@ if(is_array($installed_packages)) {
$app->tpl->setLoop('records', $records_out);
$language = (isset($_SESSION['s']['language']))?$_SESSION['s']['language']:$conf['language'];
-include_once 'lib/lang/'.$language.'_software_update_list.lng';
+include_once 'lib/lang/'.$app->functions->check_language($language).'_software_update_list.lng';
$app->tpl->setVar($wb);
diff --git a/interface/web/client/client_del.php b/interface/web/client/client_del.php
index dfb4e74649..2bddd02a07 100644
--- a/interface/web/client/client_del.php
+++ b/interface/web/client/client_del.php
@@ -97,7 +97,7 @@ class page_action extends tform_actions {
$app->tpl->setLoop('records', $table_list);
//* load language file
- $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_client_del.lng';
+ $lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_client_del.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php
index b4638bd215..2617bbe67d 100644
--- a/interface/web/client/client_message.php
+++ b/interface/web/client/client_message.php
@@ -42,7 +42,7 @@ $app->tpl->newTemplate('form.tpl.htm');
$app->tpl->setInclude('content_tpl', 'templates/client_message.htm');
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_client_message.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_client_message.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/client/domain_del.php b/interface/web/client/domain_del.php
index 701b4494b8..1165f3f936 100644
--- a/interface/web/client/domain_del.php
+++ b/interface/web/client/domain_del.php
@@ -54,7 +54,7 @@ class page_action extends tform_actions {
global $app; $conf;
//* load language file
- $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'.lng';
+ $lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'.lng';
include $lng_file;
/*
diff --git a/interface/web/client/domain_edit.php b/interface/web/client/domain_edit.php
index 8867e29578..094e1899be 100644
--- a/interface/web/client/domain_edit.php
+++ b/interface/web/client/domain_edit.php
@@ -49,7 +49,7 @@ $app->uses('tpl,tform,tform_actions');
$app->load('tform_actions');
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'.lng';
include $lng_file;
diff --git a/interface/web/dashboard/dashboard.php b/interface/web/dashboard/dashboard.php
index 7f5fc6e2f0..5426ba9572 100644
--- a/interface/web/dashboard/dashboard.php
+++ b/interface/web/dashboard/dashboard.php
@@ -51,7 +51,7 @@ $app->uses('tpl');
$app->tpl->newTemplate("templates/dashboard.htm");
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/dns/dns_import.php b/interface/web/dns/dns_import.php
index 49c14185d0..540a731ba2 100644
--- a/interface/web/dns/dns_import.php
+++ b/interface/web/dns/dns_import.php
@@ -204,7 +204,7 @@ if ($settings['use_domain_module'] == 'y') {
}
}
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_dns_import.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_dns_import.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index 32112560a4..17d767550c 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -465,7 +465,7 @@ $csrf_token = $app->auth->csrf_token_get('dns_wizard');
$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_dns_wizard.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_dns_wizard.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/js/scrigo.js.php b/interface/web/js/scrigo.js.php
index 7c6bf31cbf..4022454f5b 100644
--- a/interface/web/js/scrigo.js.php
+++ b/interface/web/js/scrigo.js.php
@@ -3,6 +3,7 @@ include '../../lib/config.inc.php';
header('Content-Type: text/javascript; charset=utf-8'); // the config file sets the content type header so we have to override it here!
require_once '../../lib/app.inc.php';
$lang = (isset($_SESSION['s']['language']) && $_SESSION['s']['language'] != '')?$_SESSION['s']['language']:'en';
+$lang = $app->functions->check_language($lang);
include_once ISPC_ROOT_PATH.'/web/strengthmeter/lib/lang/'.$lang.'_strengthmeter.lng';
$app->uses('ini_parser,getconf');
diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 441de353ca..558896acb7 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -229,12 +229,12 @@ if(count($_POST) > 0) {
if ($loginAs) $_SESSION['s_old'] = $oldSession; // keep the way back!
$_SESSION['s']['user'] = $user;
$_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default';
- $_SESSION['s']['language'] = $user['language'];
+ $_SESSION['s']['language'] = $app->functions->check_language($user['language']);
$_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme'];
if ($loginAs) $_SESSION['s']['plugin_cache'] = $_SESSION['s_old']['plugin_cache'];
if(is_file(ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {
- include_once ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php';
+ include_once $app->functions->check_include_path(ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php');
$menu_dir = ISPC_WEB_PATH.'/' . $_SESSION['s']['user']['startmodule'] . '/lib/menu.d';
if (is_dir($menu_dir)) {
if ($dh = opendir($menu_dir)) {
diff --git a/interface/web/login/login_as.php b/interface/web/login/login_as.php
index 4b78c6c41b..159f15b77e 100644
--- a/interface/web/login/login_as.php
+++ b/interface/web/login/login_as.php
@@ -83,7 +83,7 @@ $dbData = $app->db->queryOneRecord(
* TODO: move the login_as form to a template file -> themeability
*/
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_login_as.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_login_as.lng';
include $lng_file;
echo '
diff --git a/interface/web/login/logout.php b/interface/web/login/logout.php
index a4a127ff8b..dc1c9e4a42 100644
--- a/interface/web/login/logout.php
+++ b/interface/web/login/logout.php
@@ -43,7 +43,7 @@ if (isset($_GET['l']) && ($_GET['l']== 1)) $forceLogout = true;
if ((isset($_SESSION['s_old']) && ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))) &&
(!$forceLogout)){
$utype = ($_SESSION['s_old']['user']['typ'] == 'admin' ? 'admin' : 'reseller');
- $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_login_as.lng';
+ $lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_login_as.lng';
include $lng_file;
echo '
<br /> <br /> <br /> <br />
diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index e6976bff73..02c71f2948 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -43,7 +43,7 @@ $app->tpl->setInclude('content_tpl', 'templates/password_reset.htm');
$app->tpl_defaults();
-include ISPC_ROOT_PATH.'/web/login/lib/lang/'.$_SESSION['s']['language'].'.lng';
+include ISPC_ROOT_PATH.'/web/login/lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'.lng';
$app->tpl->setVar($wb);
$continue = true;
diff --git a/interface/web/mailuser/index.php b/interface/web/mailuser/index.php
index b7748ac1cc..c9541df2bd 100644
--- a/interface/web/mailuser/index.php
+++ b/interface/web/mailuser/index.php
@@ -13,7 +13,7 @@ $msg = '';
$error = '';
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_index.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_index.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/nav.php b/interface/web/nav.php
index 68ceb898be..1091276b86 100644
--- a/interface/web/nav.php
+++ b/interface/web/nav.php
@@ -75,7 +75,7 @@ if(isset($_GET['nav']) && $_GET['nav'] == 'top') {
}
include_once $mt.'/lib/module.conf.php';
- $language = (isset($_SESSION['s']['user']['language']))?$_SESSION['s']['user']['language']:$conf['language'];
+ $language = $app->functions->check_language((isset($_SESSION['s']['user']['language']))?$_SESSION['s']['user']['language']:$conf['language']);
$app->load_language_file('web/'.$mt.'/lib/'.$language.'.lng');
$active = ($module['name'] == $_SESSION['s']['module']['name']) ? 1 : 0;
$topnav[$module['order'].'-'.$module['name']] = array( 'title' => $app->lng($module['title']),
diff --git a/interface/web/sites/aps_install_package.php b/interface/web/sites/aps_install_package.php
index 19ab785c95..4739e25b8a 100644
--- a/interface/web/sites/aps_install_package.php
+++ b/interface/web/sites/aps_install_package.php
@@ -42,7 +42,7 @@ $app->tpl->newTemplate("form.tpl.htm");
$app->tpl->setInclude('content_tpl', 'templates/aps_install_package.htm');
// Load the language file
-$lngfile = 'lib/lang/'.$_SESSION['s']['language'].'_aps.lng';
+$lngfile = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_aps.lng';
require_once $lngfile;
$app->tpl->setVar($wb);
$app->load_language_file('web/sites/'.$lngfile);
diff --git a/interface/web/sites/aps_packagedetails_show.php b/interface/web/sites/aps_packagedetails_show.php
index 1723ffbff2..d0503bf9f0 100644
--- a/interface/web/sites/aps_packagedetails_show.php
+++ b/interface/web/sites/aps_packagedetails_show.php
@@ -42,7 +42,7 @@ $app->tpl->newTemplate("listpage.tpl.htm");
$app->tpl->setInclude('content_tpl', 'templates/aps_packagedetails_show.htm');
// Load the language file
-$lngfile = 'lib/lang/'.$_SESSION['s']['language'].'_aps.lng';
+$lngfile = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_aps.lng';
require_once $lngfile;
$app->tpl->setVar($wb);
diff --git a/interface/web/sites/aps_update_packagelist.php b/interface/web/sites/aps_update_packagelist.php
index a1278d0ebe..821da77bb9 100644
--- a/interface/web/sites/aps_update_packagelist.php
+++ b/interface/web/sites/aps_update_packagelist.php
@@ -41,7 +41,7 @@ $msg = '';
$error = '';
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_aps_update_packagelist.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_aps_update_packagelist.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/tools/import_ispconfig.php b/interface/web/tools/import_ispconfig.php
index 4012802bc7..e2b8bad647 100644
--- a/interface/web/tools/import_ispconfig.php
+++ b/interface/web/tools/import_ispconfig.php
@@ -44,7 +44,7 @@ $msg = '';
$error = '';
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_import_ispconfig.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_import_ispconfig.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/tools/import_vpopmail.php b/interface/web/tools/import_vpopmail.php
index 3ef87710e5..0209c80e28 100644
--- a/interface/web/tools/import_vpopmail.php
+++ b/interface/web/tools/import_vpopmail.php
@@ -46,7 +46,7 @@ $msg = '';
$error = '';
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_import_vpopmail.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_import_vpopmail.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/tools/index.php b/interface/web/tools/index.php
index 05c7f71fba..0e223b98a4 100644
--- a/interface/web/tools/index.php
+++ b/interface/web/tools/index.php
@@ -41,7 +41,7 @@ $app->uses('tpl');
$app->tpl->newTemplate('listpage.tpl.htm');
$app->tpl->setInclude('content_tpl', 'templates/index.htm');
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_index.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_index.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/tools/tpl_default.php b/interface/web/tools/tpl_default.php
index dacbeae9b2..b4ac189daa 100644
--- a/interface/web/tools/tpl_default.php
+++ b/interface/web/tools/tpl_default.php
@@ -41,7 +41,7 @@ $app->uses('tpl');
$app->tpl->newTemplate('listpage.tpl.htm');
$app->tpl->setInclude('content_tpl', 'templates/tpl_default.htm');
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_tpl_default.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_tpl_default.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/tools/user_settings.php b/interface/web/tools/user_settings.php
index ccf86adda9..5c3876fb86 100644
--- a/interface/web/tools/user_settings.php
+++ b/interface/web/tools/user_settings.php
@@ -86,12 +86,10 @@ class page_action extends tform_actions {
if($_POST['passwort'] != $_POST['repeat_password']) {
$app->tform->errorMessage = $app->tform->lng('password_mismatch');
}
- if(preg_match('/[a-z]{2}/',$_POST['language'])) {
- $_SESSION['s']['user']['language'] = $_POST['language'];
- $_SESSION['s']['language'] = $_POST['language'];
- } else {
- $app->error('Invalid language.');
- }
+
+ $language = $app->functions->check_language($_POST['language']);
+ $_SESSION['s']['user']['language'] = $language;
+ $_SESSION['s']['language'] = $language;
}
function onAfterUpdate() {
diff --git a/interface/web/vm/openvz_action.php b/interface/web/vm/openvz_action.php
index 4b429eb44d..c0bedf19be 100644
--- a/interface/web/vm/openvz_action.php
+++ b/interface/web/vm/openvz_action.php
@@ -32,7 +32,7 @@ $app->tpl->newTemplate('form.tpl.htm');
$app->tpl->setInclude('content_tpl', 'templates/openvz_action.htm');
//* load language file
-$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_openvz_action.lng';
+$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_openvz_action.lng';
include_once $lng_file;
$app->tpl->setVar($wb);
--
GitLab