From 6e094613712e9aabca1fac62beff2b1f8ee0b33e Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Fri, 17 Aug 2018 17:33:41 +0200 Subject: [PATCH] Fixed #5102 --- interface/lib/classes/functions.inc.php | 22 +++++++++++++++++++ interface/lib/classes/listform.inc.php | 2 +- .../lib/classes/listform_actions.inc.php | 2 +- .../classes/listform_tpl_generator.inc.php | 4 ++-- .../lib/classes/plugin_backuplist.inc.php | 2 +- .../classes/plugin_backuplist_mail.inc.php | 2 +- .../classes/plugin_directive_snippets.inc.php | 2 +- interface/lib/classes/plugin_listview.inc.php | 2 +- .../lib/classes/searchform_actions.inc.php | 4 ++-- interface/lib/classes/tform_base.inc.php | 4 ++-- .../lib/classes/tform_tpl_generator.inc.php | 2 +- interface/web/admin/language_add.php | 2 +- interface/web/admin/language_complete.php | 2 +- interface/web/admin/language_edit.php | 2 +- interface/web/admin/language_export.php | 2 +- interface/web/admin/language_import.php | 2 +- interface/web/admin/language_list.php | 2 +- .../web/admin/remote_action_ispcupdate.php | 2 +- .../web/admin/remote_action_osupdate.php | 2 +- interface/web/admin/software_package_list.php | 2 +- interface/web/admin/software_update_list.php | 2 +- interface/web/client/client_del.php | 2 +- interface/web/client/client_message.php | 2 +- interface/web/client/domain_del.php | 2 +- interface/web/client/domain_edit.php | 2 +- interface/web/dashboard/dashboard.php | 2 +- interface/web/dns/dns_import.php | 2 +- interface/web/dns/dns_wizard.php | 2 +- interface/web/js/scrigo.js.php | 1 + interface/web/login/index.php | 4 ++-- interface/web/login/login_as.php | 2 +- interface/web/login/logout.php | 2 +- interface/web/login/password_reset.php | 2 +- interface/web/mailuser/index.php | 2 +- interface/web/nav.php | 2 +- interface/web/sites/aps_install_package.php | 2 +- .../web/sites/aps_packagedetails_show.php | 2 +- .../web/sites/aps_update_packagelist.php | 2 +- interface/web/tools/import_ispconfig.php | 2 +- interface/web/tools/import_vpopmail.php | 2 +- interface/web/tools/index.php | 2 +- interface/web/tools/tpl_default.php | 2 +- interface/web/tools/user_settings.php | 10 ++++----- interface/web/vm/openvz_action.php | 2 +- 44 files changed, 72 insertions(+), 51 deletions(-) diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php index 57e5fdc64d..c948534616 100644 --- a/interface/lib/classes/functions.inc.php +++ b/interface/lib/classes/functions.inc.php @@ -477,6 +477,28 @@ class functions { return $out; } + + // Function to check paths before we use it as include. Use with absolute paths only. + public function check_include_path($path) { + if(strpos($path,'//')) die('Include path seems to be an URL: '.$this->htmlentities($path)); + if(strpos($path,'..')) die('Two dots are not allowed in include path: '.$this->htmlentities($path)); + if(!preg_match("/^[a-zA-Z0-9_\/\.\-]{1,}$/", $path)) die('Wrong chars in include path: '.$this->htmlentities($path)); + $path = realpath($path); + if($path == '') die('Include path does not exist.'); + if(substr($path,0,strlen(ISPC_ROOT_PATH)) != ISPC_ROOT_PATH) die('Path '.$this->htmlentities($path).' is outside of ISPConfig installation directory.'); + return $path; + } + + // Function to check language strings + public function check_language($language) { + global $app; + if(preg_match('/^[a-z]{2}$/',$language)) { + return $language; + } else { + die('Invalid language string: '.$this->htmlentities($language)); + } + } + } ?> diff --git a/interface/lib/classes/listform.inc.php b/interface/lib/classes/listform.inc.php index 15a1a53add..4b92daa73c 100644 --- a/interface/lib/classes/listform.inc.php +++ b/interface/lib/classes/listform.inc.php @@ -60,7 +60,7 @@ class listform { } //* Set local Language File - $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_'.$this->listDef['name'].'_list.lng'; + $lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_'.$this->listDef['name'].'_list.lng'; if(!file_exists($lng_file)) $lng_file = 'lib/lang/en_'.$this->listDef['name'].'_list.lng'; include $lng_file; diff --git a/interface/lib/classes/listform_actions.inc.php b/interface/lib/classes/listform_actions.inc.php index b4366feaa6..a13c3fdb73 100644 --- a/interface/lib/classes/listform_actions.inc.php +++ b/interface/lib/classes/listform_actions.inc.php @@ -249,7 +249,7 @@ class listform_actions { global $app; //* Set global Language File - $lng_file = ISPC_LIB_PATH.'/lang/'.$_SESSION['s']['language'].'.lng'; + $lng_file = ISPC_LIB_PATH.'/lang/'.$app->functions->check_language($_SESSION['s']['language']).'.lng'; if(!file_exists($lng_file)) $lng_file = ISPC_LIB_PATH.'/lang/en.lng'; include $lng_file; diff --git a/interface/lib/classes/listform_tpl_generator.inc.php b/interface/lib/classes/listform_tpl_generator.inc.php index 0cb158bb39..031f7a1e56 100644 --- a/interface/lib/classes/listform_tpl_generator.inc.php +++ b/interface/lib/classes/listform_tpl_generator.inc.php @@ -153,10 +153,10 @@ class listform_tpl_generator { } function lng_add($lang, $listDef, $module = '') { - global $go_api, $go_info, $conf; + global $app, $conf; if($module == '') { - $lng_file = "lib/lang/".$conf["language"]."_".$listDef['name']."_list.lng"; + $lng_file = "lib/lang/".$app->functions->check_language($conf["language"])."_".$listDef['name']."_list.lng"; } else { $lng_file = '../'.$module."/lib/lang/en_".$listDef['name']."_list.lng"; } diff --git a/interface/lib/classes/plugin_backuplist.inc.php b/interface/lib/classes/plugin_backuplist.inc.php index 8e62589f76..e96be012e3 100644 --- a/interface/lib/classes/plugin_backuplist.inc.php +++ b/interface/lib/classes/plugin_backuplist.inc.php @@ -45,7 +45,7 @@ class plugin_backuplist extends plugin_base { $listTpl->newTemplate('templates/web_backup_list.htm'); //* Loading language file - $lng_file = "lib/lang/".$_SESSION["s"]["language"]."_web_backup_list.lng"; + $lng_file = "lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_web_backup_list.lng"; include $lng_file; $listTpl->setVar($wb); diff --git a/interface/lib/classes/plugin_backuplist_mail.inc.php b/interface/lib/classes/plugin_backuplist_mail.inc.php index 512fb8c9f0..af13355609 100644 --- a/interface/lib/classes/plugin_backuplist_mail.inc.php +++ b/interface/lib/classes/plugin_backuplist_mail.inc.php @@ -46,7 +46,7 @@ class plugin_backuplist_mail extends plugin_base { $listTpl->newTemplate('templates/mail_user_backup_list.htm'); //* Loading language file - $lng_file = "lib/lang/".$_SESSION["s"]["language"]."_mail_backup_list.lng"; + $lng_file = "lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_mail_backup_list.lng"; include($lng_file); $listTpl->setVar($wb); diff --git a/interface/lib/classes/plugin_directive_snippets.inc.php b/interface/lib/classes/plugin_directive_snippets.inc.php index 41138bca1e..5555264446 100644 --- a/interface/lib/classes/plugin_directive_snippets.inc.php +++ b/interface/lib/classes/plugin_directive_snippets.inc.php @@ -18,7 +18,7 @@ class plugin_directive_snippets extends plugin_base $listTpl->newTemplate('templates/web_directive_snippets.htm'); //* Loading language file - $lng_file = "lib/lang/".$_SESSION["s"]["language"]."_web_directive_snippets.lng"; + $lng_file = "lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_web_directive_snippets.lng"; include $lng_file; $listTpl->setVar($wb); diff --git a/interface/lib/classes/plugin_listview.inc.php b/interface/lib/classes/plugin_listview.inc.php index c9d8340e02..bd0aa0e160 100644 --- a/interface/lib/classes/plugin_listview.inc.php +++ b/interface/lib/classes/plugin_listview.inc.php @@ -120,7 +120,7 @@ class plugin_listview extends plugin_base { } // Loading language field - $lng_file = "lib/lang/".$_SESSION["s"]["language"]."_".$app->listform->listDef['name']."_list.lng"; + $lng_file = "lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_".$app->listform->listDef['name']."_list.lng"; include $lng_file; $listTpl->setVar($wb); diff --git a/interface/lib/classes/searchform_actions.inc.php b/interface/lib/classes/searchform_actions.inc.php index e48eb8544d..c4372982c0 100644 --- a/interface/lib/classes/searchform_actions.inc.php +++ b/interface/lib/classes/searchform_actions.inc.php @@ -151,10 +151,10 @@ class searchform_actions { global $app; // Language File setzen - $lng_file = ISPC_WEB_PATH.'/lang/lib/lang/'.$_SESSION['s']['language'].'_list.lng'; + $lng_file = ISPC_WEB_PATH.'/lang/lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_list.lng'; if(!file_exists($lng_file)) $lng_file = ISPC_WEB_PATH.'/lang/lib/lang/en_'.'_list.lng'; include $lng_file; - $lng_file = "lib/lang/".$_SESSION["s"]["language"]."_".$app->searchform->listDef['name']."_search.lng"; + $lng_file = "lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_".$app->searchform->listDef['name']."_search.lng"; if(!file_exists($lng_file)) $lng_file = 'lib/lang/en_'.$app->searchform->listDef['name']."_search.lng"; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php index 0e839c53d3..3dc9edacc1 100644 --- a/interface/lib/classes/tform_base.inc.php +++ b/interface/lib/classes/tform_base.inc.php @@ -134,7 +134,7 @@ class tform_base { $this->module = $module; $wb = array(); - include_once ISPC_ROOT_PATH.'/lib/lang/'.$_SESSION['s']['language'].'.lng'; + include_once ISPC_ROOT_PATH.'/lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'.lng'; if(is_array($wb)) $wb_global = $wb; @@ -143,7 +143,7 @@ class tform_base { if(!file_exists($lng_file)) $lng_file = "lib/lang/en_".$this->formDef["name"].".lng"; include $lng_file; } else { - $lng_file = "../$module/lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng"; + $lng_file = "../$module/lib/lang/".$app->functions->check_language($_SESSION["s"]["language"])."_".$this->formDef["name"].".lng"; if(!file_exists($lng_file)) $lng_file = "../$module/lib/lang/en_".$this->formDef["name"].".lng"; include $lng_file; } diff --git a/interface/lib/classes/tform_tpl_generator.inc.php b/interface/lib/classes/tform_tpl_generator.inc.php index f841a09a69..f0d9649b9c 100644 --- a/interface/lib/classes/tform_tpl_generator.inc.php +++ b/interface/lib/classes/tform_tpl_generator.inc.php @@ -298,7 +298,7 @@ class tform_tpl_generator { function lng_add($lang, $formDef) { global $go_api, $go_info, $conf; - $lng_file = "lib/lang/".$conf["language"]."_".$formDef['name'].".lng"; + $lng_file = "lib/lang/".$app->functions->check_language($conf["language"])."_".$formDef['name'].".lng"; if(is_file($lng_file)) { include $lng_file; } else { diff --git a/interface/web/admin/language_add.php b/interface/web/admin/language_add.php index f58a2db16d..f36fd946d2 100644 --- a/interface/web/admin/language_add.php +++ b/interface/web/admin/language_add.php @@ -104,7 +104,7 @@ $app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']); $app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']); //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_add.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_language_add.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/admin/language_complete.php b/interface/web/admin/language_complete.php index d28e89aa25..234685498d 100644 --- a/interface/web/admin/language_complete.php +++ b/interface/web/admin/language_complete.php @@ -166,7 +166,7 @@ $app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']); $app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']); //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_complete.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_language_complete.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/admin/language_edit.php b/interface/web/admin/language_edit.php index c94a5eb280..f17c4ae9a8 100644 --- a/interface/web/admin/language_edit.php +++ b/interface/web/admin/language_edit.php @@ -104,7 +104,7 @@ $app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']); //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_edit.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_language_edit.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/admin/language_export.php b/interface/web/admin/language_export.php index 44bc787bd3..3f54e53af8 100644 --- a/interface/web/admin/language_export.php +++ b/interface/web/admin/language_export.php @@ -111,7 +111,7 @@ if(isset($_POST['lng_select']) && $error == '') { $app->tpl->setVar('msg', $msg); //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_export.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_language_export.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/admin/language_import.php b/interface/web/admin/language_import.php index 2e70219804..6a2d0b5ba6 100644 --- a/interface/web/admin/language_import.php +++ b/interface/web/admin/language_import.php @@ -194,7 +194,7 @@ $app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']); $app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']); //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_import.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_language_import.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/admin/language_list.php b/interface/web/admin/language_list.php index 2cb28dc187..b935bddd95 100644 --- a/interface/web/admin/language_list.php +++ b/interface/web/admin/language_list.php @@ -97,7 +97,7 @@ $app->tpl->setLoop('records', $language_files_list); //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_list.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_language_list.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/admin/remote_action_ispcupdate.php b/interface/web/admin/remote_action_ispcupdate.php index f22661e1d4..938f25a1a3 100644 --- a/interface/web/admin/remote_action_ispcupdate.php +++ b/interface/web/admin/remote_action_ispcupdate.php @@ -44,7 +44,7 @@ $app->tpl->newTemplate('form.tpl.htm'); $app->tpl->setInclude('content_tpl', 'templates/remote_action_ispcupdate.htm'); //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_remote_action.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_remote_action.lng'; include $lng_file; /* diff --git a/interface/web/admin/remote_action_osupdate.php b/interface/web/admin/remote_action_osupdate.php index 5e73cdfd0f..e39cf0eedf 100644 --- a/interface/web/admin/remote_action_osupdate.php +++ b/interface/web/admin/remote_action_osupdate.php @@ -43,7 +43,7 @@ $app->tpl->newTemplate('form.tpl.htm'); $app->tpl->setInclude('content_tpl', 'templates/remote_action_osupdate.htm'); //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_remote_action.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_remote_action.lng'; include $lng_file; /* diff --git a/interface/web/admin/software_package_list.php b/interface/web/admin/software_package_list.php index 5e552dbee7..b6664d4234 100644 --- a/interface/web/admin/software_package_list.php +++ b/interface/web/admin/software_package_list.php @@ -184,7 +184,7 @@ if(is_array($packages) && count($packages) > 0) { $app->tpl->setLoop('records', $packages); $language = (isset($_SESSION['s']['language']))?$_SESSION['s']['language']:$conf['language']; -include_once 'lib/lang/'.$language.'_software_package_list.lng'; +include_once 'lib/lang/'.$app->functions->check_language($language).'_software_package_list.lng'; $app->tpl->setVar($wb); diff --git a/interface/web/admin/software_update_list.php b/interface/web/admin/software_update_list.php index c987e9e04b..6d680c0ec1 100644 --- a/interface/web/admin/software_update_list.php +++ b/interface/web/admin/software_update_list.php @@ -193,7 +193,7 @@ if(is_array($installed_packages)) { $app->tpl->setLoop('records', $records_out); $language = (isset($_SESSION['s']['language']))?$_SESSION['s']['language']:$conf['language']; -include_once 'lib/lang/'.$language.'_software_update_list.lng'; +include_once 'lib/lang/'.$app->functions->check_language($language).'_software_update_list.lng'; $app->tpl->setVar($wb); diff --git a/interface/web/client/client_del.php b/interface/web/client/client_del.php index dfb4e74649..2bddd02a07 100644 --- a/interface/web/client/client_del.php +++ b/interface/web/client/client_del.php @@ -97,7 +97,7 @@ class page_action extends tform_actions { $app->tpl->setLoop('records', $table_list); //* load language file - $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_client_del.lng'; + $lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_client_del.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php index b4638bd215..2617bbe67d 100644 --- a/interface/web/client/client_message.php +++ b/interface/web/client/client_message.php @@ -42,7 +42,7 @@ $app->tpl->newTemplate('form.tpl.htm'); $app->tpl->setInclude('content_tpl', 'templates/client_message.htm'); //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_client_message.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_client_message.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/client/domain_del.php b/interface/web/client/domain_del.php index 701b4494b8..1165f3f936 100644 --- a/interface/web/client/domain_del.php +++ b/interface/web/client/domain_del.php @@ -54,7 +54,7 @@ class page_action extends tform_actions { global $app; $conf; //* load language file - $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'.lng'; + $lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'.lng'; include $lng_file; /* diff --git a/interface/web/client/domain_edit.php b/interface/web/client/domain_edit.php index 8867e29578..094e1899be 100644 --- a/interface/web/client/domain_edit.php +++ b/interface/web/client/domain_edit.php @@ -49,7 +49,7 @@ $app->uses('tpl,tform,tform_actions'); $app->load('tform_actions'); //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'.lng'; include $lng_file; diff --git a/interface/web/dashboard/dashboard.php b/interface/web/dashboard/dashboard.php index 7f5fc6e2f0..5426ba9572 100644 --- a/interface/web/dashboard/dashboard.php +++ b/interface/web/dashboard/dashboard.php @@ -51,7 +51,7 @@ $app->uses('tpl'); $app->tpl->newTemplate("templates/dashboard.htm"); //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/dns/dns_import.php b/interface/web/dns/dns_import.php index 49c14185d0..540a731ba2 100644 --- a/interface/web/dns/dns_import.php +++ b/interface/web/dns/dns_import.php @@ -204,7 +204,7 @@ if ($settings['use_domain_module'] == 'y') { } } -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_dns_import.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_dns_import.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php index 32112560a4..17d767550c 100644 --- a/interface/web/dns/dns_wizard.php +++ b/interface/web/dns/dns_wizard.php @@ -465,7 +465,7 @@ $csrf_token = $app->auth->csrf_token_get('dns_wizard'); $app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']); $app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']); -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_dns_wizard.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_dns_wizard.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/js/scrigo.js.php b/interface/web/js/scrigo.js.php index 7c6bf31cbf..4022454f5b 100644 --- a/interface/web/js/scrigo.js.php +++ b/interface/web/js/scrigo.js.php @@ -3,6 +3,7 @@ include '../../lib/config.inc.php'; header('Content-Type: text/javascript; charset=utf-8'); // the config file sets the content type header so we have to override it here! require_once '../../lib/app.inc.php'; $lang = (isset($_SESSION['s']['language']) && $_SESSION['s']['language'] != '')?$_SESSION['s']['language']:'en'; +$lang = $app->functions->check_language($lang); include_once ISPC_ROOT_PATH.'/web/strengthmeter/lib/lang/'.$lang.'_strengthmeter.lng'; $app->uses('ini_parser,getconf'); diff --git a/interface/web/login/index.php b/interface/web/login/index.php index 441de353ca..558896acb7 100644 --- a/interface/web/login/index.php +++ b/interface/web/login/index.php @@ -229,12 +229,12 @@ if(count($_POST) > 0) { if ($loginAs) $_SESSION['s_old'] = $oldSession; // keep the way back! $_SESSION['s']['user'] = $user; $_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default'; - $_SESSION['s']['language'] = $user['language']; + $_SESSION['s']['language'] = $app->functions->check_language($user['language']); $_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme']; if ($loginAs) $_SESSION['s']['plugin_cache'] = $_SESSION['s_old']['plugin_cache']; if(is_file(ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) { - include_once ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php'; + include_once $app->functions->check_include_path(ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php'); $menu_dir = ISPC_WEB_PATH.'/' . $_SESSION['s']['user']['startmodule'] . '/lib/menu.d'; if (is_dir($menu_dir)) { if ($dh = opendir($menu_dir)) { diff --git a/interface/web/login/login_as.php b/interface/web/login/login_as.php index 4b78c6c41b..159f15b77e 100644 --- a/interface/web/login/login_as.php +++ b/interface/web/login/login_as.php @@ -83,7 +83,7 @@ $dbData = $app->db->queryOneRecord( * TODO: move the login_as form to a template file -> themeability */ -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_login_as.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_login_as.lng'; include $lng_file; echo ' diff --git a/interface/web/login/logout.php b/interface/web/login/logout.php index a4a127ff8b..dc1c9e4a42 100644 --- a/interface/web/login/logout.php +++ b/interface/web/login/logout.php @@ -43,7 +43,7 @@ if (isset($_GET['l']) && ($_GET['l']== 1)) $forceLogout = true; if ((isset($_SESSION['s_old']) && ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))) && (!$forceLogout)){ $utype = ($_SESSION['s_old']['user']['typ'] == 'admin' ? 'admin' : 'reseller'); - $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_login_as.lng'; + $lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_login_as.lng'; include $lng_file; echo '



diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php index e6976bff73..02c71f2948 100644 --- a/interface/web/login/password_reset.php +++ b/interface/web/login/password_reset.php @@ -43,7 +43,7 @@ $app->tpl->setInclude('content_tpl', 'templates/password_reset.htm'); $app->tpl_defaults(); -include ISPC_ROOT_PATH.'/web/login/lib/lang/'.$_SESSION['s']['language'].'.lng'; +include ISPC_ROOT_PATH.'/web/login/lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'.lng'; $app->tpl->setVar($wb); $continue = true; diff --git a/interface/web/mailuser/index.php b/interface/web/mailuser/index.php index b7748ac1cc..c9541df2bd 100644 --- a/interface/web/mailuser/index.php +++ b/interface/web/mailuser/index.php @@ -13,7 +13,7 @@ $msg = ''; $error = ''; //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_index.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_index.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/nav.php b/interface/web/nav.php index 68ceb898be..1091276b86 100644 --- a/interface/web/nav.php +++ b/interface/web/nav.php @@ -75,7 +75,7 @@ if(isset($_GET['nav']) && $_GET['nav'] == 'top') { } include_once $mt.'/lib/module.conf.php'; - $language = (isset($_SESSION['s']['user']['language']))?$_SESSION['s']['user']['language']:$conf['language']; + $language = $app->functions->check_language((isset($_SESSION['s']['user']['language']))?$_SESSION['s']['user']['language']:$conf['language']); $app->load_language_file('web/'.$mt.'/lib/'.$language.'.lng'); $active = ($module['name'] == $_SESSION['s']['module']['name']) ? 1 : 0; $topnav[$module['order'].'-'.$module['name']] = array( 'title' => $app->lng($module['title']), diff --git a/interface/web/sites/aps_install_package.php b/interface/web/sites/aps_install_package.php index 19ab785c95..4739e25b8a 100644 --- a/interface/web/sites/aps_install_package.php +++ b/interface/web/sites/aps_install_package.php @@ -42,7 +42,7 @@ $app->tpl->newTemplate("form.tpl.htm"); $app->tpl->setInclude('content_tpl', 'templates/aps_install_package.htm'); // Load the language file -$lngfile = 'lib/lang/'.$_SESSION['s']['language'].'_aps.lng'; +$lngfile = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_aps.lng'; require_once $lngfile; $app->tpl->setVar($wb); $app->load_language_file('web/sites/'.$lngfile); diff --git a/interface/web/sites/aps_packagedetails_show.php b/interface/web/sites/aps_packagedetails_show.php index 1723ffbff2..d0503bf9f0 100644 --- a/interface/web/sites/aps_packagedetails_show.php +++ b/interface/web/sites/aps_packagedetails_show.php @@ -42,7 +42,7 @@ $app->tpl->newTemplate("listpage.tpl.htm"); $app->tpl->setInclude('content_tpl', 'templates/aps_packagedetails_show.htm'); // Load the language file -$lngfile = 'lib/lang/'.$_SESSION['s']['language'].'_aps.lng'; +$lngfile = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_aps.lng'; require_once $lngfile; $app->tpl->setVar($wb); diff --git a/interface/web/sites/aps_update_packagelist.php b/interface/web/sites/aps_update_packagelist.php index a1278d0ebe..821da77bb9 100644 --- a/interface/web/sites/aps_update_packagelist.php +++ b/interface/web/sites/aps_update_packagelist.php @@ -41,7 +41,7 @@ $msg = ''; $error = ''; //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_aps_update_packagelist.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_aps_update_packagelist.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/tools/import_ispconfig.php b/interface/web/tools/import_ispconfig.php index 4012802bc7..e2b8bad647 100644 --- a/interface/web/tools/import_ispconfig.php +++ b/interface/web/tools/import_ispconfig.php @@ -44,7 +44,7 @@ $msg = ''; $error = ''; //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_import_ispconfig.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_import_ispconfig.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/tools/import_vpopmail.php b/interface/web/tools/import_vpopmail.php index 3ef87710e5..0209c80e28 100644 --- a/interface/web/tools/import_vpopmail.php +++ b/interface/web/tools/import_vpopmail.php @@ -46,7 +46,7 @@ $msg = ''; $error = ''; //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_import_vpopmail.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_import_vpopmail.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/tools/index.php b/interface/web/tools/index.php index 05c7f71fba..0e223b98a4 100644 --- a/interface/web/tools/index.php +++ b/interface/web/tools/index.php @@ -41,7 +41,7 @@ $app->uses('tpl'); $app->tpl->newTemplate('listpage.tpl.htm'); $app->tpl->setInclude('content_tpl', 'templates/index.htm'); -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_index.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_index.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/tools/tpl_default.php b/interface/web/tools/tpl_default.php index dacbeae9b2..b4ac189daa 100644 --- a/interface/web/tools/tpl_default.php +++ b/interface/web/tools/tpl_default.php @@ -41,7 +41,7 @@ $app->uses('tpl'); $app->tpl->newTemplate('listpage.tpl.htm'); $app->tpl->setInclude('content_tpl', 'templates/tpl_default.htm'); -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_tpl_default.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_tpl_default.lng'; include $lng_file; $app->tpl->setVar($wb); diff --git a/interface/web/tools/user_settings.php b/interface/web/tools/user_settings.php index ccf86adda9..5c3876fb86 100644 --- a/interface/web/tools/user_settings.php +++ b/interface/web/tools/user_settings.php @@ -86,12 +86,10 @@ class page_action extends tform_actions { if($_POST['passwort'] != $_POST['repeat_password']) { $app->tform->errorMessage = $app->tform->lng('password_mismatch'); } - if(preg_match('/[a-z]{2}/',$_POST['language'])) { - $_SESSION['s']['user']['language'] = $_POST['language']; - $_SESSION['s']['language'] = $_POST['language']; - } else { - $app->error('Invalid language.'); - } + + $language = $app->functions->check_language($_POST['language']); + $_SESSION['s']['user']['language'] = $language; + $_SESSION['s']['language'] = $language; } function onAfterUpdate() { diff --git a/interface/web/vm/openvz_action.php b/interface/web/vm/openvz_action.php index 4b429eb44d..c0bedf19be 100644 --- a/interface/web/vm/openvz_action.php +++ b/interface/web/vm/openvz_action.php @@ -32,7 +32,7 @@ $app->tpl->newTemplate('form.tpl.htm'); $app->tpl->setInclude('content_tpl', 'templates/openvz_action.htm'); //* load language file -$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_openvz_action.lng'; +$lng_file = 'lib/lang/'.$app->functions->check_language($_SESSION['s']['language']).'_openvz_action.lng'; include_once $lng_file; $app->tpl->setVar($wb); -- GitLab