From 1d027303f4c2aa546a1dc31e005270647c974a2e Mon Sep 17 00:00:00 2001
From: Till <t.brehm@ispconfig.org>
Date: Thu, 26 Oct 2023 12:06:05 +0200
Subject: [PATCH] Fixes #6596 improve language file editor input validation

---
 interface/web/admin/language_edit.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/interface/web/admin/language_edit.php b/interface/web/admin/language_edit.php
index 39baec55e3..681f39acf7 100644
--- a/interface/web/admin/language_edit.php
+++ b/interface/web/admin/language_edit.php
@@ -64,6 +64,7 @@ if(isset($_POST['records']) && is_array($_POST['records'])) {
 		$val = stripslashes($val);
 		$val = preg_replace('/(^|[^\\\\])((\\\\\\\\)*)"/', '$1$2\\"', $val);
 		$val = str_replace('$', '', $val);
+		if(!preg_match("/^[a-z0-9_]+$/", $key)) die('Invalid language file key.');
 		$file_content .= '$wb['."'$key'".'] = "'.$val.'";'."\n";
 		$msg = 'File saved.';
 	}
-- 
GitLab