Commit 058903a3 authored by Till Brehm's avatar Till Brehm

Apply stricter language filename check in admin language file editor.

parent ef8ba79a
Pipeline #202 passed with stage
in 3 minutes and 32 seconds
......@@ -49,7 +49,7 @@ $lang_file = $_REQUEST['lang_file'];
if(!preg_match("/^[a-z]+$/i", $lang)) die('unallowed characters in language name.');
if(!preg_match("/^[a-z_]+$/i", $module)) die('unallowed characters in module name.');
if(!preg_match("/^[a-z\._]+$/i", $lang_file)) die('unallowed characters in language file name.');
if(!preg_match("/^[a-z\._]+$/i", $lang_file) || strpos($lang_file,'..') !== false || substr($lang_file,-4) != '.lng') die('unallowed characters in language file name.');
$msg = '';
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment