Ticket #479: 1184.diff
| File 1184.diff, 2.8 kB (added by dmorton, 14 months ago) |
|---|
-
branches/1.0/php/xlogin.php
86 86 87 87 // Get the expected form variables from the POST array 88 if (isset($_POST["language"]) ) {88 if (isset($_POST["language"]) && strlen($_POST["language"]) == 2 ) { 89 89 $display_language = trim($_POST["language"]); 90 90 } else { 91 91 $display_language = $default_display_language; 92 92 } 93 if (isset($_POST["charset"]) ) {93 if (isset($_POST["charset"]) && preg_match("/^[\x20-\x7e]{1,40}$/", $_POST["charset"])) { 94 94 $html_charset = trim($_POST["charset"]); 95 95 } else { -
branches/1.0/php/login.php
81 81 if (isset($_GET["super"])) { 82 82 $super = trim($_GET["super"]); 83 if($super != "register" && $super != "unregister") { 84 $logger->err("invalid super parameter"); 85 $super = ""; 86 } 83 87 } else { 84 88 $super = ""; … … 86 90 87 91 // Determine the initial language preference, 88 // either from default or from manually selected link 89 if (isset($_GET["lang"]) ) {92 // either from default or from manually selected link 93 if (isset($_GET["lang"]) && strlen($_GET["lang"]) == 2 ) { 90 94 $display_language = trim($_GET["lang"]); 91 95 $display_language_is_default = false; 92 } elseif (isset($_GET["prevlang"]) ) {96 } elseif (isset($_GET["prevlang"]) && strlen($_GET["prevlang"]) == 2) { 93 97 $display_language = trim($_GET["prevlang"]); 94 98 $display_language_is_default = true; … … 111 115 112 116 // Determine the user's character set preference 113 if (isset($_GET["charset"])) { 117 // Charset must be printable ascii, 1-40 characters. /^[\x20-\x7e]{1,40}$/ 118 if (isset($_GET["charset"]) && preg_match("/^[\x20-\x7e]{1,40}$/", $_GET["charset"])) { 114 119 $html_charset = trim($_GET["charset"]); 115 120 } else { -
branches/1.0/php/internal-init.php
87 87 88 88 // Determine the user's language preference 89 if (isset($_GET["lang"]) ) {89 if (isset($_GET["lang"]) && strlen($_GET["lang"]) == 2 ) { 90 90 $display_language = trim($_GET["lang"]); 91 91 } else { … … 98 98 99 99 // Determine the user's character set preference 100 if (isset($_GET["charset"]) ) {100 if (isset($_GET["charset"]) && preg_match("/^[\x20-\x7e]{1,40}$/", $_GET["charset"])) { 101 101 $html_charset = trim($_GET["charset"]); 102 102 } else {
