mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-01 04:13:28 +01:00
fixed problem pointed out by Nahuel Grisolia <ngrisolia@cybsec.com>
This commit is contained in:
parent
2c81925b20
commit
a8803dbd9a
@ -310,7 +310,7 @@ else
|
|||||||
$remember_time,'/'); // make the cookie valid for the whole site (incl. sitemgr) and not only the eGW install-dir
|
$remember_time,'/'); // make the cookie valid for the whole site (incl. sitemgr) and not only the eGW install-dir
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($_POST['lang'] && preg_match('/^[a-z]{2}(-[a-z]{2}){0,1}$/',$_POST['lang']) &&
|
if ($_POST['lang'] && preg_match('/^[a-z]{2}(-[a-z]{2})?$/',$_POST['lang']) &&
|
||||||
$_POST['lang'] != $GLOBALS['egw_info']['user']['preferences']['common']['lang'])
|
$_POST['lang'] != $GLOBALS['egw_info']['user']['preferences']['common']['lang'])
|
||||||
{
|
{
|
||||||
$GLOBALS['egw']->preferences->add('common','lang',$_POST['lang'],'session');
|
$GLOBALS['egw']->preferences->add('common','lang',$_POST['lang'],'session');
|
||||||
@ -369,7 +369,7 @@ else
|
|||||||
$GLOBALS['egw_info']['user']['preferences'] = $prefs->read_repository();
|
$GLOBALS['egw_info']['user']['preferences'] = $prefs->read_repository();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ($_GET['lang'])
|
if ($_GET['lang'] && preg_match('/^[a-z]{2}(-[a-z]{2})?$/',$_GET['lang']))
|
||||||
{
|
{
|
||||||
$GLOBALS['egw_info']['user']['preferences']['common']['lang'] = $_GET['lang'];
|
$GLOBALS['egw_info']['user']['preferences']['common']['lang'] = $_GET['lang'];
|
||||||
}
|
}
|
||||||
|
@ -203,9 +203,11 @@ abstract class egw_framework
|
|||||||
*/
|
*/
|
||||||
protected function _get_header()
|
protected function _get_header()
|
||||||
{
|
{
|
||||||
// get used language code
|
// get used language code (with a little xss check, if someone tries to sneak something in)
|
||||||
$lang_code = $GLOBALS['egw_info']['user']['preferences']['common']['lang'];
|
if (preg_match('/^[a-z]{2}(-[a-z]{2})?$/',$GLOBALS['egw_info']['user']['preferences']['common']['lang']))
|
||||||
|
{
|
||||||
|
$lang_code = $GLOBALS['egw_info']['user']['preferences']['common']['lang'];
|
||||||
|
}
|
||||||
//pngfix defaults to yes
|
//pngfix defaults to yes
|
||||||
if(!$GLOBALS['egw_info']['user']['preferences']['common']['disable_pngfix'])
|
if(!$GLOBALS['egw_info']['user']['preferences']['common']['disable_pngfix'])
|
||||||
{
|
{
|
||||||
|
@ -774,7 +774,7 @@ if ($run_by_webserver)
|
|||||||
));
|
));
|
||||||
$ConfigDomain = get_var('ConfigDomain',Array('POST','COOKIE'));
|
$ConfigDomain = get_var('ConfigDomain',Array('POST','COOKIE'));
|
||||||
if (@$_GET['intro']) {
|
if (@$_GET['intro']) {
|
||||||
if($ConfigLang = get_var('ConfigLang',array('POST','COOKIE')))
|
if(($ConfigLang = setup::get_lang()))
|
||||||
{
|
{
|
||||||
$GLOBALS['egw_setup']->set_cookie('ConfigLang',$ConfigLang,(int) (time()+(1200*9)),'/');
|
$GLOBALS['egw_setup']->set_cookie('ConfigLang',$ConfigLang,(int) (time()+(1200*9)),'/');
|
||||||
}
|
}
|
||||||
|
@ -198,6 +198,21 @@ class setup
|
|||||||
setcookie($cookiename,$cookievalue,$cookietime,'/',$this->cookie_domain);
|
setcookie($cookiename,$cookievalue,$cookietime,'/',$this->cookie_domain);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get configuration language from $_POST or $_COOKIE and validate it
|
||||||
|
*
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
static function get_lang()
|
||||||
|
{
|
||||||
|
$ConfigLang = get_var('ConfigLang', array('POST','COOKIE'));
|
||||||
|
if (preg_match('/^[a-z]{2}(-[a-z]{2})?$',$ConfigLang))
|
||||||
|
{
|
||||||
|
return $ConfigLang;
|
||||||
|
}
|
||||||
|
return 'en';
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* authenticate the setup user
|
* authenticate the setup user
|
||||||
*
|
*
|
||||||
@ -207,7 +222,8 @@ class setup
|
|||||||
{
|
{
|
||||||
#phpinfo();
|
#phpinfo();
|
||||||
$FormLogout = get_var('FormLogout', array('GET','POST'));
|
$FormLogout = get_var('FormLogout', array('GET','POST'));
|
||||||
$ConfigLang = get_var('ConfigLang', array('POST','COOKIE'));
|
$ConfigLang = self::get_lang();
|
||||||
|
if (!preg_match('/^['))
|
||||||
if(!$FormLogout)
|
if(!$FormLogout)
|
||||||
{
|
{
|
||||||
$ConfigLogin = get_var('ConfigLogin', array('POST'));
|
$ConfigLogin = get_var('ConfigLogin', array('POST'));
|
||||||
|
@ -169,7 +169,7 @@
|
|||||||
$manual_remote_egw_url = 'http://manual.egroupware.org/egroupware';
|
$manual_remote_egw_url = 'http://manual.egroupware.org/egroupware';
|
||||||
$url_parts = explode('/',$_SERVER['PHP_SELF']);
|
$url_parts = explode('/',$_SERVER['PHP_SELF']);
|
||||||
$script = array_pop($url_parts);
|
$script = array_pop($url_parts);
|
||||||
$lang = get_var('ConfigLang',Array('POST','COOKIE'));
|
$lang = setup::get_lang();
|
||||||
$url = $manual_remote_egw_url.'/manual/index.php?referer='.urlencode($manual_remote_egw_url.'/setup/'.$script).
|
$url = $manual_remote_egw_url.'/manual/index.php?referer='.urlencode($manual_remote_egw_url.'/setup/'.$script).
|
||||||
($lang ? '&lang='.urlencode($lang) : '');
|
($lang ? '&lang='.urlencode($lang) : '');
|
||||||
$GLOBALS['setup_tpl']->set_var('manual','<a href="'.$url.'" target="manual" onclick="'.
|
$GLOBALS['setup_tpl']->set_var('manual','<a href="'.$url.'" target="manual" onclick="'.
|
||||||
|
@ -179,7 +179,7 @@
|
|||||||
$langs = false;
|
$langs = false;
|
||||||
if ($method == 'new')
|
if ($method == 'new')
|
||||||
{
|
{
|
||||||
$langs[] = ($own_lang = get_var('ConfigLang',Array('POST','COOKIE')));
|
$langs[] = ($own_lang = setup::get_lang());
|
||||||
if ($own_lang != 'en') $langs[] = 'en';
|
if ($own_lang != 'en') $langs[] = 'en';
|
||||||
}
|
}
|
||||||
$this->translation->drop_add_all_langs($langs);
|
$this->translation->drop_add_all_langs($langs);
|
||||||
|
@ -32,7 +32,7 @@
|
|||||||
*/
|
*/
|
||||||
function setup_translation()
|
function setup_translation()
|
||||||
{
|
{
|
||||||
$ConfigLang = get_var('ConfigLang',Array('POST','COOKIE'));
|
$ConfigLang = setup::get_lang();
|
||||||
|
|
||||||
if(!$ConfigLang)
|
if(!$ConfigLang)
|
||||||
{
|
{
|
||||||
|
@ -108,7 +108,7 @@ function lang_select($onChange=False,$ConfigLang='')
|
|||||||
{
|
{
|
||||||
if (!$ConfigLang)
|
if (!$ConfigLang)
|
||||||
{
|
{
|
||||||
$ConfigLang = get_var('ConfigLang',Array('POST','COOKIE'));
|
$ConfigLang = setup::get_lang();
|
||||||
}
|
}
|
||||||
$select = '<select name="ConfigLang"'.($onChange ? ' onchange="this.form.submit();"' : '').'>' . "\n";
|
$select = '<select name="ConfigLang"'.($onChange ? ' onchange="this.form.submit();"' : '').'>' . "\n";
|
||||||
$languages = get_langs();
|
$languages = get_langs();
|
||||||
|
Loading…
Reference in New Issue
Block a user