From aca8b220df29c63c541e5cf507716a5ed2cdfb09 Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Sat, 13 Feb 2010 02:57:22 +0000
Subject: [PATCH] fixed problem pointed out by Nahuel Grisolia
 <ngrisolia@cybsec.com>

---
 login.php                                 |  4 ++--
 phpgwapi/inc/class.egw_framework.inc.php  | 10 +++++-----
 setup/check_install.php                   |  2 +-
 setup/inc/class.setup.inc.php             | 18 +++++++++++++++++-
 setup/inc/class.setup_html.inc.php        |  2 +-
 setup/inc/class.setup_process.inc.php     |  2 +-
 setup/inc/class.setup_translation.inc.php |  2 +-
 setup/inc/functions.inc.php               |  2 +-
 8 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/login.php b/login.php
index 27848eb604..48aa236922 100755
--- a/login.php
+++ b/login.php
@@ -310,7 +310,7 @@ else
 					$remember_time,'/');	// make the cookie valid for the whole site (incl. sitemgr) and not only the eGW install-dir
 			}
 
-			if ($_POST['lang'] && preg_match('/^[a-z]{2}(-[a-z]{2}){0,1}$/',$_POST['lang']) &&
+			if ($_POST['lang'] && preg_match('/^[a-z]{2}(-[a-z]{2})?$/',$_POST['lang']) &&
 				$_POST['lang'] != $GLOBALS['egw_info']['user']['preferences']['common']['lang'])
 			{
 				$GLOBALS['egw']->preferences->add('common','lang',$_POST['lang'],'session');
@@ -369,7 +369,7 @@ else
 				$GLOBALS['egw_info']['user']['preferences'] = $prefs->read_repository();
 			}
 		}
-		if ($_GET['lang'])
+		if ($_GET['lang'] && preg_match('/^[a-z]{2}(-[a-z]{2})?$/',$_GET['lang']))
 		{
 			$GLOBALS['egw_info']['user']['preferences']['common']['lang'] = $_GET['lang'];
 		}
diff --git a/phpgwapi/inc/class.egw_framework.inc.php b/phpgwapi/inc/class.egw_framework.inc.php
index 03545ad511..55e92d02fb 100644
--- a/phpgwapi/inc/class.egw_framework.inc.php
+++ b/phpgwapi/inc/class.egw_framework.inc.php
@@ -215,9 +215,11 @@ abstract class egw_framework
 	 */
 	protected function _get_header()
 	{
-		// get used language code
-		$lang_code = $GLOBALS['egw_info']['user']['preferences']['common']['lang'];
-
+		// get used language code (with a little xss check, if someone tries to sneak something in)
+		if (preg_match('/^[a-z]{2}(-[a-z]{2})?$/',$GLOBALS['egw_info']['user']['preferences']['common']['lang']))
+		{
+			$lang_code = $GLOBALS['egw_info']['user']['preferences']['common']['lang'];
+		}
 		//pngfix defaults to yes
 		if(!$GLOBALS['egw_info']['user']['preferences']['common']['disable_pngfix'])
 		{
@@ -269,9 +271,7 @@ abstract class egw_framework
 				$wz_tooltip.'?'.filemtime(EGW_SERVER_ROOT.$wz_tooltip).'" type="text/javascript"></script>';
 		}
 		return $this->_get_css()+array(
-			#'img_icon'      	=> EGW_IMAGES_DIR . '/favicon.ico',
 			'img_icon'			=> $var['favicon_file'],
-			#'img_shortcut'  	=> EGW_IMAGES_DIR . '/favicon.ico',
 			'img_shortcut'		=> $var['favicon_file'],
 			'pngfix'        	=> $pngfix,
 			'slider_effects'	=> $slider_effects,
diff --git a/setup/check_install.php b/setup/check_install.php
index a7d94432fe..634e7e49d8 100644
--- a/setup/check_install.php
+++ b/setup/check_install.php
@@ -768,7 +768,7 @@ if ($run_by_webserver)
 	));
 	$ConfigDomain = get_var('ConfigDomain',Array('POST','COOKIE'));
 	if (@$_GET['intro']) {
-		if($ConfigLang = get_var('ConfigLang',array('POST','COOKIE')))
+		if(($ConfigLang = setup::get_lang()))
 		{
 			$GLOBALS['egw_setup']->set_cookie('ConfigLang',$ConfigLang,(int) (time()+(1200*9)),'/');
 		}
diff --git a/setup/inc/class.setup.inc.php b/setup/inc/class.setup.inc.php
index ab8f5fbb13..b31777f0c2 100644
--- a/setup/inc/class.setup.inc.php
+++ b/setup/inc/class.setup.inc.php
@@ -197,6 +197,21 @@ class setup
 		}
 		setcookie($cookiename,$cookievalue,$cookietime,'/',$this->cookie_domain);
 	}
+	
+	/**
+	 * Get configuration language from $_POST or $_COOKIE and validate it
+	 * 
+	 * @return string
+	 */
+	static function get_lang()
+	{
+		$ConfigLang   = get_var('ConfigLang',  array('POST','COOKIE'));
+		if (preg_match('/^[a-z]{2}(-[a-z]{2})?$',$ConfigLang))
+		{
+			return $ConfigLang;
+		}
+		return 'en';
+	}
 
 	/**
 	 * authenticate the setup user
@@ -207,7 +222,8 @@ class setup
 	{
 		#phpinfo();
 		$FormLogout = get_var('FormLogout',  array('GET','POST'));
-		$ConfigLang   = get_var('ConfigLang',  array('POST','COOKIE'));
+		$ConfigLang   = self::get_lang();
+		if (!preg_match('/^['))
 		if(!$FormLogout)
 		{
 			$ConfigLogin  = get_var('ConfigLogin', array('POST'));
diff --git a/setup/inc/class.setup_html.inc.php b/setup/inc/class.setup_html.inc.php
index 4bfa346aa8..fc714df20f 100644
--- a/setup/inc/class.setup_html.inc.php
+++ b/setup/inc/class.setup_html.inc.php
@@ -169,7 +169,7 @@
 			$manual_remote_egw_url = 'http://manual.egroupware.org/egroupware';
 			$url_parts = explode('/',$_SERVER['PHP_SELF']);
 			$script = array_pop($url_parts);
-			$lang = get_var('ConfigLang',Array('POST','COOKIE'));
+			$lang = setup::get_lang();
 			$url = $manual_remote_egw_url.'/manual/index.php?referer='.urlencode($manual_remote_egw_url.'/setup/'.$script).
 				($lang ? '&lang='.urlencode($lang) : '');
 			$GLOBALS['setup_tpl']->set_var('manual','<a href="'.$url.'" target="manual" onclick="'.
diff --git a/setup/inc/class.setup_process.inc.php b/setup/inc/class.setup_process.inc.php
index 8410fd3c3f..142184e300 100755
--- a/setup/inc/class.setup_process.inc.php
+++ b/setup/inc/class.setup_process.inc.php
@@ -188,7 +188,7 @@ class setup_process
 			$langs = false;
 			if ($method == 'new')
 			{
-				$langs[] = ($own_lang = get_var('ConfigLang',Array('POST','COOKIE')));
+				$langs[] = ($own_lang = setup::get_lang());
 				if ($own_lang != 'en') $langs[] = 'en';
 			}
 			$this->translation->drop_add_all_langs($langs);
diff --git a/setup/inc/class.setup_translation.inc.php b/setup/inc/class.setup_translation.inc.php
index 5f82a25074..cd84677966 100644
--- a/setup/inc/class.setup_translation.inc.php
+++ b/setup/inc/class.setup_translation.inc.php
@@ -32,7 +32,7 @@ class setup_translation
 	 */
 	function __construct()
 	{
-		$ConfigLang = get_var('ConfigLang',Array('POST','COOKIE'));
+		$ConfigLang = setup::get_lang();
 
 		if(!$ConfigLang)
 		{
diff --git a/setup/inc/functions.inc.php b/setup/inc/functions.inc.php
index a96608f91a..d398c0ac8c 100644
--- a/setup/inc/functions.inc.php
+++ b/setup/inc/functions.inc.php
@@ -108,7 +108,7 @@ function lang_select($onChange=False,$ConfigLang='')
 {
 	if (!$ConfigLang)
 	{
-		$ConfigLang = get_var('ConfigLang',Array('POST','COOKIE'));
+		$ConfigLang = setup::get_lang();
 	}
 	$select = '<select name="ConfigLang"'.($onChange ? ' onchange="this.form.submit();"' : '').'>' . "\n";
 	$languages = get_langs();