Browse Source

avoid possible file name injection

git-svn-id: svn://svn.lighttpd.net/xcache/trunk@782 c26eb9a1-5813-0410-bd6c-c2e55f420ca7
3.0
Xuefer 11 years ago
parent
commit
25cfffd7f7
  1. 6
      admin/common.php

6
admin/common.php

@ -38,20 +38,20 @@ function get_language_file($name)
$l = strtolower($lang);
$file = get_language_file_ex($name, $l, $s);
if (!isset($file)) {
$l = strtok($l, '-');
$l = strtok($l, ':-');
$file = get_language_file_ex($name, $l, $s);
}
}
else if (!empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
foreach (explode(',', str_replace(' ', '', $_SERVER['HTTP_ACCEPT_LANGUAGE'])) as $l) {
$l = strtok($l, ';');
$l = strtok($l, ':;');
$file = get_language_file_ex($name, $l, $s);
if (isset($file)) {
$lang = $l;
break;
}
if (strpos($l, '-') !== false) {
$ll = strtok($l, '-');
$ll = strtok($l, ':-');
$file = get_language_file_ex($name, $ll, $s);
if (isset($file)) {
$lang = $l;

Loading…
Cancel
Save