[Patches] [PATCH] Bug 6629 : Sanitizing input from language cookie
koha-patchbot at kohaaloha.com
koha-patchbot at kohaaloha.com
Fri Nov 25 19:20:03 NZDT 2011
From: Chris Cormack <chrisc at catalyst.net.nz>
Date: Fri, 25 Nov 2011 19:07:28 +1300
Subject: [PATCH] Bug 6629 : Sanitizing input from language cookie
I dont think we can use only 2 digits, some languages is much longer
zh-hans-TW for example
But the regex should stop it bening able handle nasty chars,
whitelisting safe ones instead
---
C4/Templates.pm | 6 ++----
1 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/C4/Templates.pm b/C4/Templates.pm
index c2a5911..7021b91 100644
--- a/C4/Templates.pm
+++ b/C4/Templates.pm
@@ -277,8 +277,7 @@ sub themelanguage {
my @languages = split(",", C4::Context->preference(
$is_intranet ? 'language' : 'opaclanguages'));
my $lang;
- $lang = $query->cookie('KohaOpacLanguage')
- if defined $query and $query->cookie('KohaOpacLanguage');
+ $lang = getlanguagecookie;
unless ($lang) {
my $http_accept_language = $ENV{ HTTP_ACCEPT_LANGUAGE };
$lang = accept_language( $http_accept_language,
@@ -327,8 +326,7 @@ sub getlanguagecookie {
$lang = $ENV{HTTP_ACCEPT_LANGUAGE};
}
- $lang = substr($lang, 0, 2);
-
+ $lang =~ s/[^a-zA-Z_-]*//; #sanitzie
return $lang;
}
--
1.7.5.4
More information about the Patches
mailing list