[Patches] [PATCH] [3.4.x] Bug 6629 fix for vulnerability

Fri Nov 25 20:55:02 NZDT 2011

From: Chris Cormack <chrisc at catalyst.net.nz>
Date: Fri, 25 Nov 2011 20:38:35 +1300
Subject: [PATCH] [3.4.x] Bug 6629 fix for vulnerability

---
 C4/Templates.pm |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/C4/Templates.pm b/C4/Templates.pm
index eaec07d..8d654df 100644
--- a/C4/Templates.pm
+++ b/C4/Templates.pm
@@ -180,7 +180,7 @@ sub themelanguage_lite {
     # But, if there's a cookie set, obey it
     $lang = $query->cookie('KohaOpacLanguage')
       if ( defined $query and $query->cookie('KohaOpacLanguage') );
-
+    $lang =~ s/[^a-zA-Z_-]*//; 
     # Fall back to English
     my @languages;
     if ( $interface eq 'intranet' ) {
@@ -324,6 +324,7 @@ sub themelanguage {
       if $http_accept_language;
     # But, if there's a cookie set, obey it
     $lang = $query->cookie('KohaOpacLanguage') if (defined $query and $query->cookie('KohaOpacLanguage'));
+    $lang =~ s/[^a-zA-Z_-]*//;
     # Fall back to English
     my @languages;
     if ($interface eq 'intranet') {
-- 
1.7.5.4
