[ghelda-devel] [56] SECURITY: Don't allow forged locales

[ Thread Index | Date Index | More lists.tuxfamily.org/ghelda-devel Archives ]

To: ghelda-devel@xxxxxxxxxxxxxxxxxxx
Subject: [ghelda-devel] [56] SECURITY: Don't allow forged locales
From: subversion@xxxxxxxxxxxxx
Date: Tue, 21 Jul 2009 20:58:32 +0200

Revision: 56
Author:   odyx
Date:     2009-07-21 20:58:31 +0200 (Tue, 21 Jul 2009)

Log Message:
-----------
SECURITY: Don't allow forged locales

Modified Paths:
--------------
    trunk/inc/g_gettext.php

Modified: trunk/inc/g_gettext.php
===================================================================
--- trunk/inc/g_gettext.php	2009-07-21 15:29:55 UTC (rev 55)
+++ trunk/inc/g_gettext.php	2009-07-21 18:58:31 UTC (rev 56)
@@ -51,6 +51,10 @@
 function g_setLocaleAndDomain($newLocale,$newDomain)
 {
     global $g_GT_locale,$g_GT_domain;
+    global $g_GT_supportedLocales;
+    
+    // Security: don't allow forged locales.
+    $newLocale = in_array($newLocale,$g_GT_supportedLocales)? $newLocale : $g_GT_locale;
 
     // Store the actual locale and domain
     $g_GT_oldLocale = $g_GT_locale;
@@ -69,4 +73,3 @@
 }
 
 ?>
-

Messages sorted by: [ date | thread ]
Prev by Date: [ghelda-devel] [55] Reasonable default
Next by Date: [ghelda-devel] [57] Include tailing ?> in g_functions.php
Previous by thread: [ghelda-devel] [55] Reasonable default
Next by thread: [ghelda-devel] [57] Include tailing ?> in g_functions.php

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/