diff options
| author |  Inverle <inverle@proton.me>
| 2025-08-30 16:26:24 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-08-30 16:26:24 +0200 |
| commit | 379a387ddeabdab428c2c6257ff6521f69e5d974 (patch) | |
| tree | bbd3e517d3bb42a7fd8b7b9170a4ad335abc5c86 /app | |
| parent | 43248b461d4f7b74fe0ab761259ef29e4b0636c6 (diff) | |
Disallow setting non-existent language (#7878)
The set language is used inside paths and can lead to issues by including PHP files from other locations
Diffstat (limited to 'app')
| -rw-r--r-- | app/Controllers/configureController.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php index 6c1561d7c..e69b46323 100644 --- a/app/Controllers/configureController.php +++ b/app/Controllers/configureController.php @@ -45,7 +45,10 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController { */ public function displayAction(): void { if (Minz_Request::isPost()) { - FreshRSS_Context::userConf()->language = Minz_Request::paramString('language') ?: 'en'; + $language = Minz_Request::paramString('language') ?: 'en'; + if (Minz_Translate::exists($language)) { + FreshRSS_Context::userConf()->language = $language; + } FreshRSS_Context::userConf()->timezone = Minz_Request::paramString('timezone'); $theme = Minz_Request::paramString('theme') ?: FreshRSS_Themes::$defaultTheme; if (FreshRSS_Themes::exists($theme)) { |