MDL-15252 string manager improvements - fixed regression - lang from POST was accepte...

author Petr Skoda <skodak@moodle.org>

Sat, 10 Apr 2010 20:41:26 +0000 (20:41 +0000)

committer Petr Skoda <skodak@moodle.org>

Sat, 10 Apr 2010 20:41:26 +0000 (20:41 +0000)
author Petr Skoda <skodak@moodle.org>
Sat, 10 Apr 2010 20:41:26 +0000 (20:41 +0000)
committer Petr Skoda <skodak@moodle.org>
Sat, 10 Apr 2010 20:41:26 +0000 (20:41 +0000)
diff --git a/lib/setup.php b/lib/setup.php

index 3ced44a..f6cf661 100644 (file)
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -580,9 +580,9 @@ if (!isset($CFG->theme)) {
  // in the language file.  Otherwise, if the admin hasn't specified a locale
  // then use the one from the default language.  Otherwise (and this is the
  // majority of cases), use the stored locale specified by admin.
-if (($lang = optional_param('lang', '', PARAM_SAFEDIR))) {
-    if (file_exists($CFG->dataroot .'/lang/'. $lang) or
-            file_exists($CFG->dirroot .'/lang/'. $lang)) {
+// note: do not accept lang parameter from POST
+if (isset($_GET['lang']) and ($lang = optional_param('lang', '', PARAM_SAFEDIR))) {
+    if (file_exists($CFG->langotherroot.'/'.$lang) or file_exists($CFG->dirroot.'/lang/'.$lang)) {
          $SESSION->lang = $lang;
      }
  }
author	Petr Skoda <skodak@moodle.org>
	Sat, 10 Apr 2010 20:41:26 +0000 (20:41 +0000)
committer	Petr Skoda <skodak@moodle.org>
	Sat, 10 Apr 2010 20:41:26 +0000 (20:41 +0000)