From b3bd4bc384986dcc57e1329ba24aa8ee587015ff Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind@owncloud.com>
Date: Sun, 15 Apr 2012 15:35:20 +0200
Subject: [PATCH] sanity check on language selection

---
 settings/ajax/setlanguage.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/settings/ajax/setlanguage.php b/settings/ajax/setlanguage.php
index d8d1a86037..e3b00c3bc8 100644
--- a/settings/ajax/setlanguage.php
+++ b/settings/ajax/setlanguage.php
@@ -7,11 +7,17 @@ $l=OC_L10N::get('settings');
 
 OC_JSON::checkLoggedIn();
 
+
 // Get data
 if( isset( $_POST['lang'] ) ){
+	$languageCodes=OC_L10N::findAvailableLanguages();
 	$lang=$_POST['lang'];
-	OC_Preferences::setValue( OC_User::getUser(), 'core', 'lang', $lang );
-	OC_JSON::success(array("data" => array( "message" => $l->t("Language changed") )));
+	if(array_search($lang,$languageCodes) or $lang=='en'){
+		OC_Preferences::setValue( OC_User::getUser(), 'core', 'lang', $lang );
+		OC_JSON::success(array("data" => array( "message" => $l->t("Language changed") )));
+	}else{
+		OC_JSON::error(array("data" => array( "message" => $l->t("Invalid request") )));
+	}
 }else{
 	OC_JSON::error(array("data" => array( "message" => $l->t("Invalid request") )));
 }
-- 
GitLab