fix directory traversal bug and some indenting

git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@70 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33

diff --git a/www/inc/language_manager.php b/www/inc/language_manager.php
index fd9f50b..a0f8d23 100644 (file)
--- a/www/inc/language_manager.php
+++ b/www/inc/language_manager.php
@@ -35,15 +35,23 @@ class LanguageManager
        {       
                global $template;
                
-               $this->templateFolder = $template;              
+               $this->templateFolder = $template;
+               //default fallback for empty setting
+               if($this->templateFolder=="")$this->templateFolder="./template/";
+               //make sure it ends with /
+               if(substr($this->templateFolder,-1,1)!="/")$this->templateFolder.="/";
        
                // check if cookie is set
                if (isset($_COOKIE[self::$COOKIE_NAME])) {
                        $this->lang = $_COOKIE[self::$COOKIE_NAME];
                } else {
-                       $this->lang = substr($_SERVER[HTTP_ACCEPT_LANGUAGE],0,2);
+                       $this->lang = substr($_SERVER["HTTP_ACCEPT_LANGUAGE"],0,2);
                }
                
+               //sanity check for $lang -> must only contain letters; fallback is de
+               if(ereg("^[a-zA-Z]+$",$this->lang)===false)
+                       $this->lang="de";
+               
                $this->setLanguageConfig();
        }
        
@@ -51,10 +59,10 @@ class LanguageManager
        public static function singleton()
        {
                if(!self::$instance) {
-               self::$instance = new LanguageManager();
-       }
-       
-       return self::$instance;
+                       self::$instance = new LanguageManager();
+               }
+               
+               return self::$instance;
        }
        
        /** set language */