Install/Update Languages: fixed directory traversal issue.

diff --git a/admin/inst_lang.php b/admin/inst_lang.php
index b2264c1dfd8e7b1b92be0a34f92d3c3b75e3e742..3ed51a6819fdae185b24d2b5385f277bca4ab5f3 100644 (file)
--- a/admin/inst_lang.php
+++ b/admin/inst_lang.php
@@ -151,16 +151,16 @@ function handle_submit($id)
                        $dflt_lang = $_POST['code'];
        }
        
-       $installed_languages[$id]['code'] = $_POST['code'];
+       $installed_languages[$id]['code'] = clean_file_name($_POST['code']);
        $installed_languages[$id]['name'] = $_POST['name'];
-       $installed_languages[$id]['path'] = 'lang/' . $_POST['code'];
+       $installed_languages[$id]['path'] = 'lang/' . clean_file_name(get_post('code'));
        $installed_languages[$id]['encoding'] = $_POST['encoding'];
        $installed_languages[$id]['rtl'] = (bool)$_POST['rtl'];
        $installed_languages[$id]['package'] = '';
        $installed_languages[$id]['version'] = '';
        if (!write_lang())
                return false;
-       $directory = $path_to_root . "/lang/" . $_POST['code'];
+       $directory = $path_to_root . "/lang/" . clean_file_name(get_post('code'));
        if (!file_exists($directory))
        {
                mkdir($directory);