From e330ef6dc0633b6858d7b1f0016299d0f65e04b0 Mon Sep 17 00:00:00 2001
From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Mon, 13 Jul 2020 12:59:24 +0200
Subject: [PATCH] Install/Update Languages: fixed directory traversal issue.

---
 admin/inst_lang.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/admin/inst_lang.php b/admin/inst_lang.php
index b2264c1d..3ed51a68 100644
--- a/admin/inst_lang.php
+++ b/admin/inst_lang.php
@@ -151,16 +151,16 @@ function handle_submit($id)
 			$dflt_lang = $_POST['code'];
 	}
 	
-	$installed_languages[$id]['code'] = $_POST['code'];
+	$installed_languages[$id]['code'] = clean_file_name($_POST['code']);
 	$installed_languages[$id]['name'] = $_POST['name'];
-	$installed_languages[$id]['path'] = 'lang/' . $_POST['code'];
+	$installed_languages[$id]['path'] = 'lang/' . clean_file_name(get_post('code'));
 	$installed_languages[$id]['encoding'] = $_POST['encoding'];
 	$installed_languages[$id]['rtl'] = (bool)$_POST['rtl'];
 	$installed_languages[$id]['package'] = '';
 	$installed_languages[$id]['version'] = '';
 	if (!write_lang())
 		return false;
-	$directory = $path_to_root . "/lang/" . $_POST['code'];
+	$directory = $path_to_root . "/lang/" . clean_file_name(get_post('code'));
 	if (!file_exists($directory))
 	{
 		mkdir($directory);
-- 
2.30.2