From 0c89efafc4e57aa67686ef40a3dabe0c9fe5e602 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Sun, 4 Dec 2005 10:53:48 +0000
Subject: [PATCH] * (bug 4165) Correct validation for user language selection
 (data taint)

---
 RELEASE-NOTES      | 1 +
 includes/Setup.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index fb6e492e7c..b13845e0a2 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -291,6 +291,7 @@ fully support the editing toolbar, but was found to be too confusing.
   patch by David Benbennick
 * (bug 4162) Add $wgThumbnailEpoch timestamp to force old thumbs to
   be rerendered on demand, sitewide
+* (bug 4165) Correct validation for user language selection (data taint)
 
 
 === Caveats ===
diff --git a/includes/Setup.php b/includes/Setup.php
index adacedeaeb..efcbbc98f3 100644
--- a/includes/Setup.php
+++ b/includes/Setup.php
@@ -217,7 +217,7 @@ $wgLanguageCode = $wgRequest->getText('uselang', '');
 if ($wgLanguageCode == '')
 	$wgLanguageCode = $wgUser->getOption('language');
 # Validate $wgLanguageCode, which will soon be sent to an eval()
-if( empty( $wgLanguageCode ) || preg_match( '/^[^a-z-]*$/', $wgLanguageCode ) ) {
+if( empty( $wgLanguageCode ) || !preg_match( '/^[a-z]+(-[a-z]+)?$/', $wgLanguageCode ) ) {
 	$wgLanguageCode = $wgContLanguageCode;
 }
 
-- 
2.20.1