patch by David Benbennick
* (bug 4162) Add $wgThumbnailEpoch timestamp to force old thumbs to
be rerendered on demand, sitewide
+* (bug 4165) Correct validation for user language selection (data taint)
=== Caveats ===
if ($wgLanguageCode == '')
$wgLanguageCode = $wgUser->getOption('language');
# Validate $wgLanguageCode, which will soon be sent to an eval()
-if( empty( $wgLanguageCode ) || preg_match( '/^[^a-z-]*$/', $wgLanguageCode ) ) {
+if( empty( $wgLanguageCode ) || !preg_match( '/^[a-z]+(-[a-z]+)?$/', $wgLanguageCode ) ) {
$wgLanguageCode = $wgContLanguageCode;
}
dépôts / lhc / web / wiklou.git / commitdiff