Commit 8b087124 authored by Dries's avatar Dries

- Patch #740068 by sun, pwolanin, yoroy: SA-CORE-2010-01 locale module XSS vulnerabilities.

parent acb2348b
...@@ -337,13 +337,23 @@ function locale_languages_predefined_form_submit($form, &$form_state) { ...@@ -337,13 +337,23 @@ function locale_languages_predefined_form_submit($form, &$form_state) {
} }
$form_state['redirect'] = 'admin/config/regional/language'; $form_state['redirect'] = 'admin/config/regional/language';
return;
} }
/** /**
* Validate the language editing form. Reused for custom language addition too. * Validate the language editing form. Reused for custom language addition too.
*/ */
function locale_languages_edit_form_validate($form, &$form_state) { function locale_languages_edit_form_validate($form, &$form_state) {
// Ensure sane field values for langcode, name, and native.
if (!isset($form['langcode_view']) && preg_match('@[^a-zA-Z_-]@', $form_state['values']['langcode'])) {
form_set_error('langcode', t('%field may only contain characters a-z, underscores, or hyphens.', array('%field' => $form['langcode']['#title'])));
}
if ($form_state['values']['name'] != check_plain($form_state['values']['name'])) {
form_set_error('name', t('%field cannot contain any markup.', array('%field' => $form['name']['#title'])));
}
if ($form_state['values']['native'] != check_plain($form_state['values']['native'])) {
form_set_error('native', t('%field cannot contain any markup.', array('%field' => $form['native']['#title'])));
}
if (!empty($form_state['values']['domain']) && !empty($form_state['values']['prefix'])) { if (!empty($form_state['values']['domain']) && !empty($form_state['values']['prefix'])) {
form_set_error('prefix', t('Domain and path prefix values should not be set at the same time.')); form_set_error('prefix', t('Domain and path prefix values should not be set at the same time.'));
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment