From 893992dd78a072cdb3b0d864e2d8511d2c74529b Mon Sep 17 00:00:00 2001
From: "Paul S. Owen" <psotfx@users.sourceforge.net>
Date: Fri, 29 Mar 2002 00:24:13 +0000
Subject: [PATCH] Check returned language string

git-svn-id: file:///svn/phpbb/trunk@2445 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/usercp_register.php | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/phpBB/includes/usercp_register.php b/phpBB/includes/usercp_register.php
index 312767006e..a3f762765a 100644
--- a/phpBB/includes/usercp_register.php
+++ b/phpBB/includes/usercp_register.php
@@ -145,7 +145,23 @@ if (
 
 	$user_style = ( isset($HTTP_POST_VARS['style']) ) ? intval($HTTP_POST_VARS['style']) : $board_config['default_style'];
 
-	$user_lang = ( !empty($HTTP_POST_VARS['language']) ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang'];
+	if ( !empty($HTTP_POST_VARS['language']) )
+	{
+		if ( preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) )
+		{
+			$user_lang = $HTTP_POST_VARS['language'];
+		}
+		else
+		{
+			$error = true;
+			$error_msg = $lang['Fields_empty'];
+		}
+	}
+	else
+	{
+		$user_lang = $board_config['default_lang'];
+	}
+
 	$user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone'];
 	$user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim($HTTP_POST_VARS['dateformat']) : $board_config['default_dateformat'];