[ticket/9970] User language input is checked for existance

Users could select a language which did not exist in the database by altering
form fields because there was no back-end verification.

PHPBB3-9970

phpBB/includes/functions_user.php

@@ -1421,6 +1421,36 @@ function validate_match($string, $optional = false, $match = '')
 	return false;
 }
 
+/**
+* Validate Language string
+*
+* Tests whether a language string is valid and exists on the disk
+* This is the same criteria used to determine whether to include it or not.
+*
+* @param $lang - The language string to test
+*
+* @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
+*/
+function validate_language($lang)
+{
+	global $phpbb_root_path;
+
+	// Note: Two language strings are identical here because the English
+	// version "Language you specified is not valid" is correct for both
+	// cases
+	if (!preg_match('#^[a-z_\-]{2,}$#i', $lang))
+	{
+		return 'WRONG_DATA';
+	}
+
+	if (!file_exists($phpbb_root_path . 'language/' . $lang . '/'))
+	{
+		return 'WRONG_DATA';
+	}
+
+	return false;
+}
+
 /**
 * Check to see if the username has been taken, or if it is disallowed.
 * Also checks if it includes the " character, which we don't allow in usernames.

phpBB/includes/ucp/ucp_prefs.php

@@ -65,7 +65,7 @@ class ucp_prefs
 
 					$error = validate_data($data, array(
 						'dateformat'	=> array('string', false, 1, 30),
-						'lang'			=> array('match', false, '#^[a-z0-9_\-]{2,}$#i'),
+						'lang'			=> array('language'),
 						'tz'			=> array('num', false, -14, 14),
 					));
 

phpBB/includes/ucp/ucp_register.php

@@ -210,7 +210,7 @@ class ucp_register
 					array('email')),
 				'email_confirm'		=> array('string', false, 6, 60),
 				'tz'				=> array('num', false, -14, 14),
-				'lang'				=> array('match', false, '#^[a-z_\-]{2,}$#i'),
+				'lang'				=> array('language'),
 			));
 
 			if (!check_form_key('ucp_register'))