From 1a2cbfbf0cd666af05c28c3a7e51de3fb59bdd99 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Wed, 20 Nov 2013 03:34:56 -0500
Subject: [PATCH] Merge remote-tracking branch 'origin/stable-3.0.5'

---
 interface/web/tools/user_settings.php |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/interface/web/tools/user_settings.php b/interface/web/tools/user_settings.php
index 42e5559..95018ac 100644
--- a/interface/web/tools/user_settings.php
+++ b/interface/web/tools/user_settings.php
@@ -63,7 +63,7 @@
 		$app->tform->loadFormDef($tform_def_file);
 
 		// Importing ID
-		$this->id = $_SESSION['s']['user']['userid'];
+		$this->id = $app->functions->intval($_SESSION['s']['user']['userid']);
 		$_POST['id'] = $_SESSION['s']['user']['userid'];
 
 		if(count($_POST) > 1) {
@@ -86,8 +86,12 @@
 		if($_POST['passwort'] != $_POST['repeat_password']) {
 			$app->tform->errorMessage = $app->tform->lng('password_mismatch');
 		}
-		$_SESSION['s']['user']['language'] = $_POST['language'];
-		$_SESSION['s']['language'] = $_POST['language'];
+		if(preg_match('/[a-z]{2}/',$_POST['language'])) {
+			$_SESSION['s']['user']['language'] = $_POST['language'];
+			$_SESSION['s']['language'] = $_POST['language'];
+		} else {
+			$app->error('Invalid language.');
+		}
 	}
 
 

--
Gitblit v1.9.1