From c220da99596c4fbca3a4413dbf880dbfc8fd0121 Mon Sep 17 00:00:00 2001
From: Florian Schaal <florian@schaal-24.de>
Date: Fri, 24 Jan 2014 06:20:12 -0500
Subject: [PATCH] changed sql-query and make ure that the backup-sub-dir exists

---
 interface/web/tools/user_settings.php |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/interface/web/tools/user_settings.php b/interface/web/tools/user_settings.php
index 42e5559..95018ac 100644
--- a/interface/web/tools/user_settings.php
+++ b/interface/web/tools/user_settings.php
@@ -63,7 +63,7 @@
 		$app->tform->loadFormDef($tform_def_file);
 
 		// Importing ID
-		$this->id = $_SESSION['s']['user']['userid'];
+		$this->id = $app->functions->intval($_SESSION['s']['user']['userid']);
 		$_POST['id'] = $_SESSION['s']['user']['userid'];
 
 		if(count($_POST) > 1) {
@@ -86,8 +86,12 @@
 		if($_POST['passwort'] != $_POST['repeat_password']) {
 			$app->tform->errorMessage = $app->tform->lng('password_mismatch');
 		}
-		$_SESSION['s']['user']['language'] = $_POST['language'];
-		$_SESSION['s']['language'] = $_POST['language'];
+		if(preg_match('/[a-z]{2}/',$_POST['language'])) {
+			$_SESSION['s']['user']['language'] = $_POST['language'];
+			$_SESSION['s']['language'] = $_POST['language'];
+		} else {
+			$app->error('Invalid language.');
+		}
 	}
 
 

--
Gitblit v1.9.1