diff options
author | Andrey Andreev <narf@bofh.bg> | 2012-10-24 19:49:04 +0200 |
---|---|---|
committer | Andrey Andreev <narf@bofh.bg> | 2012-10-24 19:49:04 +0200 |
commit | 2dce1ffda218456e19f28edce8b0d74122f4d55c (patch) | |
tree | 1f645c173574307ff3a509c0f9f9cfb765f2ab21 | |
parent | a7001e968a4791312391eb245ad84888893cda8f (diff) |
Fix #1268 (or rather enforce some security measures, there's nothing really broken)
-rw-r--r-- | system/core/Lang.php | 14 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 1 | ||||
-rw-r--r-- | user_guide_src/source/libraries/language.rst | 7 |
3 files changed, 12 insertions, 10 deletions
diff --git a/system/core/Lang.php b/system/core/Lang.php index 3001f1b13..601348aa4 100644 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -65,11 +65,11 @@ class CI_Lang { /** * Load a language file * - * @param mixed the name of the language file to be loaded - * @param string the language (english, etc.) - * @param bool return loaded array of translations - * @param bool add suffix to $langfile - * @param string alternative path to look for language file + * @param mixed $langile the name of the language file to be loaded + * @param string $idiom = '' the language (english, etc.) + * @param bool $return = FALSE return loaded array of translations + * @param bool $add_suffix = TRUE add suffix to $langfile + * @param string $alt_path = '' alternative path to look for language file * @return mixed */ public function load($langfile, $idiom = '', $return = FALSE, $add_suffix = TRUE, $alt_path = '') @@ -83,10 +83,10 @@ class CI_Lang { $langfile .= '.php'; - if ($idiom === '') + if (empty($idiom) OR ! ctype_alpha($idiom)) { $config =& get_config(); - $idiom = ( ! empty($config['language'])) ? $config['language'] : 'english'; + $idiom = empty($config['language']) ? 'english' : $config['language']; } if ($return === FALSE && isset($this->is_loaded[$langfile]) && $this->is_loaded[$langfile] === $idiom) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index de5ec4758..92f6a03ef 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -219,6 +219,7 @@ Release Date: Not Released - :doc:`Encryption Library <libraries/encryption>` changes include: - Added support for hashing algorithms other than SHA1 and MD5. - Removed previously deprecated ``sha1()`` method. + - Changed :doc:`Language Library <libraries/language>` method ``load()`` to filter the language name with ``ctype_digit()``. - Core diff --git a/user_guide_src/source/libraries/language.rst b/user_guide_src/source/libraries/language.rst index ec678cd21..b231f14a3 100644 --- a/user_guide_src/source/libraries/language.rst +++ b/user_guide_src/source/libraries/language.rst @@ -54,7 +54,9 @@ first. Loading a language file is done with the following code:: Where filename is the name of the file you wish to load (without the file extension), and language is the language set containing it (ie, english). If the second parameter is missing, the default language set -in your application/config/config.php file will be used. +in your *application/config/config.php* file will be used. + +.. note:: The *language* parameter can only consist of letters. Fetching a Line of Text ======================= @@ -67,8 +69,7 @@ text using this function:: Where language_key is the array key corresponding to the line you wish to show. -Note: This function simply returns the line. It does not echo it for -you. +.. note:: This method simply returns the line. It does not echo it. Using language lines as form labels ----------------------------------- |