|
81 | 81 | if ($file != '.' && $file != '..') { |
82 | 82 | if(@is_dir(ISPC_WEB_PATH.'/'.$file.'/lib/lang')) { |
83 | 83 | $handle2 = opendir(ISPC_WEB_PATH.'/'.$file.'/lib/lang'); |
84 | | - while ($lang_file = @readdir($handle2)) { |
85 | | - if ($lang_file != '.' && $lang_file != '..' && substr($lang_file, 0, 2) == 'en') { |
86 | | - $target_lang_file = $selected_language.substr($lang_file, 2); |
87 | | - merge_langfile(ISPC_WEB_PATH.'/'.$file.'/lib/lang/'.$target_lang_file, ISPC_WEB_PATH.'/'.$file.'/lib/lang/'.$lang_file); |
| 84 | + if($handle2) { |
| 85 | + while ($lang_file = @readdir($handle2)) { |
| 86 | + if ($lang_file != '.' && $lang_file != '..' && substr($lang_file, 0, 2) == 'en') { |
| 87 | + $target_lang_file = $selected_language.substr($lang_file, 2); |
| 88 | + merge_langfile(ISPC_WEB_PATH.'/'.$file.'/lib/lang/'.$target_lang_file, ISPC_WEB_PATH.'/'.$file.'/lib/lang/'.$lang_file); |
| 89 | + } |
88 | 90 | } |
| 91 | + closedir($handle2); |
89 | 92 | } |
| 93 | + |
90 | 94 | $handle2 = opendir(ISPC_WEB_PATH.'/'.$file.'/lib/lang'); |
91 | | - while ($lang_file = @readdir($handle2)) { |
92 | | - if ($lang_file != '.' && $lang_file != '..' && substr($lang_file, 0, 2) == $selected_language) { |
93 | | - $master_lang_file=ISPC_WEB_PATH.'/'.$file.'/lib/lang/en'.substr($lang_file, 2); |
94 | | - $target_lang_file=ISPC_WEB_PATH.'/'.$file.'/lib/lang/'.$lang_file; |
95 | | - if(!file_exists($master_lang_file)){ |
96 | | - unlink($target_lang_file); |
97 | | - $msg.="File $target_lang_file removed because does not exist in master language<br />"; |
| 95 | + if($handle2) { |
| 96 | + while ($lang_file = @readdir($handle2)) { |
| 97 | + if ($lang_file != '.' && $lang_file != '..' && substr($lang_file, 0, 2) == $selected_language) { |
| 98 | + $master_lang_file=ISPC_WEB_PATH.'/'.$file.'/lib/lang/en'.substr($lang_file, 2); |
| 99 | + $target_lang_file=ISPC_WEB_PATH.'/'.$file.'/lib/lang/'.$lang_file; |
| 100 | + if(!file_exists($master_lang_file)){ |
| 101 | + if(@unlink($target_lang_file)) { |
| 102 | + $msg.="File $target_lang_file removed because does not exist in master language<br />"; |
| 103 | + } |
| 104 | + } |
98 | 105 | } |
99 | 106 | } |
| 107 | + closedir($handle2); |
100 | 108 | }//Finish of remove the files how not exists in master language |
101 | 109 | } |
102 | 110 | } |
@@ -141,9 +149,11 @@ function merge_langfile($langfile, $masterfile) { |
141 | 149 |
|
142 | 150 | $file_content = "<?php\n"; |
143 | 151 | foreach($wb as $key => $val) { |
144 | | - $val = str_replace("'", "\\'", $val); |
145 | | - $val = str_replace('"', '\"', $val); |
146 | | - $file_content .= '$wb['."'$key'".'] = '."'$val';\n"; |
| 152 | + // Validate key: only allow letters, numbers, underscores, and spaces |
| 153 | + if(!preg_match("/^[a-zA-Z0-9_ ]+$/", $key)) continue; |
| 154 | + $safe_key = var_export($key, true); |
| 155 | + $safe_val = var_export($val, true); |
| 156 | + $file_content .= "\$wb[{$safe_key}] = {$safe_val};\n"; |
147 | 157 | } |
148 | 158 | $file_content .= "?>\n"; |
149 | 159 |
|
@@ -172,6 +182,3 @@ function merge_langfile($langfile, $masterfile) { |
172 | 182 |
|
173 | 183 | $app->tpl_defaults(); |
174 | 184 | $app->tpl->pparse(); |
175 | | - |
176 | | - |
177 | | -?> |
|
0 commit comments