Changeset 18356 for branches/3.1/wp-settings.php

Timestamp:

06/27/2011 09:36:48 PM (14 years ago)

Author:

ryan

Message:

Hardening. Santizers for WPLANG and new_admin_email. Prevent stomping ID and filter. Validate locale filename. Props westi. For 3.1.

Location:

branches/3.1

Files:

• . (modified) (1 prop)
• wp-settings.php (modified) (1 diff)

branches/3.1/wp-settings.php

@@ -259 +259 @@
 $locale = get_locale();
 $locale_file = WP_LANG_DIR . "/$locale.php";
-if ( is_readable( $locale_file ) )
+if ( ( 0 === validate_file( $locale ) ) && is_readable( $locale_file ) )
     require( $locale_file );
 unset($locale_file);