1 files changed, 10 insertions, 0 deletions
diff --git a/profile.php b/profile.php
index e0bb598e8..70f326b51 100644
--- a/profile.php
+++ b/profile.php
@@ -147,6 +147,16 @@ function save_profile_from_post($userdata, &$errors)
     {
       $errors[] = l10n('Recent period must be a positive integer value') ;
     }
+
+    if (!in_array($_POST['language'], array_keys(get_languages())))
+    {
+      die('Hacking attempt, incorrect language value');
+    }
+
+    if (!in_array($_POST['theme'], array_keys(get_pwg_themes())))
+    {
+      die('Hacking attempt, incorrect theme value');
+    }
   }
 
   if (isset($_POST['mail_address']))