diff options
-rw-r--r-- | profile.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/profile.php b/profile.php index 2580b375c..402b03971 100644 --- a/profile.php +++ b/profile.php @@ -149,6 +149,16 @@ function save_profile_from_post($userdata, &$errors) { $errors[] = l10n('Recent period must be a positive integer value') ; } + + if (!in_array($_POST['language'], array_keys(get_languages()))) + { + die('Hacking attempt, incorrect language value'); + } + + if (!in_array($_POST['theme'], array_keys(get_pwg_themes()))) + { + die('Hacking attempt, incorrect theme value'); + } } if (isset($_POST['mail_address'])) |