From 60a2ba19c9b14b53f3054b36fa0560bd82d5ad2c Mon Sep 17 00:00:00 2001
From: Chris Cormack <chrisc@catalyst.net.nz>
Date: Fri, 25 Nov 2011 20:38:35 +1300
Subject: [PATCH] Bug 6629 fix for vulnerability

Signed-off-by: Chris Nighswonger <chris.nighswonger@gmail.com>
---
 C4/Templates.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/C4/Templates.pm b/C4/Templates.pm
index eaec07d96a..2b96ad49c8 100644
--- a/C4/Templates.pm
+++ b/C4/Templates.pm
@@ -180,7 +180,7 @@ sub themelanguage_lite {
     # But, if there's a cookie set, obey it
     $lang = $query->cookie('KohaOpacLanguage')
       if ( defined $query and $query->cookie('KohaOpacLanguage') );
-
+    $lang =~ s/[^a-zA-Z_-]*//g; 
     # Fall back to English
     my @languages;
     if ( $interface eq 'intranet' ) {
@@ -324,6 +324,7 @@ sub themelanguage {
       if $http_accept_language;
     # But, if there's a cookie set, obey it
     $lang = $query->cookie('KohaOpacLanguage') if (defined $query and $query->cookie('KohaOpacLanguage'));
+    $lang =~ s/[^a-zA-Z_-]*//g;
     # Fall back to English
     my @languages;
     if ($interface eq 'intranet') {
-- 
2.39.5