From e177c9baed2c0ab8418e2205072adc9f68ea69ae Mon Sep 17 00:00:00 2001
From: Chris Cormack <chrisc@catalyst.net.nz>
Date: Fri, 25 Nov 2011 20:43:02 +1300
Subject: [PATCH] Bug 6629 vulnerability fix

Signed-off-by: Chris Nighswonger <chris.nighswonger@gmail.com>
---
 C4/Output.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/C4/Output.pm b/C4/Output.pm
index a6cb984f66..5851cb409c 100644
--- a/C4/Output.pm
+++ b/C4/Output.pm
@@ -160,6 +160,7 @@ sub themelanguage {
       if $http_accept_language;
     # But, if there's a cookie set, obey it
     $lang = $query->cookie('KohaOpacLanguage') if (defined $query and $query->cookie('KohaOpacLanguage'));
+    $lang =~ s/[^a-zA-Z_-]*//g; 
     # Fall back to English
     my @languages;
     if ($interface eq 'intranet') {
-- 
2.39.5