diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php
index 6a01396f5433264e994ab53354a0b0857b442c14..f5245596c358320c2bbfd4a79e23aa48fc42152d 100644
--- a/lib/SimpleSAML/XHTML/Template.php
+++ b/lib/SimpleSAML/XHTML/Template.php
@@ -18,6 +18,7 @@ class SimpleSAML_XHTML_Template {
private $configuration = null;
private $template = 'default.php';
+ private $availableLanguages = array('en');
private $language = null;
private $langtext = array();
@@ -49,6 +50,8 @@ class SimpleSAML_XHTML_Template {
$this->template = $template;
$this->data['baseurlpath'] = $this->configuration->getBaseURL();
+
+ $this->availableLanguages = $this->configuration->getArray('language.available', array('en'));
if (isset($_GET['language'])) {
$this->setLanguage($_GET['language']);
@@ -74,8 +77,10 @@ class SimpleSAML_XHTML_Template {
* @param $language Language code for the language to set.
*/
public function setLanguage($language) {
- $this->language = $language;
- SimpleSAML_XHTML_Template::setLanguageCookie($language);
+ if (in_array($language, $this->availableLanguages, TRUE)) {
+ $this->language = $language;
+ SimpleSAML_XHTML_Template::setLanguageCookie($language);
+ }
}
/**
@@ -94,7 +99,7 @@ class SimpleSAML_XHTML_Template {
// Language is provided in a stored COOKIE
$languageCookie = SimpleSAML_XHTML_Template::getLanguageCookie();
- if ($languageCookie !== NULL) {
+ if ($languageCookie !== NULL && in_array($languageCookie, $this->availableLanguages, TRUE)) {
$this->language = $languageCookie;
return $languageCookie;
}
@@ -117,7 +122,6 @@ class SimpleSAML_XHTML_Template {
* languages in the header were available.
*/
private function getHTTPLanguage() {
- $availableLanguages = $this->configuration->getArray('language.available', array('en'));
$languageScore = SimpleSAML_Utilities::getAcceptLanguage();
/* For now we only use the default language map. We may use a configurable language map
@@ -136,7 +140,7 @@ class SimpleSAML_XHTML_Template {
$language = $languageMap[$language];
}
- if(!in_array($language, $availableLanguages, TRUE)) {
+ if(!in_array($language, $this->availableLanguages, TRUE)) {
/* Skip this language - we don't have it. */
continue;
}
@@ -167,10 +171,9 @@ class SimpleSAML_XHTML_Template {
* Returns a list of all available languages.
*/
private function getLanguageList() {
- $availableLanguages = $this->configuration->getArray('language.available', array('en'));
$thisLang = $this->getLanguage();
$lang = array();
- foreach ($availableLanguages AS $nl) {
+ foreach ($this->availableLanguages AS $nl) {
$lang[$nl] = ($nl == $thisLang);
}
return $lang;
@@ -651,11 +654,14 @@ class SimpleSAML_XHTML_Template {
* @return string|NULL The language, or NULL if unset.
*/
public static function getLanguageCookie() {
+ $config = SimpleSAML_Configuration::getInstance();
+ $availableLanguages = $config->getArray('language.available', array('en'));
- if (!isset($_COOKIE['language'])) {
- return NULL;
+ if (isset($_COOKIE['language']) && in_array((string)$_COOKIE['language'], $availableLanguages, TRUE)) {
+ return (string)$_COOKIE['language'];
}
- return (string)$_COOKIE['language'];
+
+ return NULL;
}
@@ -667,7 +673,10 @@ class SimpleSAML_XHTML_Template {
public static function setLanguageCookie($language) {
assert('is_string($language)');
- if (headers_sent()) {
+ $config = SimpleSAML_Configuration::getInstance();
+ $availableLanguages = $config->getArray('language.available', array('en'));
+
+ if (!in_array($language, $availableLanguages, TRUE) || headers_sent()) {
return;
}
setcookie('language', $language, time()+60*60*24*900, '/');