diff options
| -rwxr-xr-x | LedgerSMB/Form.pm | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm index 01dbe085..90f99454 100755 --- a/LedgerSMB/Form.pm +++ b/LedgerSMB/Form.pm @@ -582,6 +582,9 @@ sub parse_template { my $ok; if ($self->{language_code}) { + if ($self->{language_code} =~ /(\.\.|\/|\*)/){ + $self->error("Invalid Language Code"); + } if (-f "$self->{templates}/$self->{language_code}/$self->{IN}") { open(IN, '<', "$self->{templates}/$self->{language_code}/$self->{IN}") or $self->error("$self->{IN} : $!"); |