@@ -509,8 +509,24 @@ final class MD_STD {
|
||||
}
|
||||
$lang = $_GET['navlang'];
|
||||
}
|
||||
else if (isset($_COOKIE['__Host-lang']) and in_array($_COOKIE['__Host-lang'], $allowed_langs, true)) {
|
||||
$lang = $_COOKIE['__Host-lang'];
|
||||
else if (isset($_COOKIE['__Host-lang'])) {
|
||||
|
||||
if (in_array($_COOKIE['__Host-lang'], $allowed_langs, true)) {
|
||||
$lang = $_COOKIE['__Host-lang'];
|
||||
}
|
||||
else { // Invalid language cookie detected. Clean potential attempts at poisioning cookies.
|
||||
$lang = $default_lang;
|
||||
|
||||
// If the user is a bot or has no user agent at all or one of curl's,
|
||||
// setting a cookie usually makes little sense.
|
||||
// On the other hand, setting the cookie prevents effective caching.
|
||||
if (empty($_SERVER['HTTP_USER_AGENT']) || substr($_SERVER['HTTP_USER_AGENT'], 0, 5) === 'curl/') return $lang;
|
||||
|
||||
if (!setcookie('__Host-lang', $lang, $cookie_options)) {
|
||||
throw new Exception("Failed to set language");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
else {
|
||||
$lang = self::lang_getfrombrowser($allowed_langs, $default_lang, "", false);
|
||||
|
||||
Reference in New Issue
Block a user