Happy New Year

[squirrelmail.git] / plugins / squirrelspell / modules / lang_change.mod

diff --git a/plugins/squirrelspell/modules/lang_change.mod b/plugins/squirrelspell/modules/lang_change.mod
index 6e0fbebe306cf7c3b0208773dc24d20fd41e1c41..3d2365342696e38367bdbea044a49564da250f71 100644 (file)
--- a/plugins/squirrelspell/modules/lang_change.mod
+++ b/plugins/squirrelspell/modules/lang_change.mod
@@ -9,13 +9,16 @@
  * for the user. Called after LANG_SETUP module.
  *
  * @author Konstantin Riabitsev <icon at duke.edu>
- * @copyright &copy; 1999-2006 The SquirrelMail Project Team
+ * @copyright 1999-2020 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
  * @subpackage squirrelspell
  */
 
+sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
+sm_validate_security_token($submitted_token, -1, TRUE);
+
 global $SQSPELL_APP_DEFAULT;
 
 if (! sqgetGlobalVar('use_langs',$use_langs,SQ_POST)) {
@@ -39,27 +42,25 @@ foreach ($use_langs as $lang) {
 if (sizeof($new_langs)>1) {
   $dsp_string = '';
   foreach( $new_langs as $a) {
-    $dsp_string .= _(htmlspecialchars(trim($a))) . ', ';
+    $dsp_string .= _(sm_encode_html_special_chars(trim($a))) . _(", ");
   }
   // remove last comma and space
   $dsp_string = substr( $dsp_string, 0, -2 );
 
-  /**
-   * i18n: first %s is comma separated list of languages, second %s - default language.
-   * Language names are translated, if they are present in squirrelmail.po file.
-   * make sure that you don't use html codes in language name translations
-   */
+  // i18n: first %s is comma separated list of languages, second %s - default language.
+  // Language names are translated, if they are present in squirrelmail.po file.
+  // make sure that you don't use html codes in language name translations
   $msg = '<p>'
     . sprintf(_("Settings adjusted to: %s with %s as default dictionary."),
-             '<strong>'.htmlspecialchars($dsp_string).'</strong>',
-             '<strong>'.htmlspecialchars(_($lang_default)).'</strong>')
+             '<strong>'.sm_encode_html_special_chars($dsp_string).'</strong>',
+             '<strong>'.sm_encode_html_special_chars(_($lang_default)).'</strong>')
     . '</p>';
 } else {
   /**
    * Only one dictionary is selected.
    */
   $msg = '<p>'
-    . sprintf(_("Using %s dictionary for spellcheck." ), '<strong>'.htmlspecialchars(_($new_langs[0])).'</strong>')
+    . sprintf(_("Using %s dictionary for spellcheck." ), '<strong>'.sm_encode_html_special_chars(_($new_langs[0])).'</strong>')
     . '</p>';
 }
 
@@ -76,4 +77,3 @@ sqspell_makePage(_("International Dictionaries Preferences Updated"),
  * End:
  * vim: syntax=php
  */
-?>
\ No newline at end of file