static $recursionLevel = 0;
// Protect against path traversal below
- if ( !Language::isValidCode( $code ) ) {
+ if ( !Language::isValidCode( $code )
+ || strcspn( $code, "/\\\000" ) !== strlen( $code ) )
+ {
throw new MWException( "Invalid language code \"$code\"" );
}
*/
static function getFileName( $prefix = 'Language', $code, $suffix = '.php' ) {
// Protect against path traversal
- if ( !Language::isValidCode( $code ) ) {
+ if ( !Language::isValidCode( $code )
+ || strcspn( $code, "/\\\000" ) !== strlen( $code ) )
+ {
throw new MWException( "Invalid language code \"$code\"" );
}