From b859d27a6f3730c171cab5397354804c0b02f965 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Mon, 4 May 2009 18:32:49 +0200
Subject: [PATCH] [svn r20282] Security improvements see FS#4152

---
 main/exercice/hotspot_lang_conversion.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/main/exercice/hotspot_lang_conversion.php b/main/exercice/hotspot_lang_conversion.php
index 0309186ad7..876dca1af2 100644
--- a/main/exercice/hotspot_lang_conversion.php
+++ b/main/exercice/hotspot_lang_conversion.php
@@ -33,15 +33,18 @@ $hotspot_lang_file = api_get_path(SYS_LANG_PATH);
 if(isset($_GET['lang'])) {
 	//$search = array('../','\\0','\\');
 	$lang = urldecode($_GET['lang']);
-	if (preg_match('/^[a-zA-Z0-9\._-]+$/', $lang)) {		
+	if (preg_match('/^[a-zA-Z0-9\._-]+$/', $lang)) {
 		//$lang = str_replace($search,$replace,urldecode($_GET['lang']));
 		if(file_exists($hotspot_lang_file . $lang . '/hotspot.inc.php'))
 			$hotspot_lang_file .= $lang . '/hotspot.inc.php';
 		else
 			$hotspot_lang_file .= 'english/hotspot.inc.php';
+	} else {
+		$hotspot_lang_file .= 'english/hotspot.inc.php';
 	}
-} else
+} else {
 	$hotspot_lang_file .= 'english/hotspot.inc.php';
+}
 
 $file = file($hotspot_lang_file);