From 4d4147b228ac90f329fd2d40dd4fb60cb980328a Mon Sep 17 00:00:00 2001
From: Jeremy Benoist <jeremy.benoist@gmail.com>
Date: Sat, 13 Oct 2018 09:24:39 +0200
Subject: Ensure language is valid

- Do not override locale if user has choosen a locale from the login screen.
- Add some tests about locale url
---
 src/Wallabag/CoreBundle/Controller/ConfigController.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'src/Wallabag/CoreBundle/Controller/ConfigController.php')

diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php
index 99576fbb..be6feb7c 100644
--- a/src/Wallabag/CoreBundle/Controller/ConfigController.php
+++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php
@@ -8,6 +8,7 @@ use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Validator\Constraints\Locale as LocaleConstraint;
 use Wallabag\CoreBundle\Entity\Config;
 use Wallabag\CoreBundle\Entity\TaggingRule;
 use Wallabag\CoreBundle\Form\Type\ChangePasswordType;
@@ -341,11 +342,13 @@ class ConfigController extends Controller
      */
     public function setLocaleAction(Request $request, $language = null)
     {
-        if (null !== $language) {
-            $this->get('session')->set('_locale', $language);
+        $errors = $this->get('validator')->validate($language, (new LocaleConstraint()));
+
+        if (0 === \count($errors)) {
+            $request->getSession()->set('_locale', $language);
         }
 
-        return $this->redirect($request->headers->get('referer'));
+        return $this->redirect($request->headers->get('referer', $this->generateUrl('homepage')));
     }
 
     /**
-- 
cgit v1.2.3