From 4d4147b228ac90f329fd2d40dd4fb60cb980328a Mon Sep 17 00:00:00 2001
From: Jeremy Benoist <jeremy.benoist@gmail.com>
Date: Sat, 13 Oct 2018 09:24:39 +0200
Subject: Ensure language is valid

- Do not override locale if user has choosen a locale from the login screen.
- Add some tests about locale url
---
 src/Wallabag/CoreBundle/Controller/ConfigController.php       | 9 ++++++---
 src/Wallabag/CoreBundle/Event/Listener/UserLocaleListener.php | 8 +++++---
 2 files changed, 11 insertions(+), 6 deletions(-)

(limited to 'src/Wallabag/CoreBundle')

diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php
index 99576fbb..be6feb7c 100644
--- a/src/Wallabag/CoreBundle/Controller/ConfigController.php
+++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php
@@ -8,6 +8,7 @@ use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Validator\Constraints\Locale as LocaleConstraint;
 use Wallabag\CoreBundle\Entity\Config;
 use Wallabag\CoreBundle\Entity\TaggingRule;
 use Wallabag\CoreBundle\Form\Type\ChangePasswordType;
@@ -341,11 +342,13 @@ class ConfigController extends Controller
      */
     public function setLocaleAction(Request $request, $language = null)
     {
-        if (null !== $language) {
-            $this->get('session')->set('_locale', $language);
+        $errors = $this->get('validator')->validate($language, (new LocaleConstraint()));
+
+        if (0 === \count($errors)) {
+            $request->getSession()->set('_locale', $language);
         }
 
-        return $this->redirect($request->headers->get('referer'));
+        return $this->redirect($request->headers->get('referer', $this->generateUrl('homepage')));
     }
 
     /**
diff --git a/src/Wallabag/CoreBundle/Event/Listener/UserLocaleListener.php b/src/Wallabag/CoreBundle/Event/Listener/UserLocaleListener.php
index 367cdfb0..dc1db5c7 100644
--- a/src/Wallabag/CoreBundle/Event/Listener/UserLocaleListener.php
+++ b/src/Wallabag/CoreBundle/Event/Listener/UserLocaleListener.php
@@ -6,8 +6,10 @@ use Symfony\Component\HttpFoundation\Session\Session;
 use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
 
 /**
- * Stores the locale of the user in the session after the
- * login. This can be used by the LocaleListener afterwards.
+ * Stores the locale of the user in the session after the login.
+ * If no locale are defined (if user doesn't change it from the login screen), override it with the user's config one.
+ *
+ * This can be used by the LocaleListener afterwards.
  *
  * @see http://symfony.com/doc/master/cookbook/session/locale_sticky_session.html
  */
@@ -30,7 +32,7 @@ class UserLocaleListener
     {
         $user = $event->getAuthenticationToken()->getUser();
 
-        if (null !== $user->getConfig()->getLanguage()) {
+        if (null !== $user->getConfig()->getLanguage() && null === $this->session->get('_locale')) {
             $this->session->set('_locale', $user->getConfig()->getLanguage());
         }
     }
-- 
cgit v1.2.3