diff --git a/admin/modules/config/languages.php b/admin/modules/config/languages.php
index f5ae448ca2..780dd8f160 100644
--- a/admin/modules/config/languages.php
+++ b/admin/modules/config/languages.php
@@ -181,6 +181,13 @@
{
// Validate input
$editlang = basename($mybb->input['lang']);
+
+ if(in_array($editlang, array('.', '..')))
+ {
+ flash_message($lang->error_folders_fail, 'error');
+ admin_redirect("index.php?module=config-languages");
+ }
+
$folder = MYBB_ROOT."inc/languages/".$editlang."/";
$page->add_breadcrumb_item(preg_replace("<\?|\?>", "?", htmlspecialchars_uni($languages[$editlang])), "index.php?module=config-languages&action=quick_edit&lang=".htmlspecialchars_uni($editlang));
@@ -376,11 +383,26 @@
{
// Validate input
$editlang = basename($mybb->input['lang']);
+
+ if(in_array($editlang, array('.', '..')))
+ {
+ flash_message($lang->error_folders_fail, 'error');
+ admin_redirect("index.php?module=config-languages");
+ }
+
$folder = MYBB_ROOT."inc/languages/".$editlang."/";
$page->add_breadcrumb_item(preg_replace("<\?|\?>", "?", htmlspecialchars_uni($languages[$editlang])), "index.php?module=config-languages&action=edit&lang=".htmlspecialchars_uni($editlang));
$editwith = basename($mybb->get_input('editwith'));
+
+ if(in_array($editwith, array('.', '..')))
+ {
+ flash_message($lang->error_folders_fail, 'error');
+ admin_redirect("index.php?module=config-languages");
+ }
+
+
$editwithfolder = '';
if($editwith)
@@ -421,6 +443,13 @@
{
// Validate input
$file = basename($mybb->input['file']);
+
+ if(in_array($file, array('.', '..')))
+ {
+ flash_message($lang->error_folders_fail, 'error');
+ admin_redirect("index.php?module=config-languages");
+ }
+
if($mybb->get_input('inadmin') == 1)
{
$file = 'admin/'.$file;