From aaa030949463954af4ba5c26231900bd8522c4a1 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Fri, 1 May 2026 17:03:17 +0200
Subject: [PATCH] fixes GHSA-rr39-mf4j-6594 prevent displaying RAW cookie
 content

---
 identification.php             | 2 +-
 include/functions_user.inc.php | 2 +-
 password.php                   | 2 +-
 profile.php                    | 2 +-
 register.php                   | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/identification.php b/identification.php
index 204a949e4..13f5c42e9 100644
--- a/identification.php
+++ b/identification.php
@@ -130,7 +130,7 @@ if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
 {
   if (!array_key_exists($_COOKIE['lang'], get_languages()))
   {
-    fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
+    fatal_error('[Hacking attempt] the input parameter "'.htmlspecialchars($_COOKIE['lang']).'" is not valid');
   }
   
   $user['language'] = $_COOKIE['lang'];
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index eae20fe68..48bbf35ef 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1057,7 +1057,7 @@ function log_user($user_id, $remember_me)
   {
     if (!array_key_exists($_COOKIE['lang'], get_languages()))
     {
-      fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
+      fatal_error('[Hacking attempt] the input parameter "'.htmlspecialchars($_COOKIE['lang']).'" is not valid');
     }
 
     single_update(
diff --git a/password.php b/password.php
index 543e65c0f..59691753c 100644
--- a/password.php
+++ b/password.php
@@ -494,7 +494,7 @@ if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
 {
   if (!array_key_exists($_COOKIE['lang'], get_languages()))
   {
-    fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
+    fatal_error('[Hacking attempt] the input parameter "'.htmlspecialchars($_COOKIE['lang']).'" is not valid');
   }
   
   $user['language'] = $_COOKIE['lang'];
diff --git a/profile.php b/profile.php
index 88a42cb9f..9ceb32b0f 100644
--- a/profile.php
+++ b/profile.php
@@ -83,7 +83,7 @@ SELECT '.implode(',', $fields).'
   {
     if (!array_key_exists($_COOKIE['lang'], get_languages()))
     {
-      fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
+      fatal_error('[Hacking attempt] the input parameter "'.htmlspecialchars($_COOKIE['lang']).'" is not valid');
     }
 
     $user['language'] = $_COOKIE['lang'];
diff --git a/register.php b/register.php
index 25cac78ec..aa76a5ee3 100644
--- a/register.php
+++ b/register.php
@@ -106,7 +106,7 @@ if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
 {
   if (!array_key_exists($_COOKIE['lang'], get_languages()))
   {
-    fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
+    fatal_error('[Hacking attempt] the input parameter "'.htmlspecialchars($_COOKIE['lang']).'" is not valid');
   }
   
   $user['language'] = $_COOKIE['lang'];