fixes GHSA-rr39-mf4j-6594 prevent displaying RAW cookie content

... and also factorize code checking the cookie.lang user input

identification.php

@@ -125,17 +125,7 @@ if (!$conf['gallery_locked'] && (!isset($themeconf['hide_menu_on']) OR !in_array
   include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
 }
 
-//Load language if cookie is set from login/register/password pages
-if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
-{
-  if (!array_key_exists($_COOKIE['lang'], get_languages()))
-  {
-    fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
-  }
-  
-  $user['language'] = $_COOKIE['lang'];
-  load_language('common.lang', '', array('language'=>$user['language']));
-}
+load_cookie_language();
 
 //Get list of languages
 foreach (get_languages() as $language_code => $language_name)

include/functions.inc.php

@@ -1937,6 +1937,48 @@ function load_language($filename, $dirname = '', $options = array())
   return false;
 }
 
+function load_cookie_language($load_language=true, $update_user=false, $unset_cookie=false, $user_id=null)
+{
+  global $user;
+
+  // Load language if cookie is set from login/register/password pages
+  if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
+  {
+    if (!array_key_exists($_COOKIE['lang'], get_languages()))
+    {
+      fatal_error('[Hacking attempt] the input parameter "'.htmlspecialchars($_COOKIE['lang']).'" is not valid');
+    }
+  
+    $user['language'] = $_COOKIE['lang'];
+
+    if ($update_user)
+    {
+      single_update(
+        USER_INFOS_TABLE,
+        array(
+          'language' => $_COOKIE['lang']
+        ),
+        array(
+          'user_id' => $user_id ?? $user['id']
+        )
+      );
+    }
+
+    if ($load_language)
+    {
+      load_language('common.lang', '', array('language'=>$user['language']));
+    }
+
+    if ($unset_cookie)
+    {
+      // We unset the lang cookie, if user has changed their language using interface
+      // we don't want to keep setting it back to what was chosen using standard
+      // pages lang switch
+      setcookie("lang", "", time() - 3600);
+    }
+  }
+}
+
 /**
  * converts a string from a character set to another character set
  *

include/functions_user.inc.php

@@ -1051,25 +1051,7 @@ function log_user($user_id, $remember_me)
   //New default login and register pages, if users changes languages and succesfully logs in
   //we want to update the userpref language stored in a cookie
 
-  //TODO check value of cookie
-
-  if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
-  {
-    if (!array_key_exists($_COOKIE['lang'], get_languages()))
-    {
-      fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
-    }
-
-    single_update(
-      USER_INFOS_TABLE,
-      array('language' => $_COOKIE['lang']),
-      array('user_id' => $user_id)
-    );
-
-    // We unset the lang cookie, if user has changed their language using interface we don't want to keep setting it back 
-    // to what was chosen using standard pages lang switch
-    setcookie("lang", "", time() - 3600);
-  }
+  load_cookie_language(false, true, true, $user_id);
 
   if ($remember_me and $conf['authorize_remembering'])
   {

password.php

@@ -489,17 +489,7 @@ if (!isset($themeconf['hide_menu_on']) OR !in_array('thePasswordPage', $themecon
   include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
 }
 
-//Load language if cookie is set from login/register/password pages
-if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
-{
-  if (!array_key_exists($_COOKIE['lang'], get_languages()))
-  {
-    fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
-  }
-  
-  $user['language'] = $_COOKIE['lang'];
-  load_language('common.lang', '', array('language'=>$user['language']));
-}
+load_cookie_language();
 
 //Get list of languages
 foreach (get_languages() as $language_code => $language_name)

profile.php

@@ -78,27 +78,7 @@ SELECT '.implode(',', $fields).'
   
   include(PHPWG_ROOT_PATH.'include/page_header.php');
 
-  //Load language if cookie is set from login/register/password pages
-  if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
-  {
-    if (!array_key_exists($_COOKIE['lang'], get_languages()))
-    {
-      fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
-    }
-
-    $user['language'] = $_COOKIE['lang'];
-    single_update(
-      USER_INFOS_TABLE,
-      array(
-        'language' => $_COOKIE['lang']
-      ),
-      array(
-        'user_id' => $user['id']
-      )
-    );
-    
-    load_language('common.lang', '', array('language'=>$user['language']));
-  }
+  load_cookie_language(true, true);
 
   //Get list of languages
   foreach (get_languages() as $language_code => $language_name)

register.php

@@ -101,17 +101,7 @@ if (!isset($themeconf['hide_menu_on']) OR !in_array('theRegisterPage', $themecon
   include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
 }
 
-//Load language if cookie is set from login/register/password pages
-if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
-{
-  if (!array_key_exists($_COOKIE['lang'], get_languages()))
-  {
-    fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
-  }
-  
-  $user['language'] = $_COOKIE['lang'];
-  load_language('common.lang', '', array('language'=>$user['language']));
-}
+load_cookie_language();
 
 //Get list of languages
 foreach (get_languages() as $language_code => $language_name)