Fix header injection from lang code

cpanfile

@@ -6,7 +6,7 @@ requires 'Mojolicious::Plugin::Mail';
 requires 'Mojolicious::Plugin::GzipStatic';
 requires 'Mojolicious::Plugin::StaticCache';
 requires 'Mojolicious::Plugin::CSPHeader';
-requires 'Mojolicious::Plugin::FiatTux::Helpers', '== 0.07', url => 'https://framagit.org/fiat-tux/mojolicious/mojolicious-plugin-fiattux-helpers/-/archive/0.07/mojolicious-plugin-fiattux-helpers-0.07.tar.gz';
+requires 'Mojolicious::Plugin::FiatTux::Helpers', '== 0.08', url => 'https://framagit.org/fiat-tux/mojolicious/mojolicious-plugin-fiattux-helpers/-/archive/0.08/mojolicious-plugin-fiattux-helpers-0.08.tar.gz';
 requires 'Mojolicious::Plugin::FiatTux::GrantAccess', '== 0.05', url => 'https://framagit.org/fiat-tux/mojolicious/mojolicious-plugin-fiattux-grantaccess/-/archive/0.05/mojolicious-plugin-fiattux-grantaccess-0.05.tar.gz';
 requires 'Mojolicious::Plugin::FiatTux::Themes', '== 0.02', url => 'https://framagit.org/fiat-tux/mojolicious/mojolicious-plugin-fiattux-themes/-/archive/0.02/mojolicious-plugin-fiattux-themes-0.02.tar.gz';
 requires 'Filesys::DiskUsage';

lib/Lufi/Controller/Misc.pm

@@ -17,7 +17,9 @@ sub change_lang {
     my $c = shift;
     my $l = $c->param('l');
 
-    $c->cookie($c->app->moniker.'_lang' => $l, { path => $c->config('prefix') });
+    if ($c->iso639_native_name($l)) {
+        $c->cookie($c->app->moniker.'_lang' => $l, { path => $c->config('prefix') });
+    }
 
     if ($c->req->headers->referrer) {
         return $c->redirect_to($c->req->headers->referrer);

themes/default/lib/Lufi/I18N/ca.po

@@ -205,6 +205,10 @@ msgstr "Nom de fitxer"
 msgid "Files deleted at first download"
 msgstr ""
 
+#: themes/default/templates/mail.html.ep:46
+msgid "Free field"
+msgstr ""
+
 #: themes/default/templates/partial/render.js.ep:8
 msgid "Get the file"
 msgstr "Obté el fitxer"
@@ -344,11 +348,11 @@ msgstr "Les files en vermell indiquen que els fitxers han expirat i ja no són d
 msgid "Send all links by email"
 msgstr "Envia tots els enllaços per correu electrònic"
 
-#: themes/default/templates/mail.html.ep:45
+#: themes/default/templates/mail.html.ep:53
 msgid "Send with this server"
 msgstr "Envia amb aquest servidor"
 
-#: themes/default/templates/mail.html.ep:46
+#: themes/default/templates/mail.html.ep:54
 msgid "Send with your own mail software"
 msgstr "Envia amb el vostre propi programa de correu"
 

themes/default/lib/Lufi/I18N/en.po

@@ -202,6 +202,10 @@ msgstr ""
 msgid "Files deleted at first download"
 msgstr ""
 
+#: themes/default/templates/mail.html.ep:46
+msgid "Free field"
+msgstr ""
+
 #: themes/default/templates/partial/render.js.ep:8
 msgid "Get the file"
 msgstr ""
@@ -340,11 +344,11 @@ msgstr ""
 msgid "Send all links by email"
 msgstr ""
 
-#: themes/default/templates/mail.html.ep:45
+#: themes/default/templates/mail.html.ep:53
 msgid "Send with this server"
 msgstr ""
 
-#: themes/default/templates/mail.html.ep:46
+#: themes/default/templates/mail.html.ep:54
 msgid "Send with your own mail software"
 msgstr ""
 

themes/default/lib/Lufi/I18N/fr.po

@@ -204,6 +204,10 @@ msgstr "Nom du fichier"
 msgid "Files deleted at first download"
 msgstr "Fichiers supprimés au premier téléchargement"
 
+#: themes/default/templates/mail.html.ep:46
+msgid "Free field"
+msgstr ""
+
 #: themes/default/templates/partial/render.js.ep:8
 msgid "Get the file"
 msgstr "Récupérer le fichier"
@@ -342,11 +346,11 @@ msgstr "Les lignes en rouge indiquent que le fichier a expiré et n’est plus d
 msgid "Send all links by email"
 msgstr "Envoyer tous les liens par mail"
 
-#: themes/default/templates/mail.html.ep:45
+#: themes/default/templates/mail.html.ep:53
 msgid "Send with this server"
 msgstr "Envoyer avec ce serveur"
 
-#: themes/default/templates/mail.html.ep:46
+#: themes/default/templates/mail.html.ep:54
 msgid "Send with your own mail software"
 msgstr "Envoyer avec votre propre logiciel de mail"
 

themes/default/lib/Lufi/I18N/it.po

@@ -204,6 +204,10 @@ msgstr "Nome del file"
 msgid "Files deleted at first download"
 msgstr ""
 
+#: themes/default/templates/mail.html.ep:46
+msgid "Free field"
+msgstr ""
+
 #: themes/default/templates/partial/render.js.ep:8
 msgid "Get the file"
 msgstr "Ottenere il file"
@@ -346,11 +350,11 @@ msgstr ""
 msgid "Send all links by email"
 msgstr "Inviare tutti i link tramite email"
 
-#: themes/default/templates/mail.html.ep:45
+#: themes/default/templates/mail.html.ep:53
 msgid "Send with this server"
 msgstr "Inviare tramite questo server"
 
-#: themes/default/templates/mail.html.ep:46
+#: themes/default/templates/mail.html.ep:54
 msgid "Send with your own mail software"
 msgstr "Inviare tramite il vostro programma di posta"
 

themes/default/lib/Lufi/I18N/nl.po

@@ -191,6 +191,10 @@ msgstr "Bestandsnaam"
 msgid "Files deleted at first download"
 msgstr ""
 
+#: themes/default/templates/mail.html.ep:46
+msgid "Free field"
+msgstr ""
+
 #: themes/default/templates/partial/render.js.ep:8
 msgid "Get the file"
 msgstr "Download bestand"
@@ -333,11 +337,11 @@ msgstr "Rode rijen betekenen dat deze bestanden verlopen en verwijderd zijn."
 msgid "Send all links by email"
 msgstr "Verstuur alle links via mail"
 
-#: themes/default/templates/mail.html.ep:45
+#: themes/default/templates/mail.html.ep:53
 msgid "Send with this server"
 msgstr "Verstuur via deze server"
 
-#: themes/default/templates/mail.html.ep:46
+#: themes/default/templates/mail.html.ep:54
 msgid "Send with your own mail software"
 msgstr "Verstuur via eigen mail software"
 

themes/default/lib/Lufi/I18N/oc.po

@@ -204,6 +204,10 @@ msgstr "Nom del fichièr"
 msgid "Files deleted at first download"
 msgstr "Fichièr suprimit al primièr telecargament"
 
+#: themes/default/templates/mail.html.ep:46
+msgid "Free field"
+msgstr ""
+
 #: themes/default/templates/partial/render.js.ep:8
 msgid "Get the file"
 msgstr "Recuperar lo fichièr"
@@ -346,11 +350,11 @@ msgstr "Las linhas en roge indican que lo fichièr a expirat e es pas mai dispon
 msgid "Send all links by email"
 msgstr "Mandar totes los ligams per corrièl"
 
-#: themes/default/templates/mail.html.ep:45
+#: themes/default/templates/mail.html.ep:53
 msgid "Send with this server"
 msgstr "Mandar amb aqueste servidor"
 
-#: themes/default/templates/mail.html.ep:46
+#: themes/default/templates/mail.html.ep:54
 msgid "Send with your own mail software"
 msgstr "Mandar amb vòstre pròpri logicial de corrièl"
 

themes/default/lib/Lufi/I18N/pt.po

@@ -209,6 +209,10 @@ msgstr "Nome do ficheiro"
 msgid "Files deleted at first download"
 msgstr ""
 
+#: themes/default/templates/mail.html.ep:46
+msgid "Free field"
+msgstr ""
+
 #: themes/default/templates/partial/render.js.ep:8
 msgid "Get the file"
 msgstr "Recuperar o ficheiro"
@@ -351,11 +355,11 @@ msgstr "As linhas a vermelho indicam que o ficheiro expirou e já não está dis
 msgid "Send all links by email"
 msgstr "Enviar todos os links por e-mail"
 
-#: themes/default/templates/mail.html.ep:45
+#: themes/default/templates/mail.html.ep:53
 msgid "Send with this server"
 msgstr "Enviar com este servidor"
 
-#: themes/default/templates/mail.html.ep:46
+#: themes/default/templates/mail.html.ep:54
 msgid "Send with your own mail software"
 msgstr "Enviar com o seu e-mail pessoal"