From 90f28cfd8bea20b24ec449e1eeade98a968207e7 Mon Sep 17 00:00:00 2001
From: ghost <localhost>
Date: Wed, 4 Oct 2023 15:35:54 +0300
Subject: [PATCH] add missed locales whitelist validation #19

---
 src/Controller/UserController.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
index 5d685f7..af88166 100644
--- a/src/Controller/UserController.php
+++ b/src/Controller/UserController.php
@@ -47,8 +47,17 @@ class UserController extends AbstractController
             // Update locales
             if ($request->get('locales'))
             {
+                $locales = [];
+                foreach ((array) $request->get('locales') as $locale)
+                {
+                    if (in_array($locale, explode('|', $this->getParameter('app.locales'))))
+                    {
+                        $locales[] = $locale;
+                    }
+                }
+
                 $user->setLocales(
-                    $request->get('locales')
+                    $locales
                 );
             }