Corrected accidental language-changing because of lang in POST

diff --git a/lib/setup.php b/lib/setup.php
index 517164ea020792a6f9533b52b314a7a3bf81899f..c28c8236a30e39811298e9e5cfa7790a85cddee8 100644 (file)
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -532,7 +532,7 @@ $CFG->os = PHP_OS;
 /// in the language file.  Otherwise, if the admin hasn't specified a locale
 /// then use the one from the default language.  Otherwise (and this is the
 /// majority of cases), use the stored locale specified by admin.
-    if ($SESSION !== NULL and $lang = optional_param('lang', false, PARAM_SAFEDIR)) {
+    if ($SESSION !== NULL && isset($_GET['lang']) && ($lang = clean_param($_GET['lang'], PARAM_SAFEDIR))) {
         if (file_exists($CFG->dataroot .'/lang/'. $lang) or file_exists($CFG->dirroot .'/lang/'. $lang)) {
             $SESSION->lang = $lang;
         } else if (file_exists($CFG->dataroot.'/lang/'.$lang.'_utf8') or