From 8b6a2afc63e32e613c2c4a7fc8f354ddbc7ac623 Mon Sep 17 00:00:00 2001
From: Glandos <bugs-github@antipoul.fr>
Date: Tue, 21 Dec 2021 22:40:37 +0100
Subject: [PATCH] Check that language is in the supported list (#971)

---
 ihatemoney/web.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/ihatemoney/web.py b/ihatemoney/web.py
index d9e7ec08..7f986ee5 100644
--- a/ihatemoney/web.py
+++ b/ihatemoney/web.py
@@ -818,8 +818,11 @@ def edit_bill(bill_id):
 
 @main.route("/lang/<lang>")
 def change_lang(lang):
-    session["lang"] = lang
-    session.update()
+    if lang in current_app.config["SUPPORTED_LANGUAGES"]:
+        session["lang"] = lang
+        session.update()
+    else:
+        flash(_(f"{lang} is not a supported language"), category="warning")
 
     return redirect(request.headers.get("Referer") or url_for(".home"))