WIP #6504: CVE-2017-7886

'defaultlang' attribute was not filtered before database request which cause an SQL injection.

htdocs/core/class/translate.class.php

@@ -439,7 +439,7 @@ class Translate
 		if (! $found)
 		{
     		// Overwrite translation with database read
-            $sql="SELECT transkey, transvalue FROM ".MAIN_DB_PREFIX."overwrite_trans where lang='".$this->defaultlang."'";            
+            $sql="SELECT transkey, transvalue FROM ".MAIN_DB_PREFIX."overwrite_trans where lang='".$db->escape($this->defaultlang)."'";            
 		    $resql=$db->query($sql);
 		    
 		    if ($resql)