Fix sanitation of $language for code highlighting (fixes #2080)

inc/parser/code.php

@@ -17,6 +17,7 @@ class Doku_Renderer_code extends Doku_Renderer {
     function code($text, $language = null, $filename = '') {
         global $INPUT;
         if(!$language) $language = 'txt';
+        $language = preg_replace(PREG_PATTERN_VALID_LANGUAGE, '', $language);
         if(!$filename) $filename = 'snippet.'.$language;
         $filename = utf8_basename($filename);
         $filename = utf8_stripspecials($filename, '_');

inc/parser/renderer.php

@@ -7,6 +7,12 @@
  */
 if(!defined('DOKU_INC')) die('meh.');
 
+/**
+ * Allowed chars in $language for code highlighting
+ * @see GeSHi::set_language()
+ */
+define('PREG_PATTERN_VALID_LANGUAGE', '#[^a-zA-Z0-9\-_]#');
+
 /**
  * An empty renderer, produces no output
  *

inc/parser/xhtml.php

@@ -630,6 +630,8 @@ class Doku_Renderer_xhtml extends Doku_Renderer {
         global $ID;
         global $lang;
 
+        $language = preg_replace(PREG_PATTERN_VALID_LANGUAGE, '', $language);
+
         if($filename) {
             // add icon
             list($ext) = mimetype($filename, false);