CAcert Code Development list.

[Michael Tänzer <michael.taenzer AT cacert.org>]

Hi folks,

We have a fix for https://bugs.cacert.org/view.php?id=1011
"HTML tags in translations are not escaped"

The fix was reviewed by Dirk Astrath (dastrath) and me (NEOatNHNG) and
tested by Marcus Mängel (INOPIAE).

Diff is attached.

Changed files:
locale/Makefile
pages/account/40.php
pages/wot/14.php
www/advertising.php


New files:
locale/escape_special_chars.php

-- 
Have a nice day,
Michael Tänzer


diff --git a/locale/Makefile b/locale/Makefile
index b703fb2..1517066 100644
--- a/locale/Makefile
+++ b/locale/Makefile
@@ -112,8 +112,7 @@ $(LANGS:%=$(MO_FILE_TEMPLATE)): $(MO_FILE_TEMPLATE): $(PO_FILE_TEMPLATE)
 $(LANGS:%=$(PO_FILE_TEMPLATE)):
 	mkdir -p $(@D)
 	wget --output-document - '$(@:$(PO_FILE_TEMPLATE)=$(PO_URL_TEMPLATE))' | \
-		# convert UTF-8 characters to HTML entities \
-		php -r 'while (!feof(STDIN)) echo mb_convert_encoding(fgets(STDIN), "HTML-ENTITIES", "UTF-8");' \
+		php -f escape_special_chars.php \
 		> $@
 
 
diff --git a/locale/escape_special_chars.php b/locale/escape_special_chars.php
new file mode 100755
index 0000000..32de390
--- /dev/null
+++ b/locale/escape_special_chars.php
@@ -0,0 +1,71 @@
+#!/usr/bin/php -q
+<?php
+/*
+LibreSSL - CAcert web application
+Copyright (C) 2004-2012  CAcert Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+/* Convert special characters in UTF-8 encoded PO files to HTML entities */
+
+define('MSGSTR', 'msgstr');
+define('MSGSTR_LEN', strlen(MSGSTR));
+define('MSGID', 'msgid');
+define('MSGID_LEN', strlen(MSGID));
+
+function is_msgstr($line) {
+	if (strlen($line) < MSGSTR_LEN) {
+		return false;
+	}
+	
+	return substr_compare($line, MSGSTR, 0, MSGSTR_LEN) === 0;
+}
+
+function is_msgid($line) {
+	if (strlen($line) < MSGID_LEN) {
+		return false;
+	}
+	
+	return substr_compare($line, MSGID, 0, MSGID_LEN) === 0;
+}
+
+// Skip the metadata (first msgid/msgstr pair)
+while (!feof(STDIN)) {
+	$line = fgets(STDIN);
+	
+	echo $line;
+	
+	if (is_msgstr($line)) {
+		break;
+	}
+}
+
+// determines if the current line belongs to a msgid or a msgstr
+$msgstr = false;
+
+while (!feof(STDIN)) {
+	$line = fgets(STDIN);
+	
+	if (is_msgstr($line)) {
+		$msgstr = true;
+	} elseif (is_msgid($line)) {
+		$msgstr = false;
+	}
+	
+	if ($msgstr) {
+		$line = htmlentities($line, ENT_NOQUOTES, "UTF-8");
+	}
+	echo $line;
+}
diff --git a/pages/account/40.php b/pages/account/40.php
index 8391903..6e0e343 100644
--- a/pages/account/40.php
+++ b/pages/account/40.php
@@ -65,7 +65,12 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s
 </form>
 
 <p><b><?=_("Security Issues")?></b></p>
-<p><?=_("Please use any of the following ways to report security issues: You can use the above contact form for sensitive information. You can email us to support AT cacert.org. You can file a bugreport on <a href='https://bugs.cacert.org/'>bugs.cacert.org</a> and mark it as private.")?></p>
+<p><? sprintf(_("Please use any of the following ways to report security ".
+	"issues: You can use the above contact form for sensitive information. ".
+	"You can email us to %s. You can file a bugreport on %s and mark it as ".
+	"private."),
+	"<a href='mailto:support AT cacert.org'>support AT cacert.org</a>",
+	"<a href='https://bugs.cacert.org/'>bugs.cacert.org</a>")?></p>
 
 <p><b><?=_("Snail Mail")?></b></p>
 <p><?=_("Alternatively you can get in contact with us via the following methods:")?></p>
diff --git a/pages/wot/14.php b/pages/wot/14.php
index 21c5873..a827ee4 100644
--- a/pages/wot/14.php
+++ b/pages/wot/14.php
@@ -20,7 +20,11 @@
 
 <p><?=sprintf(_("If you have a %sSignaturecard%s (also called 'Buergerkarte'), you can digitally sign your assurance request here, and get 50 CAcert points:"),"<a href='http://www.buergerkarte.at/'>","</a>")?><br /></p>
 
-<p><?=sprintf(_("To get assured with your Signaturecard, you need the Software from <a href='http://www.buergerkarte.at/bku/'>http://www.buergerkarte.at/bku/</a>. To activate your E-Card, please go to <a href='https://www.sozialversicherung.at/signon2-Registrierung/'>https://www.sozialversicherung.at/signon2-Registrierung/</a>."))?></p>
+<p><?=sprintf(_("To get assured with your Signaturecard, you need the ".
+	"Software from %s. To activate your E-Card, please go to %s."),
+	"<a href='http://www.buergerkarte.at/bku/'>http://www.buergerkarte.at/bku/</a>",
+	"<a href='https://www.sozialversicherung.at/signon2-Registrierung/'>https://www.sozialversicherung.at/signon2-Registrierung/</a>"
+	)?></p>
 
 
 <pre><?=sanitizeHTML($_REQUEST['XMLResponse'])?></pre>
diff --git a/www/advertising.php b/www/advertising.php
index e987461..43e4f93 100644
--- a/www/advertising.php
+++ b/www/advertising.php
@@ -47,7 +47,7 @@
 		if($months < 1 || $months > 12)
 		{
 			$id = 1;
-			$errmsg .= _("You can only place an advertisement for up to 12 months.<br />");
+			$errmsg .= _("You can only place an advertisement for up to 12 months.")."<br />";
 			$process="";
 			$oldid=0;
 		}
@@ -55,7 +55,7 @@
 		if(strlen($title) <= 5)
 		{
 			$id = 1;
-			$errmsg .= _("Link title was too short.<br />");
+			$errmsg .= _("Link title was too short.")."<br />";
 			$process="";
 			$oldid=0;
 		}
@@ -63,7 +63,7 @@
 		if(strlen($link) <= 10)
 		{
 			$id = 1;
-			$errmsg .= _("Link URI was too short.<br />");
+			$errmsg .= _("Link URI was too short.")."<br />";
 			$process="";
 			$oldid=0;
 		}

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature