Subject: CAcert Code Development list.
List archive
- From: Wytze van der Raay <wytze AT cacert.org>
- To: Michael Tänzer <michael.taenzer AT cacert.org>
- Cc: "critical-admin AT cacert.org" <critical-admin AT cacert.org>, cacert-devel AT lists.cacert.org, Dirk Astrath <dirk.astrath AT cacert.org>, Marcus Mängel <inopiae AT cacert.org>
- Subject: Re: Patch request: Bug #1011
- Date: Sun, 29 Apr 2012 20:43:45 +0200
Hi Michael,
Op 29-4-2012 0:24, Michael Tänzer schreef:
> We have a fix for https://bugs.cacert.org/view.php?id=1011
> "HTML tags in translations are not escaped"
>
> The fix was reviewed by Dirk Astrath (dastrath) and me (NEOatNHNG) and
> tested by Marcus Mängel (INOPIAE).
>
> Diff is attached.
>
> Changed files:
> locale/Makefile
> pages/account/40.php
> pages/wot/14.php
> www/advertising.php
>
> New files:
> locale/escape_special_chars.php
The patch has been installed on the production server on April 29, 2012.
See also the attached log message.
I have also executed a "make upload" in the locale directory to force
uploading of modified message strings to the translations server.
Regards,
-- wytze
--- Begin Message ---Fix for https://bugs.cacert.org/view.php?id=1011
- From: Wytze van der Raay <wytze AT cacert.org>
- To: cacert-systemlog AT lists.cacert.org
- Subject: Fwd: [cvs.cacert.org checkin notification]
- Date: Sun, 29 Apr 2012 20:34:06 +0200
HTML tags in translations are not escaped
In conjunction with the attached CVS changes a new tarball has been
made available incorporating all updates. The new tarball is available
through http://www.cacert.org/src-lic.php
-- end
--- Begin Message ---
- From: "root" <root AT cvs.cacert.org>
- To: critical-admin AT cacert.org
- Subject: cvs.cacert.org checkin notification
- Date: Sun, 29 Apr 2012 20:32:28 +0200 (CEST)
uid=0(root) gid=0(root) groups=0(root)
Makefile 1.1 1.2 escape_special_chars.php NONE 1.1
Sun Apr 29 20:32:28 CEST 2012
Update of /var/lib/cvs/cacert/locale
In directory hlin:/home/cacert/www/locale
Modified Files:
Makefile
Added Files:
escape_special_chars.php
Log Message:
Fix for https://bugs.cacert.org/view.php?id=1011
HTML tags in translations are not escaped.
===================================================================
RCS file: /var/lib/cvs/cacert/locale/escape_special_chars.php,v -->
standard output
revision 1.1
#!/usr/bin/php -q
<?php
/*
LibreSSL - CAcert web application
Copyright (C) 2004-2012 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
/* Convert special characters in UTF-8 encoded PO files to HTML entities */
define('MSGSTR', 'msgstr');
define('MSGSTR_LEN', strlen(MSGSTR));
define('MSGID', 'msgid');
define('MSGID_LEN', strlen(MSGID));
function is_msgstr($line) {
if (strlen($line) < MSGSTR_LEN) {
return false;
}
return substr_compare($line, MSGSTR, 0, MSGSTR_LEN) === 0;
}
function is_msgid($line) {
if (strlen($line) < MSGID_LEN) {
return false;
}
return substr_compare($line, MSGID, 0, MSGID_LEN) === 0;
}
// Skip the metadata (first msgid/msgstr pair)
while (!feof(STDIN)) {
$line = fgets(STDIN);
echo $line;
if (is_msgstr($line)) {
break;
}
}
// determines if the current line belongs to a msgid or a msgstr
$msgstr = false;
while (!feof(STDIN)) {
$line = fgets(STDIN);
if (is_msgstr($line)) {
$msgstr = true;
} elseif (is_msgid($line)) {
$msgstr = false;
}
if ($msgstr) {
$line = htmlentities($line, ENT_NOQUOTES, "UTF-8");
}
echo $line;
}
===================================================================
RCS file: /var/lib/cvs/cacert/locale/Makefile,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- Makefile 2012/01/24 14:25:47 1.1
+++ Makefile 2012/04/29 18:32:27 1.2
@@ -112,8 +112,7 @@
$(LANGS:%=$(PO_FILE_TEMPLATE)):
mkdir -p $(@D)
wget --output-document -
'$(@:$(PO_FILE_TEMPLATE)=$(PO_URL_TEMPLATE))' | \
- # convert UTF-8 characters to HTML entities \
- php -r 'while (!feof(STDIN)) echo
mb_convert_encoding(fgets(STDIN), "HTML-ENTITIES", "UTF-8");' \
+ php -f escape_special_chars.php \
> $@
--- End Message ------ Begin Message ---
- From: "root" <root AT cvs.cacert.org>
- To: critical-admin AT cacert.org
- Subject: cvs.cacert.org checkin notification
- Date: Sun, 29 Apr 2012 20:32:35 +0200 (CEST)
uid=0(root) gid=0(root) groups=0(root)
40.php 1.28 1.29
Sun Apr 29 20:32:35 CEST 2012
Update of /var/lib/cvs/cacert/pages/account
In directory hlin:/home/cacert/www/pages/account
Modified Files:
40.php
Log Message:
Fix for https://bugs.cacert.org/view.php?id=1011
HTML tags in translations are not escaped.
===================================================================
RCS file: /var/lib/cvs/cacert/pages/account/40.php,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- 40.php 2012/03/08 09:34:29 1.28
+++ 40.php 2012/04/29 18:32:33 1.29
@@ -74,7 +74,12 @@
</form>
<p><b><?=_("Security Issues")?></b></p>
-<p><?=_("Please use any of the following ways to report security issues: You
can use the above contact form for sensitive information. You can email us to
support AT cacert.org.
You can file a bugreport on <a
href='https://bugs.cacert.org/'>bugs.cacert.org</a> and mark it as
private.")?></p>
+<p><? sprintf(_("Please use any of the following ways to report security ".
+ "issues: You can use the above contact form for sensitive
information. ".
+ "You can email us to %s. You can file a bugreport on %s and mark it
as ".
+ "private."),
+ "<a
href='mailto:support AT cacert.org'>support AT cacert.org</a>",
+ "<a href='https://bugs.cacert.org/'>bugs.cacert.org</a>")?></p>
<p><b><?=_("Snail Mail")?></b></p>
<p><?=_("Alternatively you can get in contact with us via the following
methods:")?></p>
--- End Message ------ Begin Message ---
- From: "root" <root AT cvs.cacert.org>
- To: critical-admin AT cacert.org
- Subject: cvs.cacert.org checkin notification
- Date: Sun, 29 Apr 2012 20:32:40 +0200 (CEST)
uid=0(root) gid=0(root) groups=0(root)
14.php 1.4 1.5
Sun Apr 29 20:32:39 CEST 2012
Update of /var/lib/cvs/cacert/pages/wot
In directory hlin:/home/cacert/www/pages/wot
Modified Files:
14.php
Log Message:
Fix for https://bugs.cacert.org/view.php?id=1011
HTML tags in translations are not escaped.
===================================================================
RCS file: /var/lib/cvs/cacert/pages/wot/14.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- 14.php 2008/09/03 18:25:00 1.4
+++ 14.php 2012/04/29 18:32:39 1.5
@@ -20,7 +20,11 @@
<p><?=sprintf(_("If you have a %sSignaturecard%s (also called
'Buergerkarte'), you can digitally sign your assurance request here, and get
50 CAcert points:"),"<a href='http://www.buergerkarte.at/'>","</a>")?><br
/></p>
-<p><?=sprintf(_("To get assured with your Signaturecard, you need the
Software from <a
href='http://www.buergerkarte.at/bku/'>http://www.buergerkarte.at/bku/</a>.
To activate your E-Card, please go to <a
href='https://www.sozialversicherung.at/signon2-Registrierung/'>https://www.sozialversicherung.at/signon2-Registrierung/</a>."))?></p>
+<p><?=sprintf(_("To get assured with your Signaturecard, you need the ".
+ "Software from %s. To activate your E-Card, please go to %s."),
+ "<a
href='http://www.buergerkarte.at/bku/'>http://www.buergerkarte.at/bku/</a>",
+ "<a
href='https://www.sozialversicherung.at/signon2-Registrierung/'>https://www.sozialversicherung.at/signon2-Registrierung/</a>"
+ )?></p>
<pre><?=sanitizeHTML($_REQUEST['XMLResponse'])?></pre>
--- End Message ------ Begin Message ---
- From: "root" <root AT cvs.cacert.org>
- To: critical-admin AT cacert.org
- Subject: cvs.cacert.org checkin notification
- Date: Sun, 29 Apr 2012 20:32:44 +0200 (CEST)
uid=0(root) gid=0(root) groups=0(root)
advertising.php 1.4 1.5
Sun Apr 29 20:32:44 CEST 2012
Update of /var/lib/cvs/cacert/www
In directory hlin:/home/cacert/www/www
Modified Files:
advertising.php
Log Message:
Fix for https://bugs.cacert.org/view.php?id=1011
HTML tags in translations are not escaped.
===================================================================
RCS file: /var/lib/cvs/cacert/www/advertising.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- advertising.php 2008/11/14 23:37:24 1.4
+++ advertising.php 2012/04/29 18:32:43 1.5
@@ -47,7 +47,7 @@
if($months < 1 || $months > 12)
{
$id = 1;
- $errmsg .= _("You can only place an advertisement for
up to 12 months.<br />");
+ $errmsg .= _("You can only place an advertisement for
up to 12 months.")."<br />";
$process="";
$oldid=0;
}
@@ -55,7 +55,7 @@
if(strlen($title) <= 5)
{
$id = 1;
- $errmsg .= _("Link title was too short.<br />");
+ $errmsg .= _("Link title was too short.")."<br />";
$process="";
$oldid=0;
}
@@ -63,7 +63,7 @@
if(strlen($link) <= 10)
{
$id = 1;
- $errmsg .= _("Link URI was too short.<br />");
+ $errmsg .= _("Link URI was too short.")."<br />";
$process="";
$oldid=0;
}
--- End Message ---Attachment: smime.p7s
Description: S/MIME cryptografische ondertekening
--- End Message ---
Attachment:
smime.p7s
Description: S/MIME cryptografische ondertekening
- Patch request: Bug #1011, Michael Tänzer, 04/28/2012
- Re: Patch request: Bug #1011, Wytze van der Raay, 04/29/2012
Archive powered by MHonArc 2.6.16.