cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity

Fix for https://bugs.cacert.org/view.php?id=1011

Browse source 
HTML tags in translations are not escaped.
This commit is contained in:
Wytze van der Raay 2012-04-29 18:32:43 +00:00
parent 942c83ae9d
commit fe2eb54343
5 changed files with 86 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
locale/Makefile
View file

@ -112,8 +112,7 @@ $(LANGS:%=$(MO_FILE_TEMPLATE)): $(MO_FILE_TEMPLATE): $(PO_FILE_TEMPLATE)
$(LANGS:%=$(PO_FILE_TEMPLATE)): $(LANGS:%=$(PO_FILE_TEMPLATE)):
mkdir -p $(@D) mkdir -p $(@D)
wget --output-document - '$(@:$(PO_FILE_TEMPLATE)=$(PO_URL_TEMPLATE))' | \ wget --output-document - '$(@:$(PO_FILE_TEMPLATE)=$(PO_URL_TEMPLATE))' | \
# convert UTF-8 characters to HTML entities \ php -f escape_special_chars.php \
php -r 'while (!feof(STDIN)) echo mb_convert_encoding(fgets(STDIN), "HTML-ENTITIES", "UTF-8");' \
> $@ > $@

71
locale/escape_special_chars.php Normal file
View file

@ -0,0 +1,71 @@
#!/usr/bin/php -q
<?php
/*
LibreSSL - CAcert web application
Copyright (C) 2004-2012 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
/* Convert special characters in UTF-8 encoded PO files to HTML entities */
define('MSGSTR', 'msgstr');
define('MSGSTR_LEN', strlen(MSGSTR));
define('MSGID', 'msgid');
define('MSGID_LEN', strlen(MSGID));
function is_msgstr($line) {
if (strlen($line) < MSGSTR_LEN) {
return false;
}
return substr_compare($line, MSGSTR, 0, MSGSTR_LEN) === 0;
}
function is_msgid($line) {
if (strlen($line) < MSGID_LEN) {
return false;
}
return substr_compare($line, MSGID, 0, MSGID_LEN) === 0;
}
// Skip the metadata (first msgid/msgstr pair)
while (!feof(STDIN)) {
$line = fgets(STDIN);
echo $line;
if (is_msgstr($line)) {
break;
}
}
// determines if the current line belongs to a msgid or a msgstr
$msgstr = false;
while (!feof(STDIN)) {
$line = fgets(STDIN);
if (is_msgstr($line)) {
$msgstr = true;
} elseif (is_msgid($line)) {
$msgstr = false;
}
if ($msgstr) {
$line = htmlentities($line, ENT_NOQUOTES, "UTF-8");
}
echo $line;
}

7
pages/account/40.php
View file

@ -74,7 +74,12 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s
</form> </form>
<p><b><?=_("Security Issues")?></b></p> <p><b><?=_("Security Issues")?></b></p>
<p><?=_("Please use any of the following ways to report security issues: You can use the above contact form for sensitive information. You can email us to support@cacert.org. You can file a bugreport on <a href='https://bugs.cacert.org/'>bugs.cacert.org</a> and mark it as private.")?></p> <p><? sprintf(_("Please use any of the following ways to report security ".
"issues: You can use the above contact form for sensitive information. ".
"You can email us to %s. You can file a bugreport on %s and mark it as ".
"private."),
"<a href='mailto:support@cacert.org'>support@cacert.org</a>",
"<a href='https://bugs.cacert.org/'>bugs.cacert.org</a>")?></p>
<p><b><?=_("Snail Mail")?></b></p> <p><b><?=_("Snail Mail")?></b></p>
<p><?=_("Alternatively you can get in contact with us via the following methods:")?></p> <p><?=_("Alternatively you can get in contact with us via the following methods:")?></p>

6
pages/wot/14.php
View file

@ -20,7 +20,11 @@
<p><?=sprintf(_("If you have a %sSignaturecard%s (also called 'Buergerkarte'), you can digitally sign your assurance request here, and get 50 CAcert points:"),"<a href='http://www.buergerkarte.at/'>","</a>")?><br /></p> <p><?=sprintf(_("If you have a %sSignaturecard%s (also called 'Buergerkarte'), you can digitally sign your assurance request here, and get 50 CAcert points:"),"<a href='http://www.buergerkarte.at/'>","</a>")?><br /></p>
<p><?=sprintf(_("To get assured with your Signaturecard, you need the Software from <a href='http://www.buergerkarte.at/bku/'>http://www.buergerkarte.at/bku/</a>. To activate your E-Card, please go to <a href='https://www.sozialversicherung.at/signon2-Registrierung/'>https://www.sozialversicherung.at/signon2-Registrierung/</a>."))?></p> <p><?=sprintf(_("To get assured with your Signaturecard, you need the ".
"Software from %s. To activate your E-Card, please go to %s."),
"<a href='http://www.buergerkarte.at/bku/'>http://www.buergerkarte.at/bku/</a>",
"<a href='https://www.sozialversicherung.at/signon2-Registrierung/'>https://www.sozialversicherung.at/signon2-Registrierung/</a>"
)?></p>
<pre><?=sanitizeHTML($_REQUEST['XMLResponse'])?></pre> <pre><?=sanitizeHTML($_REQUEST['XMLResponse'])?></pre>

6
www/advertising.php
View file

@ -47,7 +47,7 @@
if($months < 1 || $months > 12) if($months < 1 || $months > 12)
{ {
$id = 1; $id = 1;
$errmsg .= _("You can only place an advertisement for up to 12 months.<br />"); $errmsg .= _("You can only place an advertisement for up to 12 months.")."<br />";
$process=""; $process="";
$oldid=0; $oldid=0;
} }
@ -55,7 +55,7 @@
if(strlen($title) <= 5) if(strlen($title) <= 5)
{ {
$id = 1; $id = 1;
$errmsg .= _("Link title was too short.<br />"); $errmsg .= _("Link title was too short.")."<br />";
$process=""; $process="";
$oldid=0; $oldid=0;
} }
@ -63,7 +63,7 @@
if(strlen($link) <= 10) if(strlen($link) <= 10)
{ {
$id = 1; $id = 1;
$errmsg .= _("Link URI was too short.<br />"); $errmsg .= _("Link URI was too short.")."<br />";
$process=""; $process="";
$oldid=0; $oldid=0;
} }