Fix for https://bugs.cacert.org/view.php?id=1011

HTML tags in translations are not escaped.
2012-04-29 18:32:43 +00:00 · 2012-04-29 18:32:43 +00:00 · fe2eb54343
commit fe2eb54343
parent 942c83ae9d
5 changed files with 86 additions and 7 deletions
--- a/locale/Makefile
+++ b/locale/Makefile
@ -112,8 +112,7 @@ $(LANGS:%=$(MO_FILE_TEMPLATE)): $(MO_FILE_TEMPLATE): $(PO_FILE_TEMPLATE)
 $(LANGS:%=$(PO_FILE_TEMPLATE)):
 	mkdir -p $(@D)
 	wget --output-document - '$(@:$(PO_FILE_TEMPLATE)=$(PO_URL_TEMPLATE))' | \
-		# convert UTF-8 characters to HTML entities \
-		php -r 'while (!feof(STDIN)) echo mb_convert_encoding(fgets(STDIN), "HTML-ENTITIES", "UTF-8");' \
+		php -f escape_special_chars.php \
 		> $@


--- a/locale/escape_special_chars.php
+++ b/locale/escape_special_chars.php
@ -0,0 +1,71 @@
+#!/usr/bin/php -q
+<?php
+/*
+LibreSSL - CAcert web application
+Copyright (C) 2004-2012  CAcert Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+/* Convert special characters in UTF-8 encoded PO files to HTML entities */
+
+define('MSGSTR', 'msgstr');
+define('MSGSTR_LEN', strlen(MSGSTR));
+define('MSGID', 'msgid');
+define('MSGID_LEN', strlen(MSGID));
+
+function is_msgstr($line) {
+	if (strlen($line) < MSGSTR_LEN) {
+		return false;
+	}
+	
+	return substr_compare($line, MSGSTR, 0, MSGSTR_LEN) === 0;
+}
+
+function is_msgid($line) {
+	if (strlen($line) < MSGID_LEN) {
+		return false;
+	}
+	
+	return substr_compare($line, MSGID, 0, MSGID_LEN) === 0;
+}
+
+// Skip the metadata (first msgid/msgstr pair)
+while (!feof(STDIN)) {
+	$line = fgets(STDIN);
+	
+	echo $line;
+	
+	if (is_msgstr($line)) {
+		break;
+	}
+}
+
+// determines if the current line belongs to a msgid or a msgstr
+$msgstr = false;
+
+while (!feof(STDIN)) {
+	$line = fgets(STDIN);
+	
+	if (is_msgstr($line)) {
+		$msgstr = true;
+	} elseif (is_msgid($line)) {
+		$msgstr = false;
+	}
+	
+	if ($msgstr) {
+		$line = htmlentities($line, ENT_NOQUOTES, "UTF-8");
+	}
+	echo $line;
+}
--- a/pages/account/40.php
+++ b/pages/account/40.php
@ -74,7 +74,12 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s
 </form>

 <p><b><?=_("Security Issues")?></b></p>
-<p><?=_("Please use any of the following ways to report security issues: You can use the above contact form for sensitive information. You can email us to support@cacert.org. You can file a bugreport on <a href='https://bugs.cacert.org/'>bugs.cacert.org</a> and mark it as private.")?></p>
+<p><? sprintf(_("Please use any of the following ways to report security ".
+	"issues: You can use the above contact form for sensitive information. ".
+	"You can email us to %s. You can file a bugreport on %s and mark it as ".
+	"private."),
+	"<a href='mailto:support@cacert.org'>support@cacert.org</a>",
+	"<a href='https://bugs.cacert.org/'>bugs.cacert.org</a>")?></p>

 <p><b><?=_("Snail Mail")?></b></p>
 <p><?=_("Alternatively you can get in contact with us via the following methods:")?></p>
--- a/pages/wot/14.php
+++ b/pages/wot/14.php
@ -20,7 +20,11 @@

 <p><?=sprintf(_("If you have a %sSignaturecard%s (also called 'Buergerkarte'), you can digitally sign your assurance request here, and get 50 CAcert points:"),"<a href='http://www.buergerkarte.at/'>","</a>")?><br /></p>

-<p><?=sprintf(_("To get assured with your Signaturecard, you need the Software from <a href='http://www.buergerkarte.at/bku/'>http://www.buergerkarte.at/bku/</a>. To activate your E-Card, please go to <a href='https://www.sozialversicherung.at/signon2-Registrierung/'>https://www.sozialversicherung.at/signon2-Registrierung/</a>."))?></p>
+<p><?=sprintf(_("To get assured with your Signaturecard, you need the ".
+	"Software from %s. To activate your E-Card, please go to %s."),
+	"<a href='http://www.buergerkarte.at/bku/'>http://www.buergerkarte.at/bku/</a>",
+	"<a href='https://www.sozialversicherung.at/signon2-Registrierung/'>https://www.sozialversicherung.at/signon2-Registrierung/</a>"
+	)?></p>


 <pre><?=sanitizeHTML($_REQUEST['XMLResponse'])?></pre>
--- a/www/advertising.php
+++ b/www/advertising.php
@ -47,7 +47,7 @@
 		if($months < 1 || $months > 12)
 		{
 			$id = 1;
-			$errmsg .= _("You can only place an advertisement for up to 12 months.<br />");
+			$errmsg .= _("You can only place an advertisement for up to 12 months.")."<br />";
 			$process="";
 			$oldid=0;
 		}
@ -55,7 +55,7 @@
 		if(strlen($title) <= 5)
 		{
 			$id = 1;
-			$errmsg .= _("Link title was too short.<br />");
+			$errmsg .= _("Link title was too short.")."<br />";
 			$process="";
 			$oldid=0;
 		}
@ -63,7 +63,7 @@
 		if(strlen($link) <= 10)
 		{
 			$id = 1;
-			$errmsg .= _("Link URI was too short.<br />");
+			$errmsg .= _("Link URI was too short.")."<br />";
 			$process="";
 			$oldid=0;
 		}