wiki | forum | trac | otrs | joomla | tech blog | mailman | bewelcome Branches: test.bw | alpha.bw | www.bw Participate: download | get involved

Ticket #371 (reopened improve feature)

Opened 10 months ago

Last modified 7 months ago

sanitize translations

Reported by: lemon-head Assigned to: lemon-head
Priority: minor Milestone: 0.5.2-short cleanup and framework
Component: BW General Version: alpha
Keywords: MOD_words Cc:
Follow up needed: none Frequently reported: 1
Announce on BW: 0

Description

Some translations contain '&' characters. Some might also contain quotes. Some sanitizing will be a good idea.

Change History

01/29/08 20:06:35 changed by lemon-head

  • follow_up changed from none to test.
  • owner set to lemon-head.
  • status changed from new to assigned.

Should be solved with [3881].

01/29/08 20:09:45 changed by lemon-head

  • follow_up changed from test to move to alpha.

looks ok, move to alpha.

01/31/08 23:28:28 changed by lemon-head

  • follow_up changed from move to alpha to review code.

need to have a deeper look into the words sanitizing. Especially, what should happen before and after the 'vsprintf()'

02/01/08 22:42:14 changed by lemon-head

  • follow_up changed from review code to move to alpha.

[3906] - sanitizing disabled for now. Move to alpha.

02/01/08 22:42:25 changed by lemon-head

  • type changed from bug to improve feature.

02/02/08 00:12:55 changed by matrixpoint

  • follow_up changed from move to alpha to test on alpha.

Moved to alpha in 3909.

02/03/08 18:58:28 changed by matrixpoint

  • follow_up changed from test on alpha to none.
  • status changed from assigned to closed.
  • resolution set to fixed.

Released in r3925.

02/04/08 04:27:00 changed by lemon-head

  • status changed from closed to reopened.
  • resolution deleted.

Hmm.. it is not really fixed, because we still don't have a working sanitizing mechanism.

What is fixed is the eventual problems caused by the attempt to build a sanitizing mechanism. Mechanism disabled, no more problems.

The real problem is:

  • words in javascript
  • words in html attributes
  • words in the header
  • %s or %d replaced by arbitrary code.
  • before %s and %d are replaced, we cannot assume to get valid html.
  • Sometimes translators add % symbols for no good reason - for instance, if they are part of an url (whitespace turned into %20).

See also #130 - "Remove possibility to add HTML in adminwords"

04/23/08 12:05:27 changed by philipp

  • show_on_bw changed.
  • freq_reported set to 1.
  • milestone changed from 0.1.2.1 release with MOD_words + MOD_layoutbits + TinyMCE update to 0.5.2-short cleanup and framework.
Trac Customization: trac stylesheet
SourceForge.net Logo