mirror of
https://github.com/vichan-devel/vichan.git
synced 2024-11-27 17:00:52 +01:00
SECURITY: remove XSS vulnerability
This commit is contained in:
parent
96d6504cba
commit
207543754c
@ -1,27 +0,0 @@
|
||||
<html>
|
||||
<head>
|
||||
<title>PHP-gettext examples</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>PHP-gettext</h1>
|
||||
|
||||
<h2>Introduction</h2>
|
||||
<p>PHP-gettext provides a simple gettext replacement that works independently from the system's gettext abilities.
|
||||
It can read MO files and use them for translating strings.</p>
|
||||
<p>This version has the ability to cache all strings and translations to speed up the string lookup.
|
||||
While the cache is enabled by default, it can be switched off with the second parameter in the constructor (e.g. when using very large MO files
|
||||
that you don't want to keep in memory)</p>
|
||||
|
||||
|
||||
<h2>Examples</h2>
|
||||
<ul>
|
||||
<li><a href="pigs_dropin.php">PHP-gettext as a dropin replacement</a></li>
|
||||
<li><a href="pigs_fallback.php">PHP-gettext as a fallback solution</a></li>
|
||||
</ul>
|
||||
|
||||
<hr />
|
||||
<p>Copyright (c) 2003-2006 Danilo Segan</p>
|
||||
<p>Copyright (c) 2005-2006 Steven Armstrong</p>
|
||||
|
||||
</body>
|
||||
</html>
|
Binary file not shown.
@ -1,30 +0,0 @@
|
||||
# Sample translation for PHP-gettext 1.0
|
||||
# Copyright (c) 2003 Danilo Segan <danilo@kvota.net>
|
||||
#
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: pigs\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2003-10-23 04:50+0200\n"
|
||||
"PO-Revision-Date: 2003-11-01 23:40+0100\n"
|
||||
"Last-Translator: Danilo Segan <danilo@kvota.net>\n"
|
||||
"Language-Team: Serbian (sr) <danilo@kvota.net>\n"
|
||||
"MIME-Version: 1.0\n"
|
||||
"Content-Type: text/plain; charset=UTF-8\n"
|
||||
"Content-Transfer-Encoding: 8bit\n"
|
||||
#"Plural-Forms: nplurals=2; plural=n != 1;\n"
|
||||
|
||||
#: pigs.php:19
|
||||
msgid ""
|
||||
"This is how the story goes.\n"
|
||||
"\n"
|
||||
msgstr ""
|
||||
"Und so geht die Geschichte.\n"
|
||||
"\n"
|
||||
|
||||
#: pigs.php:21
|
||||
#, php-format
|
||||
msgid "%d pig went to the market\n"
|
||||
msgid_plural "%d pigs went to the market\n"
|
||||
msgstr[0] "%d Schwein ging zum Markt\n"
|
||||
msgstr[1] "%d Schweine gingen zum Markt\n"
|
Binary file not shown.
@ -1,30 +0,0 @@
|
||||
# Sample translation for PHP-gettext 1.0
|
||||
# Copyright (c) 2003,2006 Danilo Segan <danilo@kvota.net>
|
||||
#
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: pigs\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2003-10-23 04:50+0200\n"
|
||||
"PO-Revision-Date: 2006-02-02 21:06+0100\n"
|
||||
"Last-Translator: Danilo Segan <danilo@kvota.net>\n"
|
||||
"Language-Team: Serbian (sr) <danilo@kvota.net>\n"
|
||||
"MIME-Version: 1.0\n"
|
||||
"Content-Type: text/plain; charset=UTF-8\n"
|
||||
"Content-Transfer-Encoding: 8bit\n"
|
||||
"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
|
||||
"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
|
||||
|
||||
#: pigs.php:19
|
||||
msgid ""
|
||||
"This is how the story goes.\n"
|
||||
"\n"
|
||||
msgstr "Овако иде прича.\n\n"
|
||||
|
||||
#: pigs.php:21
|
||||
#, php-format
|
||||
msgid "%d pig went to the market\n"
|
||||
msgid_plural "%d pigs went to the market\n"
|
||||
msgstr[0] "%d мало прасе је отишло на пијац\n"
|
||||
msgstr[1] "%d мала прасета су отишла на пијац\n"
|
||||
msgstr[2] "%d малих прасића је отишло на пијац\n"
|
@ -1,89 +0,0 @@
|
||||
<?php
|
||||
/*
|
||||
Copyright (c) 2003,2004,2005,2009 Danilo Segan <danilo@kvota.net>.
|
||||
Copyright (c) 2005,2006 Steven Armstrong <sa@c-area.ch>
|
||||
|
||||
This file is part of PHP-gettext.
|
||||
|
||||
PHP-gettext is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
PHP-gettext is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with PHP-gettext; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
*/
|
||||
|
||||
error_reporting(E_ALL | E_STRICT);
|
||||
|
||||
// define constants
|
||||
define('PROJECT_DIR', realpath('./'));
|
||||
define('LOCALE_DIR', PROJECT_DIR .'/locale');
|
||||
define('DEFAULT_LOCALE', 'en_US');
|
||||
|
||||
require_once('../gettext.inc');
|
||||
|
||||
$supported_locales = array('en_US', 'sr_CS', 'de_CH');
|
||||
$encoding = 'UTF-8';
|
||||
|
||||
$locale = (isset($_GET['lang']))? $_GET['lang'] : DEFAULT_LOCALE;
|
||||
|
||||
// gettext setup
|
||||
T_setlocale(LC_MESSAGES, $locale);
|
||||
// Set the text domain as 'messages'
|
||||
$domain = 'messages';
|
||||
bindtextdomain($domain, LOCALE_DIR);
|
||||
// bind_textdomain_codeset is supported only in PHP 4.2.0+
|
||||
if (function_exists('bind_textdomain_codeset'))
|
||||
bind_textdomain_codeset($domain, $encoding);
|
||||
textdomain($domain);
|
||||
|
||||
header("Content-type: text/html; charset=$encoding");
|
||||
?>
|
||||
<html>
|
||||
<head>
|
||||
<title>PHP-gettext dropin example</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>PHP-gettext as a dropin replacement</h1>
|
||||
<p>Example showing how to use PHP-gettext as a dropin replacement for the native gettext library.</p>
|
||||
<?php
|
||||
print "<p>";
|
||||
foreach($supported_locales as $l) {
|
||||
print "[<a href=\"?lang=$l\">$l</a>] ";
|
||||
}
|
||||
print "</p>\n";
|
||||
|
||||
if (!locale_emulation()) {
|
||||
print "<p>locale '$locale' is supported by your system, using native gettext implementation.</p>\n";
|
||||
}
|
||||
else {
|
||||
print "<p>locale '$locale' is _not_ supported on your system, using the default locale '". DEFAULT_LOCALE ."'.</p>\n";
|
||||
}
|
||||
?>
|
||||
|
||||
<hr />
|
||||
|
||||
<?php
|
||||
// using PHP-gettext
|
||||
print "<pre>";
|
||||
print _("This is how the story goes.\n\n");
|
||||
for ($number=6; $number>=0; $number--) {
|
||||
print sprintf(T_ngettext("%d pig went to the market\n",
|
||||
"%d pigs went to the market\n", $number),
|
||||
$number );
|
||||
}
|
||||
print "</pre>\n";
|
||||
?>
|
||||
|
||||
<hr />
|
||||
<p>« <a href="./">back</a></p>
|
||||
</body>
|
||||
</html>
|
@ -1,88 +0,0 @@
|
||||
<?php
|
||||
/*
|
||||
Copyright (c) 2003,2004,2005,2009 Danilo Segan <danilo@kvota.net>.
|
||||
Copyright (c) 2005,2006 Steven Armstrong <sa@c-area.ch>
|
||||
|
||||
This file is part of PHP-gettext.
|
||||
|
||||
PHP-gettext is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
PHP-gettext is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with PHP-gettext; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
*/
|
||||
|
||||
error_reporting(E_ALL | E_STRICT);
|
||||
|
||||
// define constants
|
||||
define('PROJECT_DIR', realpath('./'));
|
||||
define('LOCALE_DIR', PROJECT_DIR .'/locale');
|
||||
define('DEFAULT_LOCALE', 'en_US');
|
||||
|
||||
require_once('../gettext.inc');
|
||||
|
||||
$supported_locales = array('en_US', 'sr_CS', 'de_CH');
|
||||
$encoding = 'UTF-8';
|
||||
|
||||
$locale = (isset($_GET['lang']))? $_GET['lang'] : DEFAULT_LOCALE;
|
||||
|
||||
// gettext setup
|
||||
T_setlocale(LC_MESSAGES, $locale);
|
||||
// Set the text domain as 'messages'
|
||||
$domain = 'messages';
|
||||
T_bindtextdomain($domain, LOCALE_DIR);
|
||||
T_bind_textdomain_codeset($domain, $encoding);
|
||||
T_textdomain($domain);
|
||||
|
||||
header("Content-type: text/html; charset=$encoding");
|
||||
?>
|
||||
<html>
|
||||
<head>
|
||||
<title>PHP-gettext fallback example</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>PHP-gettext as a fallback solution</h1>
|
||||
<p>Example showing how to use PHP-gettext as a fallback solution if the native gettext library is not available or the system does not support the requested locale.</p>
|
||||
|
||||
<?php
|
||||
print "<p>";
|
||||
foreach($supported_locales as $l) {
|
||||
print "[<a href=\"?lang=$l\">$l</a>] ";
|
||||
}
|
||||
print "</p>\n";
|
||||
|
||||
if (!locale_emulation()) {
|
||||
print "<p>locale '$locale' is supported by your system, using native gettext implementation.</p>\n";
|
||||
}
|
||||
else {
|
||||
print "<p>locale '$locale' is <strong>not</strong> supported on your system, using custom gettext implementation.</p>\n";
|
||||
}
|
||||
?>
|
||||
|
||||
<hr />
|
||||
|
||||
<?php
|
||||
// using PHP-gettext
|
||||
print "<pre>";
|
||||
print T_("This is how the story goes.\n\n");
|
||||
for ($number=6; $number>=0; $number--) {
|
||||
print sprintf( T_ngettext("%d pig went to the market\n",
|
||||
"%d pigs went to the market\n", $number),
|
||||
$number );
|
||||
}
|
||||
print "</pre>\n";
|
||||
?>
|
||||
|
||||
<hr />
|
||||
<p>« <a href="./">back</a></p>
|
||||
</body>
|
||||
</html>
|
@ -1,14 +0,0 @@
|
||||
#!/bin/sh
|
||||
TEMPLATE=pigs.pot
|
||||
xgettext -kT_ngettext:1,2 -kT_ -L PHP -o $TEMPLATE pigs_dropin.php
|
||||
if [ "x$1" = "x-p" ]; then
|
||||
msgfmt --statistics $TEMPLATE
|
||||
else
|
||||
if [ -f $1.po ]; then
|
||||
msgmerge -o .tmp$1.po $1.po $TEMPLATE
|
||||
mv .tmp$1.po $1.po
|
||||
msgfmt --statistics $1.po
|
||||
else
|
||||
echo "Usage: $0 [-p|<basename>]"
|
||||
fi
|
||||
fi
|
@ -1,75 +0,0 @@
|
||||
<?php
|
||||
require_once('PHPUnit/Framework.php');
|
||||
require_once('gettext.inc');
|
||||
|
||||
class LocaleTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
public function test_setlocale()
|
||||
{
|
||||
putenv("LC_ALL=");
|
||||
// _setlocale defaults to a locale name from environment variable LANG.
|
||||
putenv("LANG=sr_RS");
|
||||
$this->assertEquals('sr_RS', _setlocale(LC_MESSAGES, 0));
|
||||
}
|
||||
|
||||
public function test_setlocale_system()
|
||||
{
|
||||
putenv("LC_ALL=");
|
||||
// For an existing locale, it never needs emulation.
|
||||
putenv("LANG=C");
|
||||
_setlocale(LC_MESSAGES, "");
|
||||
$this->assertEquals(0, locale_emulation());
|
||||
}
|
||||
|
||||
public function test_setlocale_emulation()
|
||||
{
|
||||
putenv("LC_ALL=");
|
||||
// If we set it to a non-existent locale, it still works, but uses
|
||||
// emulation.
|
||||
_setlocale(LC_MESSAGES, "xxx_XXX");
|
||||
$this->assertEquals('xxx_XXX', _setlocale(LC_MESSAGES, 0));
|
||||
$this->assertEquals(1, locale_emulation());
|
||||
}
|
||||
|
||||
public function test_get_list_of_locales()
|
||||
{
|
||||
// For a locale containing country code, we prefer
|
||||
// full locale name, but if that's not found, fall back
|
||||
// to the language only locale name.
|
||||
$this->assertEquals(array("sr_RS", "sr"),
|
||||
get_list_of_locales("sr_RS"));
|
||||
|
||||
// If language code is used, it's the only thing returned.
|
||||
$this->assertEquals(array("sr"),
|
||||
get_list_of_locales("sr"));
|
||||
|
||||
// There is support for language and charset only.
|
||||
$this->assertEquals(array("sr.UTF-8", "sr"),
|
||||
get_list_of_locales("sr.UTF-8"));
|
||||
|
||||
// It can also split out character set from the full locale name.
|
||||
$this->assertEquals(array("sr_RS.UTF-8", "sr_RS", "sr"),
|
||||
get_list_of_locales("sr_RS.UTF-8"));
|
||||
|
||||
// There is support for @modifier in locale names as well.
|
||||
$this->assertEquals(array("sr_RS.UTF-8@latin", "sr_RS@latin", "sr@latin",
|
||||
"sr_RS.UTF-8", "sr_RS", "sr"),
|
||||
get_list_of_locales("sr_RS.UTF-8@latin"));
|
||||
|
||||
// We can pass in only language and modifier.
|
||||
$this->assertEquals(array("sr@latin", "sr"),
|
||||
get_list_of_locales("sr@latin"));
|
||||
|
||||
|
||||
// If locale name is not following the regular POSIX pattern,
|
||||
// it's used verbatim.
|
||||
$this->assertEquals(array("something"),
|
||||
get_list_of_locales("something"));
|
||||
|
||||
// Passing in an empty string returns an empty array.
|
||||
$this->assertEquals(array(),
|
||||
get_list_of_locales(""));
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
@ -1,60 +0,0 @@
|
||||
<?php
|
||||
require_once('PHPUnit/Framework.php');
|
||||
//require_once('gettext.php');
|
||||
|
||||
class ParsingTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
public function test_extract_plural_forms_header_from_po_header()
|
||||
{
|
||||
$parser = new gettext_reader(NULL);
|
||||
// It defaults to a "Western-style" plural header.
|
||||
$this->assertEquals(
|
||||
'nplurals=2; plural=n == 1 ? 0 : 1;',
|
||||
$parser->extract_plural_forms_header_from_po_header(""));
|
||||
|
||||
// Extracting it from the middle of the header works.
|
||||
$this->assertEquals(
|
||||
'nplurals=1; plural=0;',
|
||||
$parser->extract_plural_forms_header_from_po_header(
|
||||
"Content-type: text/html; charset=UTF-8\n"
|
||||
."Plural-Forms: nplurals=1; plural=0;\n"
|
||||
."Last-Translator: nobody\n"
|
||||
));
|
||||
|
||||
// It's also case-insensitive.
|
||||
$this->assertEquals(
|
||||
'nplurals=1; plural=0;',
|
||||
$parser->extract_plural_forms_header_from_po_header(
|
||||
"PLURAL-forms: nplurals=1; plural=0;\n"
|
||||
));
|
||||
|
||||
// It falls back to default if it's not on a separate line.
|
||||
$this->assertEquals(
|
||||
'nplurals=2; plural=n == 1 ? 0 : 1;',
|
||||
$parser->extract_plural_forms_header_from_po_header(
|
||||
"Content-type: text/html; charset=UTF-8" // note the missing \n here
|
||||
."Plural-Forms: nplurals=1; plural=0;\n"
|
||||
."Last-Translator: nobody\n"
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider data_provider_test_npgettext
|
||||
*/
|
||||
public function test_npgettext($number, $expected) {
|
||||
$parser = new gettext_reader(NULL);
|
||||
$result = $parser->npgettext("context",
|
||||
"%d pig went to the market\n",
|
||||
"%d pigs went to the market\n",
|
||||
$number);
|
||||
$this->assertSame($expected, $result);
|
||||
}
|
||||
public static function data_provider_test_npgettext() {
|
||||
return array(
|
||||
array(1, "%d pig went to the market\n"),
|
||||
array(2, "%d pigs went to the market\n"),
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
?>
|
Loading…
Reference in New Issue
Block a user