po: use prep_writefile before creating any files in refreshpot and refreshpo

Signed-off-by: intrigeri <intrigeri@boum.org>

IkiWiki/Plugin/po.pm

@@ -164,6 +164,7 @@ sub refreshpot ($) { #{{{
 	$doc->{TT}{po_out}->set_charset('utf-8');
 	# do the actual work
 	$doc->parse;
+	IkiWiki::prep_writefile(basename($potfile),dirname($potfile));
 	$doc->writepo($potfile);
 } #}}}
 
@@ -175,6 +176,7 @@ sub refreshpofiles ($@) { #{{{
 	error("[po/refreshpofiles] POT file ($potfile) does not exist") unless (-e $potfile);
 
 	foreach my $pofile (@pofiles) {
+		IkiWiki::prep_writefile(basename($pofile),dirname($pofile));
 		if (-e $pofile) {
 			system("msgmerge", "-U", "--backup=none", $pofile, $potfile) == 0
 				or error("[po/refreshpofiles:$pofile] failed to update");

doc/plugins/po.mdwn

@@ -219,12 +219,6 @@ Security checks
   thoroughly to prevent any security issue (command injection, etc.).
   > Always pass `system()` a list of parameters to avoid the shell.
   > I've checked in a change fixing that. --[[Joey]]
-- `refreshpofiles` and `refreshpot` create new files; this may need
-  some checks, e.g. using `IkiWiki::prep_writefile()`
-  > Yes, it would be ideal to call `prep_writefile` on each file 
-  > that they write, beforehand. This way you'd avoid symlink attacks etc to the
-  > generated po/pot files. I haven't done it, but it seems pretty trivial.
-  > --[[Joey]]
 - Can any sort of directives be put in po files that will
   cause mischief (ie, include other files, run commands, crash gettext,
   whatever).