urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

po: added support for html pagetype 

... after having audited the po4a Xml and Xhtml modules for security issues.

Signed-off-by: intrigeri <intrigeri@boum.org>
(cherry picked from commit a128c256a5)
master
intrigeri 2010-06-25 23:18:34 +02:00 committed by Joey Hess
parent 8fe277c2ab
commit cd03bd0b80
3 changed files with 59 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
IkiWiki/Plugin/po.pm
View File

@ -848,8 +848,8 @@ sub refreshpot ($) {
my $masterfile=shift; my $masterfile=shift;
my $potfile=potfile($masterfile); my $potfile=potfile($masterfile);
my %options = ("markdown" => (pagetype($masterfile) eq 'mdwn') ? 1 : 0); my $doc=Locale::Po4a::Chooser::new(po4a_type($masterfile),
my $doc=Locale::Po4a::Chooser::new('text',%options); po4a_options($masterfile));
$doc->{TT}{utf_mode} = 1; $doc->{TT}{utf_mode} = 1;
$doc->{TT}{file_in_charset} = 'UTF-8'; $doc->{TT}{file_in_charset} = 'UTF-8';
$doc->{TT}{file_out_charset} = 'UTF-8'; $doc->{TT}{file_out_charset} = 'UTF-8';
@ -940,10 +940,8 @@ sub percenttranslated ($) {
return gettext("N/A") unless istranslation($page); return gettext("N/A") unless istranslation($page);
my $file=srcfile($pagesources{$page}); my $file=srcfile($pagesources{$page});
my $masterfile = srcfile($pagesources{masterpage($page)}); my $masterfile = srcfile($pagesources{masterpage($page)});
my %options = ( my $doc=Locale::Po4a::Chooser::new(po4a_type($masterfile),
"markdown" => (pagetype($masterfile) eq 'mdwn') ? 1 : 0, po4a_options($masterfile));
);
my $doc=Locale::Po4a::Chooser::new('text',%options);
$doc->process( $doc->process(
'po_in_name' => [ $file ], 'po_in_name' => [ $file ],
'file_in_name' => [ $masterfile ], 'file_in_name' => [ $masterfile ],
@ -1094,10 +1092,8 @@ sub po_to_markup ($$) {
or return $fail->(sprintf(gettext("failed to write %s"), $infile)); or return $fail->(sprintf(gettext("failed to write %s"), $infile));
my $masterfile = srcfile($pagesources{masterpage($page)}); my $masterfile = srcfile($pagesources{masterpage($page)});
my %options = ( my $doc=Locale::Po4a::Chooser::new(po4a_type($masterfile),
"markdown" => (pagetype($masterfile) eq 'mdwn') ? 1 : 0, po4a_options($masterfile));
);
my $doc=Locale::Po4a::Chooser::new('text',%options);
$doc->process( $doc->process(
'po_in_name' => [ $infile ], 'po_in_name' => [ $infile ],
'file_in_name' => [ $masterfile ], 'file_in_name' => [ $masterfile ],
@ -1160,6 +1156,37 @@ sub isvalidpo ($) {
"to previous page to continue edit")); "to previous page to continue edit"));
} }
sub po4a_type ($) {
my $file = shift;
my $pagetype = pagetype($file);
if ($pagetype eq 'html') {
return 'xhtml';
}
return 'text';
}
sub po4a_options($) {
my $file = shift;
my %options;
my $pagetype = pagetype($file);
if ($pagetype eq 'html') {
# how to disable options is not consistent across po4a modules
$options{includessi} = '';
$options{includeexternal} = 0;
}
elsif ($pagetype eq 'mdwn') {
$options{markdown} = 1;
}
else {
$options{markdown} = 0;
}
return %options;
}
# ,---- # ,----
# | PageSpecs # | PageSpecs
# `---- # `----

10
doc/plugins/po.mdwn
View File

@ -213,16 +213,16 @@ preferred `$EDITOR`, without needing to be online.
Markup languages support Markup languages support
------------------------ ------------------------
[[Markdown|mdwn]] is well supported. Some other markup languages supported [[Markdown|mdwn]] and [[html]] are well supported. Some other markup
by ikiwiki mostly work, but some pieces of syntax are not rendered languages supported by ikiwiki mostly work, but some pieces of syntax
correctly on the slave pages: are not rendered correctly on the slave pages:
* [[reStructuredText|rst]]: anonymous hyperlinks and internal * [[reStructuredText|rst]]: anonymous hyperlinks and internal
cross-references cross-references
* [[wikitext]]: conversion of newlines to paragraphs * [[wikitext]]: conversion of newlines to paragraphs
* [[creole]]: verbatim text is wrapped, tables are broken * [[creole]]: verbatim text is wrapped, tables are broken
* [[html]] and LaTeX: not supported yet; the dedicated po4a modules * LaTeX: not supported yet; the dedicated po4a module
could be used to support them, but they would need a security audit could be used to support it, but it would need a security audit
* other markup languages have not been tested. * other markup languages have not been tested.
Security Security

17
doc/plugins/po/discussion.mdwn
View File

@ -150,6 +150,23 @@ The following analysis was done with his help.
variables; according to [[Joey]], this is "Freaky code, but seems ok variables; according to [[Joey]], this is "Freaky code, but seems ok
due to use of `quotementa`". due to use of `quotementa`".
##### Locale::Po4a::Xhtml
* does not run any external program
* does not build regexp's from untrusted variables
=> Seems safe as far as the `includessi` option is disabled; the po
plugin explicitly disables it.
Relies on Locale::Po4a::Xml` to do most of the work.
##### Locale::Po4a::Xml
* does not run any external program
* the `includeexternal` option makes it able to read external files;
the po plugin explicitly disables it
* untrusted variables are escaped when used to build regexp's
##### Text::WrapI18N ##### Text::WrapI18N
`Text::WrapI18N` can cause DoS `Text::WrapI18N` can cause DoS