mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-10-01 01:26:10 -04:00
ensuring consistent use of php side encoding, testing all encoding cases, correctly report the language in the <html> tag
This commit is contained in:
parent
d3082c36d7
commit
35be3aabf8
15
lib/I18n.php
15
lib/I18n.php
@ -130,13 +130,26 @@ class I18n
|
|||||||
if ($argsCount > 1) {
|
if ($argsCount > 1) {
|
||||||
for ($i = 0; $i < $argsCount; ++$i) {
|
for ($i = 0; $i < $argsCount; ++$i) {
|
||||||
if (($i > 0 && !is_int($args[$i])) || strpos($args[0], '<a') === false) {
|
if (($i > 0 && !is_int($args[$i])) || strpos($args[0], '<a') === false) {
|
||||||
$args[$i] = htmlentities($args[$i], ENT_QUOTES | ENT_XHTML | ENT_DISALLOWED, 'UTF-8');
|
$args[$i] = self::encode($args[$i]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return call_user_func_array('sprintf', $args);
|
return call_user_func_array('sprintf', $args);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* encode HTML entities for output into an HTML5 document
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
* @static
|
||||||
|
* @param string $string
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public static function encode($string)
|
||||||
|
{
|
||||||
|
return htmlspecialchars($string, ENT_QUOTES | ENT_HTML5 | ENT_DISALLOWED, 'UTF-8', false);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* loads translations
|
* loads translations
|
||||||
*
|
*
|
||||||
|
@ -4,7 +4,7 @@ $isCpct = substr($template, 9, 8) === '-compact';
|
|||||||
$isDark = substr($template, 9, 5) === '-dark';
|
$isDark = substr($template, 9, 5) === '-dark';
|
||||||
$isPage = substr($template, -5) === '-page';
|
$isPage = substr($template, -5) === '-page';
|
||||||
?><!DOCTYPE html>
|
?><!DOCTYPE html>
|
||||||
<html>
|
<html lang="<?php echo I18n::_('en'); ?>">
|
||||||
<head>
|
<head>
|
||||||
<meta charset="utf-8" />
|
<meta charset="utf-8" />
|
||||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||||
@ -422,7 +422,7 @@ if (strlen($NOTICE)):
|
|||||||
?>
|
?>
|
||||||
<div role="alert" class="alert alert-info">
|
<div role="alert" class="alert alert-info">
|
||||||
<span class="glyphicon glyphicon-info-sign" aria-hidden="true"></span>
|
<span class="glyphicon glyphicon-info-sign" aria-hidden="true"></span>
|
||||||
<?php echo htmlspecialchars($NOTICE), PHP_EOL; ?>
|
<?php echo I18n::encode($NOTICE), PHP_EOL; ?>
|
||||||
</div>
|
</div>
|
||||||
<?php
|
<?php
|
||||||
endif;
|
endif;
|
||||||
@ -442,11 +442,11 @@ endif;
|
|||||||
?>
|
?>
|
||||||
<div id="status" role="alert" class="statusmessage alert alert-info<?php echo empty($STATUS) ? ' hidden' : '' ?>">
|
<div id="status" role="alert" class="statusmessage alert alert-info<?php echo empty($STATUS) ? ' hidden' : '' ?>">
|
||||||
<span class="glyphicon glyphicon-info-sign" aria-hidden="true"></span>
|
<span class="glyphicon glyphicon-info-sign" aria-hidden="true"></span>
|
||||||
<?php echo htmlspecialchars($STATUS), PHP_EOL; ?>
|
<?php echo I18n::encode($STATUS), PHP_EOL; ?>
|
||||||
</div>
|
</div>
|
||||||
<div id="errormessage" role="alert" class="statusmessage<?php echo empty($ERROR) ? ' hidden' : '' ?> alert alert-danger">
|
<div id="errormessage" role="alert" class="statusmessage<?php echo empty($ERROR) ? ' hidden' : '' ?> alert alert-danger">
|
||||||
<span class="glyphicon glyphicon-alert" aria-hidden="true"></span>
|
<span class="glyphicon glyphicon-alert" aria-hidden="true"></span>
|
||||||
<?php echo htmlspecialchars($ERROR), PHP_EOL; ?>
|
<?php echo I18n::encode($ERROR), PHP_EOL; ?>
|
||||||
</div>
|
</div>
|
||||||
<noscript>
|
<noscript>
|
||||||
<div id="noscript" role="alert" class="nonworking alert alert-<?php echo $isDark ? 'error' : 'warning'; ?>">
|
<div id="noscript" role="alert" class="nonworking alert alert-<?php echo $isDark ? 'error' : 'warning'; ?>">
|
||||||
@ -472,7 +472,7 @@ endif;
|
|||||||
<?php
|
<?php
|
||||||
if (strlen($URLSHORTENER)):
|
if (strlen($URLSHORTENER)):
|
||||||
?>
|
?>
|
||||||
<button id="shortenbutton" data-shortener="<?php echo htmlspecialchars($URLSHORTENER); ?>" type="button" class="btn btn-<?php echo $isDark ? 'warning' : 'primary'; ?>">
|
<button id="shortenbutton" data-shortener="<?php echo I18n::encode($URLSHORTENER); ?>" type="button" class="btn btn-<?php echo $isDark ? 'warning' : 'primary'; ?>">
|
||||||
<span class="glyphicon glyphicon-send" aria-hidden="true"></span> <?php echo I18n::_('Shorten URL'), PHP_EOL; ?>
|
<span class="glyphicon glyphicon-send" aria-hidden="true"></span> <?php echo I18n::_('Shorten URL'), PHP_EOL; ?>
|
||||||
</button>
|
</button>
|
||||||
<?php
|
<?php
|
||||||
|
10
tpl/page.php
10
tpl/page.php
@ -1,7 +1,7 @@
|
|||||||
<?php
|
<?php
|
||||||
use PrivateBin\I18n;
|
use PrivateBin\I18n;
|
||||||
?><!DOCTYPE html>
|
?><!DOCTYPE html>
|
||||||
<html lang="en">
|
<html lang="<?php echo I18n::_('en'); ?>">
|
||||||
<head>
|
<head>
|
||||||
<meta charset="utf-8" />
|
<meta charset="utf-8" />
|
||||||
<meta name="robots" content="noindex" />
|
<meta name="robots" content="noindex" />
|
||||||
@ -73,7 +73,7 @@ endif;
|
|||||||
<?php
|
<?php
|
||||||
if (strlen($NOTICE)):
|
if (strlen($NOTICE)):
|
||||||
?>
|
?>
|
||||||
<span class="blink">▶</span> <?php echo htmlspecialchars($NOTICE);
|
<span class="blink">▶</span> <?php echo I18n::encode($NOTICE);
|
||||||
endif;
|
endif;
|
||||||
?>
|
?>
|
||||||
</div>
|
</div>
|
||||||
@ -91,8 +91,8 @@ endif;
|
|||||||
<section>
|
<section>
|
||||||
<article>
|
<article>
|
||||||
<div id="loadingindicator" class="hidden"><?php echo I18n::_('Loading…'); ?></div>
|
<div id="loadingindicator" class="hidden"><?php echo I18n::_('Loading…'); ?></div>
|
||||||
<div id="status"><?php echo htmlspecialchars($STATUS); ?></div>
|
<div id="status"><?php echo I18n::encode($STATUS); ?></div>
|
||||||
<div id="errormessage" class="hidden"><?php echo htmlspecialchars($ERROR); ?></div>
|
<div id="errormessage" class="hidden"><?php echo I18n::encode($ERROR); ?></div>
|
||||||
<div id="toolbar">
|
<div id="toolbar">
|
||||||
<button id="newbutton" class="reloadlink hidden"><img src="img/icon_new.png" width="11" height="15" alt="" /><?php echo I18n::_('New'); ?></button>
|
<button id="newbutton" class="reloadlink hidden"><img src="img/icon_new.png" width="11" height="15" alt="" /><?php echo I18n::_('New'); ?></button>
|
||||||
<button id="retrybutton" class="reloadlink hidden"><?php echo I18n::_('Retry'), PHP_EOL; ?></button>
|
<button id="retrybutton" class="reloadlink hidden"><?php echo I18n::_('Retry'), PHP_EOL; ?></button>
|
||||||
@ -200,7 +200,7 @@ endif;
|
|||||||
<?php
|
<?php
|
||||||
if (strlen($URLSHORTENER)):
|
if (strlen($URLSHORTENER)):
|
||||||
?>
|
?>
|
||||||
<button id="shortenbutton" data-shortener="<?php echo htmlspecialchars($URLSHORTENER); ?>"><img src="img/icon_shorten.png" width="13" height="15" /><?php echo I18n::_('Shorten URL'); ?></button>
|
<button id="shortenbutton" data-shortener="<?php echo I18n::encode($URLSHORTENER); ?>"><img src="img/icon_shorten.png" width="13" height="15" /><?php echo I18n::_('Shorten URL'); ?></button>
|
||||||
<?php
|
<?php
|
||||||
endif;
|
endif;
|
||||||
?>
|
?>
|
||||||
|
@ -147,7 +147,11 @@ class I18nTest extends PHPUnit_Framework_TestCase
|
|||||||
{
|
{
|
||||||
$_SERVER['HTTP_ACCEPT_LANGUAGE'] = 'foobar';
|
$_SERVER['HTTP_ACCEPT_LANGUAGE'] = 'foobar';
|
||||||
I18n::loadTranslations();
|
I18n::loadTranslations();
|
||||||
$this->assertEquals('some ' . htmlentities('&<>"\'/`=', ENT_QUOTES | ENT_XHTML | ENT_DISALLOWED, 'UTF-8') . ' + 1', I18n::_('some %s + %d', '&<>"\'/`=', 1), 'browser language en');
|
$input = '&<>"\'/`=';
|
||||||
|
$result = htmlspecialchars($input, ENT_QUOTES | ENT_HTML5 | ENT_DISALLOWED, 'UTF-8', false);
|
||||||
|
$this->assertEquals($result, I18n::encode($input), 'encodes HTML entities');
|
||||||
|
$this->assertEquals('<a>some ' . $result . ' + 1</a>', I18n::_('<a>some %s + %d</a>', $input, 1), 'encodes parameters in translations');
|
||||||
|
$this->assertEquals($result . $result, I18n::_($input . '%s', $input), 'encodes message ID as well, when no link');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testMessageIdsExistInAllLanguages()
|
public function testMessageIdsExistInAllLanguages()
|
||||||
|
Loading…
Reference in New Issue
Block a user