Mercurial > defr > drupal > core
comparison includes/locale.inc @ 15:4347c45bb494 6.7
Drupal 6.7
| author | Franck Deroche <webmaster@defr.org> |
|---|---|
| date | Tue, 23 Dec 2008 14:32:44 +0100 |
| parents | 589fb7c02327 |
| children | 3edae6ecd6c6 |
comparison
equal
deleted
inserted
replaced
| 14:626fcabfa4b8 | 15:4347c45bb494 |
|---|---|
| 1 <?php | 1 <?php |
| 2 // $Id: locale.inc,v 1.174.2.4 2008/09/17 08:47:04 goba Exp $ | 2 // $Id: locale.inc,v 1.174.2.5 2008/12/10 21:29:36 goba Exp $ |
| 3 | 3 |
| 4 /** | 4 /** |
| 5 * @file | 5 * @file |
| 6 * Administration functions for locale.module. | 6 * Administration functions for locale.module. |
| 7 */ | 7 */ |
| 662 watchdog('locale', 'The translation import of %filename failed.', $variables, WATCHDOG_ERROR); | 662 watchdog('locale', 'The translation import of %filename failed.', $variables, WATCHDOG_ERROR); |
| 663 } | 663 } |
| 664 } | 664 } |
| 665 else { | 665 else { |
| 666 drupal_set_message(t('File to import not found.'), 'error'); | 666 drupal_set_message(t('File to import not found.'), 'error'); |
| 667 return 'admin/build/translate/import'; | 667 $form_state['redirect'] = 'admin/build/translate/import'; |
| 668 } | 668 } |
| 669 | 669 |
| 670 $form_state['redirect'] = 'admin/build/translate'; | 670 $form_state['redirect'] = 'admin/build/translate'; |
| 671 return; | 671 return; |
| 672 } | 672 } |
| 823 $form['submit'] = array('#type' => 'submit', '#value' => t('Save translations')); | 823 $form['submit'] = array('#type' => 'submit', '#value' => t('Save translations')); |
| 824 return $form; | 824 return $form; |
| 825 } | 825 } |
| 826 | 826 |
| 827 /** | 827 /** |
| 828 * Check that a string is safe to be added or imported as a translation. | |
| 829 * | |
| 830 * This test can be used to detect possibly bad translation strings. It should | |
| 831 * not have any false positives. But it is only a test, not a transformation, | |
| 832 * as it destroys valid HTML. We cannot reliably filter translation strings | |
| 833 * on inport becuase some strings are irreversibly corrupted. For example, | |
| 834 * a & in the translation would get encoded to &amp; by filter_xss() | |
| 835 * before being put in the database, and thus would be displayed incorrectly. | |
| 836 * | |
| 837 * The allowed tag list is like filter_xss_admin(), but omitting div and img as | |
| 838 * not needed for translation and likely to cause layout issues (div) or a | |
| 839 * possible attack vector (img). | |
| 840 */ | |
| 841 function locale_string_is_safe($string) { | |
| 842 return decode_entities($string) == decode_entities(filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'ins', 'kbd', 'li', 'ol', 'p', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var'))); | |
| 843 } | |
| 844 | |
| 845 /** | |
| 846 * Validate string editing form submissions. | |
| 847 */ | |
| 848 function locale_translate_edit_form_validate($form, &$form_state) { | |
| 849 foreach ($form_state['values']['translations'] as $key => $value) { | |
| 850 if (!locale_string_is_safe($value)) { | |
| 851 form_set_error('translations', t('The submitted string contains disallowed HTML: %string', array('%string' => $value))); | |
| 852 watchdog('locale', 'Attempted submission of a translation string with disallowed HTML: %string', array('%string' => $value), WATCHDOG_WARNING); | |
| 853 } | |
| 854 } | |
| 855 } | |
| 856 | |
| 857 /** | |
| 828 * Process string editing form submissions. | 858 * Process string editing form submissions. |
| 859 * | |
| 829 * Saves all translations of one string submitted from a form. | 860 * Saves all translations of one string submitted from a form. |
| 830 */ | 861 */ |
| 831 function locale_translate_edit_form_submit($form, &$form_state) { | 862 function locale_translate_edit_form_submit($form, &$form_state) { |
| 832 $lid = $form_state['values']['lid']; | 863 $lid = $form_state['values']['lid']; |
| 833 foreach ($form_state['values']['translations'] as $key => $value) { | 864 foreach ($form_state['values']['translations'] as $key => $value) { |
| 1001 // Error messages are set in _locale_import_read_po(). | 1032 // Error messages are set in _locale_import_read_po(). |
| 1002 return FALSE; | 1033 return FALSE; |
| 1003 } | 1034 } |
| 1004 | 1035 |
| 1005 // Get status information on import process. | 1036 // Get status information on import process. |
| 1006 list($headerdone, $additions, $updates, $deletes) = _locale_import_one_string('db-report'); | 1037 list($headerdone, $additions, $updates, $deletes, $skips) = _locale_import_one_string('db-report'); |
| 1007 | 1038 |
| 1008 if (!$headerdone) { | 1039 if (!$headerdone) { |
| 1009 drupal_set_message(t('The translation file %filename appears to have a missing or malformed header.', array('%filename' => $file->filename)), 'error'); | 1040 drupal_set_message(t('The translation file %filename appears to have a missing or malformed header.', array('%filename' => $file->filename)), 'error'); |
| 1010 } | 1041 } |
| 1011 | 1042 |
| 1016 // Rebuild the menu, strings may have changed. | 1047 // Rebuild the menu, strings may have changed. |
| 1017 menu_rebuild(); | 1048 menu_rebuild(); |
| 1018 | 1049 |
| 1019 drupal_set_message(t('The translation was successfully imported. There are %number newly created translated strings, %update strings were updated and %delete strings were removed.', array('%number' => $additions, '%update' => $updates, '%delete' => $deletes))); | 1050 drupal_set_message(t('The translation was successfully imported. There are %number newly created translated strings, %update strings were updated and %delete strings were removed.', array('%number' => $additions, '%update' => $updates, '%delete' => $deletes))); |
| 1020 watchdog('locale', 'Imported %file into %locale: %number new strings added, %update updated and %delete removed.', array('%file' => $file->filename, '%locale' => $langcode, '%number' => $additions, '%update' => $updates, '%delete' => $deletes)); | 1051 watchdog('locale', 'Imported %file into %locale: %number new strings added, %update updated and %delete removed.', array('%file' => $file->filename, '%locale' => $langcode, '%number' => $additions, '%update' => $updates, '%delete' => $deletes)); |
| 1052 if ($skips) { | |
| 1053 $skip_message = format_plural($skips, 'One translation string was skipped because it contains disallowed HTML.', '@count translation strings were skipped because they contain disallowed HTML.'); | |
| 1054 drupal_set_message($skip_message); | |
| 1055 watchdog('locale', $skip_message, NULL, WATCHDOG_WARNING); | |
| 1056 } | |
| 1021 return TRUE; | 1057 return TRUE; |
| 1022 } | 1058 } |
| 1023 | 1059 |
| 1024 /** | 1060 /** |
| 1025 * Parses Gettext Portable Object file into an array | 1061 * Parses Gettext Portable Object file into an array |
| 1205 * Object representation of file being imported, only required when op is 'db-store' | 1241 * Object representation of file being imported, only required when op is 'db-store' |
| 1206 * @param $group | 1242 * @param $group |
| 1207 * Text group to import PO file into (eg. 'default' for interface translations) | 1243 * Text group to import PO file into (eg. 'default' for interface translations) |
| 1208 */ | 1244 */ |
| 1209 function _locale_import_one_string($op, $value = NULL, $mode = NULL, $lang = NULL, $file = NULL, $group = 'default') { | 1245 function _locale_import_one_string($op, $value = NULL, $mode = NULL, $lang = NULL, $file = NULL, $group = 'default') { |
| 1210 static $report = array(0, 0, 0); | 1246 static $report = array('additions' => 0, 'updates' => 0, 'deletes' => 0, 'skips' => 0); |
| 1211 static $headerdone = FALSE; | 1247 static $headerdone = FALSE; |
| 1212 static $strings = array(); | 1248 static $strings = array(); |
| 1213 | 1249 |
| 1214 switch ($op) { | 1250 switch ($op) { |
| 1215 // Return stored strings | 1251 // Return stored strings |
| 1221 $strings[$value['msgid']] = $value['msgstr']; | 1257 $strings[$value['msgid']] = $value['msgstr']; |
| 1222 return; | 1258 return; |
| 1223 | 1259 |
| 1224 // Called at end of import to inform the user | 1260 // Called at end of import to inform the user |
| 1225 case 'db-report': | 1261 case 'db-report': |
| 1226 return array($headerdone, $report[0], $report[1], $report[2]); | 1262 return array($headerdone, $report['additions'], $report['updates'], $report['deletes'], $report['skips']); |
| 1227 | 1263 |
| 1228 // Store the string we got in the database. | 1264 // Store the string we got in the database. |
| 1229 case 'db-store': | 1265 case 'db-store': |
| 1230 // We got header information. | 1266 // We got header information. |
| 1231 if ($value['msgid'] == '') { | 1267 if ($value['msgid'] == '') { |
| 1300 */ | 1336 */ |
| 1301 function _locale_import_one_string_db(&$report, $langcode, $source, $translation, $textgroup, $location, $mode, $plid = NULL, $plural = NULL) { | 1337 function _locale_import_one_string_db(&$report, $langcode, $source, $translation, $textgroup, $location, $mode, $plid = NULL, $plural = NULL) { |
| 1302 $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = '%s' AND textgroup = '%s'", $source, $textgroup)); | 1338 $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = '%s' AND textgroup = '%s'", $source, $textgroup)); |
| 1303 | 1339 |
| 1304 if (!empty($translation)) { | 1340 if (!empty($translation)) { |
| 1305 if ($lid) { | 1341 // Skip this string unless it passes a check for dangerous code. |
| 1342 if (!locale_string_is_safe($translation)) { | |
| 1343 $report['skips']++; | |
| 1344 $lid = 0; | |
| 1345 } | |
| 1346 elseif ($lid) { | |
| 1306 // We have this source string saved already. | 1347 // We have this source string saved already. |
| 1307 db_query("UPDATE {locales_source} SET location = '%s' WHERE lid = %d", $location, $lid); | 1348 db_query("UPDATE {locales_source} SET location = '%s' WHERE lid = %d", $location, $lid); |
| 1308 $exists = (bool) db_result(db_query("SELECT lid FROM {locales_target} WHERE lid = %d AND language = '%s'", $lid, $langcode)); | 1349 $exists = (bool) db_result(db_query("SELECT lid FROM {locales_target} WHERE lid = %d AND language = '%s'", $lid, $langcode)); |
| 1309 if (!$exists) { | 1350 if (!$exists) { |
| 1310 // No translation in this language. | 1351 // No translation in this language. |
| 1311 db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (%d, '%s', '%s', %d, %d)", $lid, $langcode, $translation, $plid, $plural); | 1352 db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (%d, '%s', '%s', %d, %d)", $lid, $langcode, $translation, $plid, $plural); |
| 1312 $report[0]++; | 1353 $report['additions']++; |
| 1313 } | 1354 } |
| 1314 else if ($mode == LOCALE_IMPORT_OVERWRITE) { | 1355 else if ($mode == LOCALE_IMPORT_OVERWRITE) { |
| 1315 // Translation exists, only overwrite if instructed. | 1356 // Translation exists, only overwrite if instructed. |
| 1316 db_query("UPDATE {locales_target} SET translation = '%s', plid = %d, plural = %d WHERE language = '%s' AND lid = %d", $translation, $plid, $plural, $langcode, $lid); | 1357 db_query("UPDATE {locales_target} SET translation = '%s', plid = %d, plural = %d WHERE language = '%s' AND lid = %d", $translation, $plid, $plural, $langcode, $lid); |
| 1317 $report[1]++; | 1358 $report['updates']++; |
| 1318 } | 1359 } |
| 1319 } | 1360 } |
| 1320 else { | 1361 else { |
| 1321 // No such source string in the database yet. | 1362 // No such source string in the database yet. |
| 1322 db_query("INSERT INTO {locales_source} (location, source, textgroup) VALUES ('%s', '%s', '%s')", $location, $source, $textgroup); | 1363 db_query("INSERT INTO {locales_source} (location, source, textgroup) VALUES ('%s', '%s', '%s')", $location, $source, $textgroup); |
| 1323 $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = '%s' AND textgroup = '%s'", $source, $textgroup)); | 1364 $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = '%s' AND textgroup = '%s'", $source, $textgroup)); |
| 1324 db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (%d, '%s', '%s', %d, %d)", $lid, $langcode, $translation, $plid, $plural); | 1365 db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (%d, '%s', '%s', %d, %d)", $lid, $langcode, $translation, $plid, $plural); |
| 1325 $report[0]++; | 1366 $report['additions']++; |
| 1326 } | 1367 } |
| 1327 } | 1368 } |
| 1328 elseif ($mode == LOCALE_IMPORT_OVERWRITE) { | 1369 elseif ($mode == LOCALE_IMPORT_OVERWRITE) { |
| 1329 // Empty translation, remove existing if instructed. | 1370 // Empty translation, remove existing if instructed. |
| 1330 db_query("DELETE FROM {locales_target} WHERE language = '%s' AND lid = %d AND plid = %d AND plural = %d", $translation, $langcode, $lid, $plid, $plural); | 1371 db_query("DELETE FROM {locales_target} WHERE language = '%s' AND lid = %d AND plid = %d AND plural = %d", $translation, $langcode, $lid, $plid, $plural); |
| 1331 $report[2]++; | 1372 $report['deletes']++; |
| 1332 } | 1373 } |
| 1333 | 1374 |
| 1334 return $lid; | 1375 return $lid; |
| 1335 } | 1376 } |
| 1336 | 1377 |