mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-03-22 13:10:41 +08:00
ensuring consistent use of php side encoding, testing all encoding cases, correctly report the language in the <html> tag
This commit is contained in:
parent
cc0920fc09
commit
1b206e8495
15
lib/I18n.php
15
lib/I18n.php
|
@ -130,13 +130,26 @@ class I18n
|
|||
if ($argsCount > 1) {
|
||||
for ($i = 0; $i < $argsCount; ++$i) {
|
||||
if (($i > 0 && !is_int($args[$i])) || strpos($args[0], '<a') === false) {
|
||||
$args[$i] = htmlentities($args[$i], ENT_QUOTES | ENT_XHTML | ENT_DISALLOWED, 'UTF-8');
|
||||
$args[$i] = self::encode($args[$i]);
|
||||
}
|
||||
}
|
||||
}
|
||||
return call_user_func_array('sprintf', $args);
|
||||
}
|
||||
|
||||
/**
|
||||
* encode HTML entities for output into an HTML5 document
|
||||
*
|
||||
* @access public
|
||||
* @static
|
||||
* @param string $string
|
||||
* @return string
|
||||
*/
|
||||
public static function encode($string)
|
||||
{
|
||||
return htmlspecialchars($string, ENT_QUOTES | ENT_HTML5 | ENT_DISALLOWED, 'UTF-8', false);
|
||||
}
|
||||
|
||||
/**
|
||||
* loads translations
|
||||
*
|
||||
|
|
|
@ -4,7 +4,7 @@ $isCpct = substr($template, 9, 8) === '-compact';
|
|||
$isDark = substr($template, 9, 5) === '-dark';
|
||||
$isPage = substr($template, -5) === '-page';
|
||||
?><!DOCTYPE html>
|
||||
<html>
|
||||
<html lang="<?php echo I18n::_('en'); ?>">
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
|
@ -440,7 +440,7 @@ if (strlen($NOTICE)):
|
|||
?>
|
||||
<div role="alert" class="alert alert-info">
|
||||
<span class="glyphicon glyphicon-info-sign" aria-hidden="true"></span>
|
||||
<?php echo htmlspecialchars($NOTICE), PHP_EOL; ?>
|
||||
<?php echo I18n::encode($NOTICE), PHP_EOL; ?>
|
||||
</div>
|
||||
<?php
|
||||
endif;
|
||||
|
@ -460,11 +460,11 @@ endif;
|
|||
?>
|
||||
<div id="status" role="alert" class="alert alert-info<?php echo empty($STATUS) ? ' hidden' : '' ?>">
|
||||
<span class="glyphicon glyphicon-info-sign" aria-hidden="true"></span>
|
||||
<?php echo htmlspecialchars($STATUS), PHP_EOL; ?>
|
||||
<?php echo I18n::encode($STATUS), PHP_EOL; ?>
|
||||
</div>
|
||||
<div id="errormessage" role="alert" class="<?php echo empty($ERROR) ? 'hidden' : '' ?> alert alert-danger">
|
||||
<span class="glyphicon glyphicon-alert" aria-hidden="true"></span>
|
||||
<?php echo htmlspecialchars($ERROR), PHP_EOL; ?>
|
||||
<?php echo I18n::encode($ERROR), PHP_EOL; ?>
|
||||
</div>
|
||||
<noscript>
|
||||
<div id="noscript" role="alert" class="alert alert-<?php echo $isDark ? 'error' : 'warning'; ?>">
|
||||
|
@ -504,7 +504,7 @@ endif;
|
|||
if (strlen($URLSHORTENER)):
|
||||
?>
|
||||
<p>
|
||||
<button id="shortenbutton" data-shortener="<?php echo htmlspecialchars($URLSHORTENER); ?>" type="button" class="btn btn-<?php echo $isDark ? 'warning' : 'primary'; ?> btn-block">
|
||||
<button id="shortenbutton" data-shortener="<?php echo I18n::encode($URLSHORTENER); ?>" type="button" class="btn btn-<?php echo $isDark ? 'warning' : 'primary'; ?> btn-block">
|
||||
<span class="glyphicon glyphicon-send" aria-hidden="true"></span> <?php echo I18n::_('Shorten URL'), PHP_EOL; ?>
|
||||
</button>
|
||||
</p>
|
||||
|
|
10
tpl/page.php
10
tpl/page.php
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
use PrivateBin\I18n;
|
||||
?><!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<html lang="<?php echo I18n::_('en'); ?>">
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<meta name="robots" content="noindex" />
|
||||
|
@ -67,7 +67,7 @@ endif;
|
|||
<?php
|
||||
if (strlen($NOTICE)):
|
||||
?>
|
||||
<span class="blink">▶</span> <?php echo htmlspecialchars($NOTICE);
|
||||
<span class="blink">▶</span> <?php echo I18n::encode($NOTICE);
|
||||
endif;
|
||||
?>
|
||||
</div>
|
||||
|
@ -97,8 +97,8 @@ endif;
|
|||
<section>
|
||||
<article>
|
||||
<div id="loadingindicator" class="hidden"><?php echo I18n::_('Loading…'); ?></div>
|
||||
<div id="status"><?php echo htmlspecialchars($STATUS); ?></div>
|
||||
<div id="errormessage" class="hidden"><?php echo htmlspecialchars($ERROR); ?></div>
|
||||
<div id="status"><?php echo I18n::encode($STATUS); ?></div>
|
||||
<div id="errormessage" class="hidden"><?php echo I18n::encode($ERROR); ?></div>
|
||||
<div id="toolbar">
|
||||
<button id="newbutton" class="reloadlink hidden"><img src="img/icon_new.png" width="11" height="15" alt="" /><?php echo I18n::_('New'); ?></button>
|
||||
<button id="retrybutton" class="reloadlink hidden"><?php echo I18n::_('Retry'), PHP_EOL; ?></button>
|
||||
|
@ -207,7 +207,7 @@ endif;
|
|||
<?php
|
||||
if (strlen($URLSHORTENER)):
|
||||
?>
|
||||
<button id="shortenbutton" data-shortener="<?php echo htmlspecialchars($URLSHORTENER); ?>"><img src="img/icon_shorten.png" width="13" height="15" /><?php echo I18n::_('Shorten URL'); ?></button>
|
||||
<button id="shortenbutton" data-shortener="<?php echo I18n::encode($URLSHORTENER); ?>"><img src="img/icon_shorten.png" width="13" height="15" /><?php echo I18n::_('Shorten URL'); ?></button>
|
||||
<?php
|
||||
endif;
|
||||
?>
|
||||
|
|
|
@ -159,7 +159,11 @@ class I18nTest extends PHPUnit_Framework_TestCase
|
|||
{
|
||||
$_SERVER['HTTP_ACCEPT_LANGUAGE'] = 'foobar';
|
||||
I18n::loadTranslations();
|
||||
$this->assertEquals('some ' . htmlentities('&<>"\'/`=', ENT_QUOTES | ENT_XHTML | ENT_DISALLOWED, 'UTF-8') . ' + 1', I18n::_('some %s + %d', '&<>"\'/`=', 1), 'browser language en');
|
||||
$input = '&<>"\'/`=';
|
||||
$result = htmlspecialchars($input, ENT_QUOTES | ENT_HTML5 | ENT_DISALLOWED, 'UTF-8', false);
|
||||
$this->assertEquals($result, I18n::encode($input), 'encodes HTML entities');
|
||||
$this->assertEquals('<a>some ' . $result . ' + 1</a>', I18n::_('<a>some %s + %d</a>', $input, 1), 'encodes parameters in translations');
|
||||
$this->assertEquals($result . $result, I18n::_($input . '%s', $input), 'encodes message ID as well, when no link');
|
||||
}
|
||||
|
||||
public function testMessageIdsExistInAllLanguages()
|
||||
|
|
Loading…
Reference in New Issue
Block a user