From 207543754c4e7a6b1266952d846dc5c254b9a3d3 Mon Sep 17 00:00:00 2001
From: czaks
Date: Sun, 30 Mar 2014 16:40:14 +0200
Subject: [PATCH] SECURITY: remove XSS vulnerability
---
inc/lib/gettext/examples/index.php | 27 -------
.../examples/locale/de_CH/LC_MESSAGES/messages.mo | Bin 585 -> 0 bytes
.../examples/locale/de_CH/LC_MESSAGES/messages.po | 30 -------
.../examples/locale/sr_CS/LC_MESSAGES/messages.mo | Bin 829 -> 0 bytes
.../examples/locale/sr_CS/LC_MESSAGES/messages.po | 30 -------
inc/lib/gettext/examples/pigs_dropin.php | 89 ---------------------
inc/lib/gettext/examples/pigs_fallback.php | 88 --------------------
inc/lib/gettext/examples/update | 14 ----
inc/lib/gettext/tests/LocalesTest.php | 75 -----------------
inc/lib/gettext/tests/ParsingTest.php | 60 --------------
10 files changed, 413 deletions(-)
delete mode 100644 inc/lib/gettext/examples/index.php
delete mode 100644 inc/lib/gettext/examples/locale/de_CH/LC_MESSAGES/messages.mo
delete mode 100644 inc/lib/gettext/examples/locale/de_CH/LC_MESSAGES/messages.po
delete mode 100644 inc/lib/gettext/examples/locale/sr_CS/LC_MESSAGES/messages.mo
delete mode 100644 inc/lib/gettext/examples/locale/sr_CS/LC_MESSAGES/messages.po
delete mode 100644 inc/lib/gettext/examples/pigs_dropin.php
delete mode 100644 inc/lib/gettext/examples/pigs_fallback.php
delete mode 100755 inc/lib/gettext/examples/update
delete mode 100644 inc/lib/gettext/tests/LocalesTest.php
delete mode 100644 inc/lib/gettext/tests/ParsingTest.php
diff --git a/inc/lib/gettext/examples/index.php b/inc/lib/gettext/examples/index.php
deleted file mode 100644
index 263cd3d3..00000000
--- a/inc/lib/gettext/examples/index.php
+++ /dev/null
@@ -1,27 +0,0 @@
-
-
-PHP-gettext examples
-
-
-PHP-gettext
-
-Introduction
-PHP-gettext provides a simple gettext replacement that works independently from the system's gettext abilities.
-It can read MO files and use them for translating strings.
-This version has the ability to cache all strings and translations to speed up the string lookup.
-While the cache is enabled by default, it can be switched off with the second parameter in the constructor (e.g. when using very large MO files
-that you don't want to keep in memory)
-
-
-Examples
-
-
-
-Copyright (c) 2003-2006 Danilo Segan
-Copyright (c) 2005-2006 Steven Armstrong
-
-
-
diff --git a/inc/lib/gettext/examples/locale/de_CH/LC_MESSAGES/messages.mo b/inc/lib/gettext/examples/locale/de_CH/LC_MESSAGES/messages.mo
deleted file mode 100644
index 91930376c54ef58d1650467fc5b15d9d1b03116d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 585
zcmZvZ+e!m55Qf*&&0cz~FgJoCsk?2JvK|oYfkKO7w_cm>j@f9Nlw@kv_Yiy%AIFFA
z37lPpDmdgLv-AH+W|NQA<=22?iCJTs%nH+G%D83r7|E)9>)VS#
zz-bknR#EO5Y~(P}3T9{s$O07zW9c4{!XL^1tEGkZz@xCUYKoV~}4
zL?;(F=)ATjDNpg?HBPJ}(ep~@;$*74NNob))nzK$4kfWuoJzt3>QU4XaU|*uh?>c6
zv>kDUjp7;~b-CjoUo4^+>W!qyzL~llS&Q0&O{ThGZ{&3_8}{z
z^GJt-^jx&&zOuPHbmGipHrGZa&>HIRTkmJZ47CBpWq6s6p~o-sN5V=&^IIL59J~dE
S1wpP6F3@L%&I-cvNxlF~0Hja=
diff --git a/inc/lib/gettext/examples/locale/de_CH/LC_MESSAGES/messages.po b/inc/lib/gettext/examples/locale/de_CH/LC_MESSAGES/messages.po
deleted file mode 100644
index 6e4886b5..00000000
--- a/inc/lib/gettext/examples/locale/de_CH/LC_MESSAGES/messages.po
+++ /dev/null
@@ -1,30 +0,0 @@
-# Sample translation for PHP-gettext 1.0
-# Copyright (c) 2003 Danilo Segan
-#
-msgid ""
-msgstr ""
-"Project-Id-Version: pigs\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2003-10-23 04:50+0200\n"
-"PO-Revision-Date: 2003-11-01 23:40+0100\n"
-"Last-Translator: Danilo Segan \n"
-"Language-Team: Serbian (sr) \n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-#"Plural-Forms: nplurals=2; plural=n != 1;\n"
-
-#: pigs.php:19
-msgid ""
-"This is how the story goes.\n"
-"\n"
-msgstr ""
-"Und so geht die Geschichte.\n"
-"\n"
-
-#: pigs.php:21
-#, php-format
-msgid "%d pig went to the market\n"
-msgid_plural "%d pigs went to the market\n"
-msgstr[0] "%d Schwein ging zum Markt\n"
-msgstr[1] "%d Schweine gingen zum Markt\n"
diff --git a/inc/lib/gettext/examples/locale/sr_CS/LC_MESSAGES/messages.mo b/inc/lib/gettext/examples/locale/sr_CS/LC_MESSAGES/messages.mo
deleted file mode 100644
index 497c8830ca84f880f8d484df057c0bf725163edd..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 829
zcmah{%We}f6dhihS+b_$vS`(+a_~$-R82Ak(T7y25m6af<0fV@bYe%g(^9Dm3gYnt
zNRg2E1Qa125s&f_xSmj@iz2Rk#=iHSW1sQN@2i*JdKi}w*AO+t6~s2e#Un%=
z!4PwZ5#qxI&-;S&R|LQ4dDn5C!ws-p2A0ZjdwTO-7-T6NaACkmFg*@^ruMk;|F-nG
zy`-0Ez|oTjrA8a64k49XSA5@VEBS;#2AO1?86H7MX_W+&gjJxm=oVe3SV1D$;rp4}amK3?8sdO3h-iJ82FTlH
z+K@ysp>u}LB3Nf4%O%|BDHG7_mf4-XeQ8)laI=a6kq%kPNy1q_LY~^qkh!SU(s}gO
zR%>JSYC(niYf>1zLy{a0(7oYL&CNm1GSPrek15Sf{2I%m_n0fPAv&^~i8O+h
z-OTvye5hDXHl^z82*jXFbzE)0bQz2JfW~nE3k%?u^hO*6a2qHf8}rpTJZ&}Onp-ZG
zv}Qoz=x8cI4qZY`fSRyTerWr{j_r4Q0`^z&%#Mp=`x%N6KI}>H+)j!&)8e{;4c_LFn#JWPt$cI
-#
-msgid ""
-msgstr ""
-"Project-Id-Version: pigs\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2003-10-23 04:50+0200\n"
-"PO-Revision-Date: 2006-02-02 21:06+0100\n"
-"Last-Translator: Danilo Segan \n"
-"Language-Team: Serbian (sr) \n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
-"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-
-#: pigs.php:19
-msgid ""
-"This is how the story goes.\n"
-"\n"
-msgstr "Овако иде прича.\n\n"
-
-#: pigs.php:21
-#, php-format
-msgid "%d pig went to the market\n"
-msgid_plural "%d pigs went to the market\n"
-msgstr[0] "%d мало прасе је отишло на пијац\n"
-msgstr[1] "%d мала прасета су отишла на пијац\n"
-msgstr[2] "%d малих прасића је отишло на пијац\n"
diff --git a/inc/lib/gettext/examples/pigs_dropin.php b/inc/lib/gettext/examples/pigs_dropin.php
deleted file mode 100644
index 94fd8507..00000000
--- a/inc/lib/gettext/examples/pigs_dropin.php
+++ /dev/null
@@ -1,89 +0,0 @@
-.
- Copyright (c) 2005,2006 Steven Armstrong
-
- This file is part of PHP-gettext.
-
- PHP-gettext is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- PHP-gettext is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with PHP-gettext; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-*/
-
-error_reporting(E_ALL | E_STRICT);
-
-// define constants
-define('PROJECT_DIR', realpath('./'));
-define('LOCALE_DIR', PROJECT_DIR .'/locale');
-define('DEFAULT_LOCALE', 'en_US');
-
-require_once('../gettext.inc');
-
-$supported_locales = array('en_US', 'sr_CS', 'de_CH');
-$encoding = 'UTF-8';
-
-$locale = (isset($_GET['lang']))? $_GET['lang'] : DEFAULT_LOCALE;
-
-// gettext setup
-T_setlocale(LC_MESSAGES, $locale);
-// Set the text domain as 'messages'
-$domain = 'messages';
-bindtextdomain($domain, LOCALE_DIR);
-// bind_textdomain_codeset is supported only in PHP 4.2.0+
-if (function_exists('bind_textdomain_codeset'))
- bind_textdomain_codeset($domain, $encoding);
-textdomain($domain);
-
-header("Content-type: text/html; charset=$encoding");
-?>
-
-
-PHP-gettext dropin example
-
-
-PHP-gettext as a dropin replacement
-Example showing how to use PHP-gettext as a dropin replacement for the native gettext library.
-";
-foreach($supported_locales as $l) {
- print "[$l] ";
-}
-print "
\n";
-
-if (!locale_emulation()) {
- print "locale '$locale' is supported by your system, using native gettext implementation.
\n";
-}
-else {
- print "locale '$locale' is _not_ supported on your system, using the default locale '". DEFAULT_LOCALE ."'.
\n";
-}
-?>
-
-
-
-";
-print _("This is how the story goes.\n\n");
-for ($number=6; $number>=0; $number--) {
- print sprintf(T_ngettext("%d pig went to the market\n",
- "%d pigs went to the market\n", $number),
- $number );
-}
-print "\n";
-?>
-
-
-« back
-
-
diff --git a/inc/lib/gettext/examples/pigs_fallback.php b/inc/lib/gettext/examples/pigs_fallback.php
deleted file mode 100644
index 353190da..00000000
--- a/inc/lib/gettext/examples/pigs_fallback.php
+++ /dev/null
@@ -1,88 +0,0 @@
-.
- Copyright (c) 2005,2006 Steven Armstrong
-
- This file is part of PHP-gettext.
-
- PHP-gettext is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- PHP-gettext is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with PHP-gettext; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-*/
-
-error_reporting(E_ALL | E_STRICT);
-
-// define constants
-define('PROJECT_DIR', realpath('./'));
-define('LOCALE_DIR', PROJECT_DIR .'/locale');
-define('DEFAULT_LOCALE', 'en_US');
-
-require_once('../gettext.inc');
-
-$supported_locales = array('en_US', 'sr_CS', 'de_CH');
-$encoding = 'UTF-8';
-
-$locale = (isset($_GET['lang']))? $_GET['lang'] : DEFAULT_LOCALE;
-
-// gettext setup
-T_setlocale(LC_MESSAGES, $locale);
-// Set the text domain as 'messages'
-$domain = 'messages';
-T_bindtextdomain($domain, LOCALE_DIR);
-T_bind_textdomain_codeset($domain, $encoding);
-T_textdomain($domain);
-
-header("Content-type: text/html; charset=$encoding");
-?>
-
-
-PHP-gettext fallback example
-
-
-PHP-gettext as a fallback solution
-Example showing how to use PHP-gettext as a fallback solution if the native gettext library is not available or the system does not support the requested locale.
-
-";
-foreach($supported_locales as $l) {
- print "[$l] ";
-}
-print "\n";
-
-if (!locale_emulation()) {
- print "locale '$locale' is supported by your system, using native gettext implementation.
\n";
-}
-else {
- print "locale '$locale' is not supported on your system, using custom gettext implementation.
\n";
-}
-?>
-
-
-
-";
-print T_("This is how the story goes.\n\n");
-for ($number=6; $number>=0; $number--) {
- print sprintf( T_ngettext("%d pig went to the market\n",
- "%d pigs went to the market\n", $number),
- $number );
-}
-print "\n";
-?>
-
-
-« back
-
-
diff --git a/inc/lib/gettext/examples/update b/inc/lib/gettext/examples/update
deleted file mode 100755
index 76b4308a..00000000
--- a/inc/lib/gettext/examples/update
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-TEMPLATE=pigs.pot
-xgettext -kT_ngettext:1,2 -kT_ -L PHP -o $TEMPLATE pigs_dropin.php
-if [ "x$1" = "x-p" ]; then
- msgfmt --statistics $TEMPLATE
-else
- if [ -f $1.po ]; then
- msgmerge -o .tmp$1.po $1.po $TEMPLATE
- mv .tmp$1.po $1.po
- msgfmt --statistics $1.po
- else
- echo "Usage: $0 [-p|]"
- fi
-fi
diff --git a/inc/lib/gettext/tests/LocalesTest.php b/inc/lib/gettext/tests/LocalesTest.php
deleted file mode 100644
index fab21f86..00000000
--- a/inc/lib/gettext/tests/LocalesTest.php
+++ /dev/null
@@ -1,75 +0,0 @@
-assertEquals('sr_RS', _setlocale(LC_MESSAGES, 0));
- }
-
- public function test_setlocale_system()
- {
- putenv("LC_ALL=");
- // For an existing locale, it never needs emulation.
- putenv("LANG=C");
- _setlocale(LC_MESSAGES, "");
- $this->assertEquals(0, locale_emulation());
- }
-
- public function test_setlocale_emulation()
- {
- putenv("LC_ALL=");
- // If we set it to a non-existent locale, it still works, but uses
- // emulation.
- _setlocale(LC_MESSAGES, "xxx_XXX");
- $this->assertEquals('xxx_XXX', _setlocale(LC_MESSAGES, 0));
- $this->assertEquals(1, locale_emulation());
- }
-
- public function test_get_list_of_locales()
- {
- // For a locale containing country code, we prefer
- // full locale name, but if that's not found, fall back
- // to the language only locale name.
- $this->assertEquals(array("sr_RS", "sr"),
- get_list_of_locales("sr_RS"));
-
- // If language code is used, it's the only thing returned.
- $this->assertEquals(array("sr"),
- get_list_of_locales("sr"));
-
- // There is support for language and charset only.
- $this->assertEquals(array("sr.UTF-8", "sr"),
- get_list_of_locales("sr.UTF-8"));
-
- // It can also split out character set from the full locale name.
- $this->assertEquals(array("sr_RS.UTF-8", "sr_RS", "sr"),
- get_list_of_locales("sr_RS.UTF-8"));
-
- // There is support for @modifier in locale names as well.
- $this->assertEquals(array("sr_RS.UTF-8@latin", "sr_RS@latin", "sr@latin",
- "sr_RS.UTF-8", "sr_RS", "sr"),
- get_list_of_locales("sr_RS.UTF-8@latin"));
-
- // We can pass in only language and modifier.
- $this->assertEquals(array("sr@latin", "sr"),
- get_list_of_locales("sr@latin"));
-
-
- // If locale name is not following the regular POSIX pattern,
- // it's used verbatim.
- $this->assertEquals(array("something"),
- get_list_of_locales("something"));
-
- // Passing in an empty string returns an empty array.
- $this->assertEquals(array(),
- get_list_of_locales(""));
- }
-}
-
-?>
diff --git a/inc/lib/gettext/tests/ParsingTest.php b/inc/lib/gettext/tests/ParsingTest.php
deleted file mode 100644
index ff561989..00000000
--- a/inc/lib/gettext/tests/ParsingTest.php
+++ /dev/null
@@ -1,60 +0,0 @@
-assertEquals(
- 'nplurals=2; plural=n == 1 ? 0 : 1;',
- $parser->extract_plural_forms_header_from_po_header(""));
-
- // Extracting it from the middle of the header works.
- $this->assertEquals(
- 'nplurals=1; plural=0;',
- $parser->extract_plural_forms_header_from_po_header(
- "Content-type: text/html; charset=UTF-8\n"
- ."Plural-Forms: nplurals=1; plural=0;\n"
- ."Last-Translator: nobody\n"
- ));
-
- // It's also case-insensitive.
- $this->assertEquals(
- 'nplurals=1; plural=0;',
- $parser->extract_plural_forms_header_from_po_header(
- "PLURAL-forms: nplurals=1; plural=0;\n"
- ));
-
- // It falls back to default if it's not on a separate line.
- $this->assertEquals(
- 'nplurals=2; plural=n == 1 ? 0 : 1;',
- $parser->extract_plural_forms_header_from_po_header(
- "Content-type: text/html; charset=UTF-8" // note the missing \n here
- ."Plural-Forms: nplurals=1; plural=0;\n"
- ."Last-Translator: nobody\n"
- ));
- }
-
- /**
- * @dataProvider data_provider_test_npgettext
- */
- public function test_npgettext($number, $expected) {
- $parser = new gettext_reader(NULL);
- $result = $parser->npgettext("context",
- "%d pig went to the market\n",
- "%d pigs went to the market\n",
- $number);
- $this->assertSame($expected, $result);
- }
- public static function data_provider_test_npgettext() {
- return array(
- array(1, "%d pig went to the market\n"),
- array(2, "%d pigs went to the market\n"),
- );
- }
-
-}
-?>