From 207543754c4e7a6b1266952d846dc5c254b9a3d3 Mon Sep 17 00:00:00 2001 From: czaks Date: Sun, 30 Mar 2014 16:40:14 +0200 Subject: [PATCH] SECURITY: remove XSS vulnerability --- inc/lib/gettext/examples/index.php | 27 ------- .../examples/locale/de_CH/LC_MESSAGES/messages.mo | Bin 585 -> 0 bytes .../examples/locale/de_CH/LC_MESSAGES/messages.po | 30 ------- .../examples/locale/sr_CS/LC_MESSAGES/messages.mo | Bin 829 -> 0 bytes .../examples/locale/sr_CS/LC_MESSAGES/messages.po | 30 ------- inc/lib/gettext/examples/pigs_dropin.php | 89 --------------------- inc/lib/gettext/examples/pigs_fallback.php | 88 -------------------- inc/lib/gettext/examples/update | 14 ---- inc/lib/gettext/tests/LocalesTest.php | 75 ----------------- inc/lib/gettext/tests/ParsingTest.php | 60 -------------- 10 files changed, 413 deletions(-) delete mode 100644 inc/lib/gettext/examples/index.php delete mode 100644 inc/lib/gettext/examples/locale/de_CH/LC_MESSAGES/messages.mo delete mode 100644 inc/lib/gettext/examples/locale/de_CH/LC_MESSAGES/messages.po delete mode 100644 inc/lib/gettext/examples/locale/sr_CS/LC_MESSAGES/messages.mo delete mode 100644 inc/lib/gettext/examples/locale/sr_CS/LC_MESSAGES/messages.po delete mode 100644 inc/lib/gettext/examples/pigs_dropin.php delete mode 100644 inc/lib/gettext/examples/pigs_fallback.php delete mode 100755 inc/lib/gettext/examples/update delete mode 100644 inc/lib/gettext/tests/LocalesTest.php delete mode 100644 inc/lib/gettext/tests/ParsingTest.php diff --git a/inc/lib/gettext/examples/index.php b/inc/lib/gettext/examples/index.php deleted file mode 100644 index 263cd3d3..00000000 --- a/inc/lib/gettext/examples/index.php +++ /dev/null @@ -1,27 +0,0 @@ - - -PHP-gettext examples - - -

PHP-gettext

- -

Introduction

-

PHP-gettext provides a simple gettext replacement that works independently from the system's gettext abilities. -It can read MO files and use them for translating strings.

-

This version has the ability to cache all strings and translations to speed up the string lookup. -While the cache is enabled by default, it can be switched off with the second parameter in the constructor (e.g. when using very large MO files -that you don't want to keep in memory)

- - -

Examples

- - -
-

Copyright (c) 2003-2006 Danilo Segan

-

Copyright (c) 2005-2006 Steven Armstrong

- - - diff --git a/inc/lib/gettext/examples/locale/de_CH/LC_MESSAGES/messages.mo b/inc/lib/gettext/examples/locale/de_CH/LC_MESSAGES/messages.mo deleted file mode 100644 index 91930376c54ef58d1650467fc5b15d9d1b03116d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 585 zcmZvZ+e!m55Qf*&&0cz~FgJoCsk?2JvK|oYfkKO7w_cm>j@f9Nlw@kv_Yiy%AIFFA z37lPpDmdgLv-AH+W|NQA<=22?iCJTs%nH+G%D83r7|E)9>)VS# zz-bknR#EO5Y~(P}3T9{s$O07zW9c4{!XL^1tEGkZz@xCUYKoV~}4 zL?;(F=)ATjDNpg?HBPJ}(ep~@;$*74NNob))nzK$4kfWuoJzt3>QU4XaU|*uh?>c6 zv>kDUjp7;~b-CjoUo4^+>W!qyzL~llS&Q0&O{ThGZ{&3_8}{z z^GJt-^jx&&zOuPHbmGipHrGZa&>HIRTkmJZ47CBpWq6s6p~o-sN5V=&^IIL59J~dE S1wpP6F3@L%&I-cvNxlF~0Hja= diff --git a/inc/lib/gettext/examples/locale/de_CH/LC_MESSAGES/messages.po b/inc/lib/gettext/examples/locale/de_CH/LC_MESSAGES/messages.po deleted file mode 100644 index 6e4886b5..00000000 --- a/inc/lib/gettext/examples/locale/de_CH/LC_MESSAGES/messages.po +++ /dev/null @@ -1,30 +0,0 @@ -# Sample translation for PHP-gettext 1.0 -# Copyright (c) 2003 Danilo Segan -# -msgid "" -msgstr "" -"Project-Id-Version: pigs\n" -"Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2003-10-23 04:50+0200\n" -"PO-Revision-Date: 2003-11-01 23:40+0100\n" -"Last-Translator: Danilo Segan \n" -"Language-Team: Serbian (sr) \n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -#"Plural-Forms: nplurals=2; plural=n != 1;\n" - -#: pigs.php:19 -msgid "" -"This is how the story goes.\n" -"\n" -msgstr "" -"Und so geht die Geschichte.\n" -"\n" - -#: pigs.php:21 -#, php-format -msgid "%d pig went to the market\n" -msgid_plural "%d pigs went to the market\n" -msgstr[0] "%d Schwein ging zum Markt\n" -msgstr[1] "%d Schweine gingen zum Markt\n" diff --git a/inc/lib/gettext/examples/locale/sr_CS/LC_MESSAGES/messages.mo b/inc/lib/gettext/examples/locale/sr_CS/LC_MESSAGES/messages.mo deleted file mode 100644 index 497c8830ca84f880f8d484df057c0bf725163edd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 829 zcmah{%We}f6dhihS+b_$vS`(+a_~$-R82Ak(T7y25m6af<0fV@bYe%g(^9Dm3gYnt zNRg2E1Qa125s&f_xSmj@iz2Rk#=iHSW1sQN@2i*JdKi}w*AO+t6~s2e#Un%= z!4PwZ5#qxI&-;S&R|LQ4dDn5C!ws-p2A0ZjdwTO-7-T6NaACkmFg*@^ruMk;|F-nG zy`-0Ez|oTjrA8a64k49XSA5@VEBS;#2AO1?86H7MX_W+&gjJxm=oVe3SV1D$;rp4}amK3?8sdO3h-iJ82FTlH z+K@ysp>u}LB3Nf4%O%|BDHG7_mf4-XeQ8)laI=a6kq%kPNy1q_LY~^qkh!SU(s}gO zR%>JSYC(niYf>1zLy{a0(7oYL&CNm1GSPrek15Sf{2I%m_n0fPAv&^~i8O+h z-OTvye5hDXHl^z82*jXFbzE)0bQz2JfW~nE3k%?u^hO*6a2qHf8}rpTJZ&}Onp-ZG zv}Qoz=x8cI4qZY`fSRyTerWr{j_r4Q0`^z&%#Mp=`x%N6KI}>H+)j!&)8e{;4c_LFn#JWPt$cI -# -msgid "" -msgstr "" -"Project-Id-Version: pigs\n" -"Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2003-10-23 04:50+0200\n" -"PO-Revision-Date: 2006-02-02 21:06+0100\n" -"Last-Translator: Danilo Segan \n" -"Language-Team: Serbian (sr) \n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && " -"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" - -#: pigs.php:19 -msgid "" -"This is how the story goes.\n" -"\n" -msgstr "Овако иде прича.\n\n" - -#: pigs.php:21 -#, php-format -msgid "%d pig went to the market\n" -msgid_plural "%d pigs went to the market\n" -msgstr[0] "%d мало прасе је отишло на пијац\n" -msgstr[1] "%d мала прасета су отишла на пијац\n" -msgstr[2] "%d малих прасића је отишло на пијац\n" diff --git a/inc/lib/gettext/examples/pigs_dropin.php b/inc/lib/gettext/examples/pigs_dropin.php deleted file mode 100644 index 94fd8507..00000000 --- a/inc/lib/gettext/examples/pigs_dropin.php +++ /dev/null @@ -1,89 +0,0 @@ -. - Copyright (c) 2005,2006 Steven Armstrong - - This file is part of PHP-gettext. - - PHP-gettext is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - PHP-gettext is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with PHP-gettext; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -error_reporting(E_ALL | E_STRICT); - -// define constants -define('PROJECT_DIR', realpath('./')); -define('LOCALE_DIR', PROJECT_DIR .'/locale'); -define('DEFAULT_LOCALE', 'en_US'); - -require_once('../gettext.inc'); - -$supported_locales = array('en_US', 'sr_CS', 'de_CH'); -$encoding = 'UTF-8'; - -$locale = (isset($_GET['lang']))? $_GET['lang'] : DEFAULT_LOCALE; - -// gettext setup -T_setlocale(LC_MESSAGES, $locale); -// Set the text domain as 'messages' -$domain = 'messages'; -bindtextdomain($domain, LOCALE_DIR); -// bind_textdomain_codeset is supported only in PHP 4.2.0+ -if (function_exists('bind_textdomain_codeset')) - bind_textdomain_codeset($domain, $encoding); -textdomain($domain); - -header("Content-type: text/html; charset=$encoding"); -?> - - -PHP-gettext dropin example - - -

PHP-gettext as a dropin replacement

-

Example showing how to use PHP-gettext as a dropin replacement for the native gettext library.

-"; -foreach($supported_locales as $l) { - print "[$l] "; -} -print "

\n"; - -if (!locale_emulation()) { - print "

locale '$locale' is supported by your system, using native gettext implementation.

\n"; -} -else { - print "

locale '$locale' is _not_ supported on your system, using the default locale '". DEFAULT_LOCALE ."'.

\n"; -} -?> - -
- -"; -print _("This is how the story goes.\n\n"); -for ($number=6; $number>=0; $number--) { - print sprintf(T_ngettext("%d pig went to the market\n", - "%d pigs went to the market\n", $number), - $number ); -} -print "\n"; -?> - -
-

« back

- - diff --git a/inc/lib/gettext/examples/pigs_fallback.php b/inc/lib/gettext/examples/pigs_fallback.php deleted file mode 100644 index 353190da..00000000 --- a/inc/lib/gettext/examples/pigs_fallback.php +++ /dev/null @@ -1,88 +0,0 @@ -. - Copyright (c) 2005,2006 Steven Armstrong - - This file is part of PHP-gettext. - - PHP-gettext is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - PHP-gettext is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with PHP-gettext; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -error_reporting(E_ALL | E_STRICT); - -// define constants -define('PROJECT_DIR', realpath('./')); -define('LOCALE_DIR', PROJECT_DIR .'/locale'); -define('DEFAULT_LOCALE', 'en_US'); - -require_once('../gettext.inc'); - -$supported_locales = array('en_US', 'sr_CS', 'de_CH'); -$encoding = 'UTF-8'; - -$locale = (isset($_GET['lang']))? $_GET['lang'] : DEFAULT_LOCALE; - -// gettext setup -T_setlocale(LC_MESSAGES, $locale); -// Set the text domain as 'messages' -$domain = 'messages'; -T_bindtextdomain($domain, LOCALE_DIR); -T_bind_textdomain_codeset($domain, $encoding); -T_textdomain($domain); - -header("Content-type: text/html; charset=$encoding"); -?> - - -PHP-gettext fallback example - - -

PHP-gettext as a fallback solution

-

Example showing how to use PHP-gettext as a fallback solution if the native gettext library is not available or the system does not support the requested locale.

- -"; -foreach($supported_locales as $l) { - print "[$l] "; -} -print "

\n"; - -if (!locale_emulation()) { - print "

locale '$locale' is supported by your system, using native gettext implementation.

\n"; -} -else { - print "

locale '$locale' is not supported on your system, using custom gettext implementation.

\n"; -} -?> - -
- -"; -print T_("This is how the story goes.\n\n"); -for ($number=6; $number>=0; $number--) { - print sprintf( T_ngettext("%d pig went to the market\n", - "%d pigs went to the market\n", $number), - $number ); -} -print "\n"; -?> - -
-

« back

- - diff --git a/inc/lib/gettext/examples/update b/inc/lib/gettext/examples/update deleted file mode 100755 index 76b4308a..00000000 --- a/inc/lib/gettext/examples/update +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -TEMPLATE=pigs.pot -xgettext -kT_ngettext:1,2 -kT_ -L PHP -o $TEMPLATE pigs_dropin.php -if [ "x$1" = "x-p" ]; then - msgfmt --statistics $TEMPLATE -else - if [ -f $1.po ]; then - msgmerge -o .tmp$1.po $1.po $TEMPLATE - mv .tmp$1.po $1.po - msgfmt --statistics $1.po - else - echo "Usage: $0 [-p|]" - fi -fi diff --git a/inc/lib/gettext/tests/LocalesTest.php b/inc/lib/gettext/tests/LocalesTest.php deleted file mode 100644 index fab21f86..00000000 --- a/inc/lib/gettext/tests/LocalesTest.php +++ /dev/null @@ -1,75 +0,0 @@ -assertEquals('sr_RS', _setlocale(LC_MESSAGES, 0)); - } - - public function test_setlocale_system() - { - putenv("LC_ALL="); - // For an existing locale, it never needs emulation. - putenv("LANG=C"); - _setlocale(LC_MESSAGES, ""); - $this->assertEquals(0, locale_emulation()); - } - - public function test_setlocale_emulation() - { - putenv("LC_ALL="); - // If we set it to a non-existent locale, it still works, but uses - // emulation. - _setlocale(LC_MESSAGES, "xxx_XXX"); - $this->assertEquals('xxx_XXX', _setlocale(LC_MESSAGES, 0)); - $this->assertEquals(1, locale_emulation()); - } - - public function test_get_list_of_locales() - { - // For a locale containing country code, we prefer - // full locale name, but if that's not found, fall back - // to the language only locale name. - $this->assertEquals(array("sr_RS", "sr"), - get_list_of_locales("sr_RS")); - - // If language code is used, it's the only thing returned. - $this->assertEquals(array("sr"), - get_list_of_locales("sr")); - - // There is support for language and charset only. - $this->assertEquals(array("sr.UTF-8", "sr"), - get_list_of_locales("sr.UTF-8")); - - // It can also split out character set from the full locale name. - $this->assertEquals(array("sr_RS.UTF-8", "sr_RS", "sr"), - get_list_of_locales("sr_RS.UTF-8")); - - // There is support for @modifier in locale names as well. - $this->assertEquals(array("sr_RS.UTF-8@latin", "sr_RS@latin", "sr@latin", - "sr_RS.UTF-8", "sr_RS", "sr"), - get_list_of_locales("sr_RS.UTF-8@latin")); - - // We can pass in only language and modifier. - $this->assertEquals(array("sr@latin", "sr"), - get_list_of_locales("sr@latin")); - - - // If locale name is not following the regular POSIX pattern, - // it's used verbatim. - $this->assertEquals(array("something"), - get_list_of_locales("something")); - - // Passing in an empty string returns an empty array. - $this->assertEquals(array(), - get_list_of_locales("")); - } -} - -?> diff --git a/inc/lib/gettext/tests/ParsingTest.php b/inc/lib/gettext/tests/ParsingTest.php deleted file mode 100644 index ff561989..00000000 --- a/inc/lib/gettext/tests/ParsingTest.php +++ /dev/null @@ -1,60 +0,0 @@ -assertEquals( - 'nplurals=2; plural=n == 1 ? 0 : 1;', - $parser->extract_plural_forms_header_from_po_header("")); - - // Extracting it from the middle of the header works. - $this->assertEquals( - 'nplurals=1; plural=0;', - $parser->extract_plural_forms_header_from_po_header( - "Content-type: text/html; charset=UTF-8\n" - ."Plural-Forms: nplurals=1; plural=0;\n" - ."Last-Translator: nobody\n" - )); - - // It's also case-insensitive. - $this->assertEquals( - 'nplurals=1; plural=0;', - $parser->extract_plural_forms_header_from_po_header( - "PLURAL-forms: nplurals=1; plural=0;\n" - )); - - // It falls back to default if it's not on a separate line. - $this->assertEquals( - 'nplurals=2; plural=n == 1 ? 0 : 1;', - $parser->extract_plural_forms_header_from_po_header( - "Content-type: text/html; charset=UTF-8" // note the missing \n here - ."Plural-Forms: nplurals=1; plural=0;\n" - ."Last-Translator: nobody\n" - )); - } - - /** - * @dataProvider data_provider_test_npgettext - */ - public function test_npgettext($number, $expected) { - $parser = new gettext_reader(NULL); - $result = $parser->npgettext("context", - "%d pig went to the market\n", - "%d pigs went to the market\n", - $number); - $this->assertSame($expected, $result); - } - public static function data_provider_test_npgettext() { - return array( - array(1, "%d pig went to the market\n"), - array(2, "%d pigs went to the market\n"), - ); - } - -} -?>