[wp-trac] [WordPress Trac] #59656: Merge Performant Translations (Ginger MO)
WordPress Trac
noreply at wordpress.org
Wed Nov 22 10:49:36 UTC 2023
#59656: Merge Performant Translations (Ginger MO)
--------------------------------------+--------------------------
Reporter: swissspidy | Owner: swissspidy
Type: enhancement | Status: assigned
Priority: high | Milestone: 6.5
Component: I18N | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses: performance
--------------------------------------+--------------------------
Comment (by akirk):
Since this [https://github.com/WordPress/wordpress-develop/pull/5306/files
#diff-825d3bd19a2013ae1cc15ec7086ab9eb61ddf82a9de20be5a4961079eae7687eR24
adds the ability to include a PHP file generated elsewhere], I am worried
that this potentially creates a vector for putting malicious code in
translation files that didn't exist before.
The contents of the PHP file is predictable, we could parse it easily
using PHP's token_get_all() function. We could introduce a "secure" mode
where the file would be checked before it is included.
Although, since this is about performance, we likely don't want to add a
performance penalty. Thus we could try and use a checksum to ensure the
file was not changed after it has been checked.
What do you think?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59656#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list