aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--IkiWiki/Plugin/po.pm47
-rw-r--r--doc/plugins/po.mdwn10
-rw-r--r--doc/plugins/po/discussion.mdwn17
3 files changed, 59 insertions, 15 deletions
diff --git a/IkiWiki/Plugin/po.pm b/IkiWiki/Plugin/po.pm
index e85c9d760..4e6eff94f 100644
--- a/IkiWiki/Plugin/po.pm
+++ b/IkiWiki/Plugin/po.pm
@@ -848,8 +848,8 @@ sub refreshpot ($) {
my $masterfile=shift;
my $potfile=potfile($masterfile);
- my %options = ("markdown" => (pagetype($masterfile) eq 'mdwn') ? 1 : 0);
- my $doc=Locale::Po4a::Chooser::new('text',%options);
+ my $doc=Locale::Po4a::Chooser::new(po4a_type($masterfile),
+ po4a_options($masterfile));
$doc->{TT}{utf_mode} = 1;
$doc->{TT}{file_in_charset} = 'UTF-8';
$doc->{TT}{file_out_charset} = 'UTF-8';
@@ -940,10 +940,8 @@ sub percenttranslated ($) {
return gettext("N/A") unless istranslation($page);
my $file=srcfile($pagesources{$page});
my $masterfile = srcfile($pagesources{masterpage($page)});
- my %options = (
- "markdown" => (pagetype($masterfile) eq 'mdwn') ? 1 : 0,
- );
- my $doc=Locale::Po4a::Chooser::new('text',%options);
+ my $doc=Locale::Po4a::Chooser::new(po4a_type($masterfile),
+ po4a_options($masterfile));
$doc->process(
'po_in_name' => [ $file ],
'file_in_name' => [ $masterfile ],
@@ -1094,10 +1092,8 @@ sub po_to_markup ($$) {
or return $fail->(sprintf(gettext("failed to write %s"), $infile));
my $masterfile = srcfile($pagesources{masterpage($page)});
- my %options = (
- "markdown" => (pagetype($masterfile) eq 'mdwn') ? 1 : 0,
- );
- my $doc=Locale::Po4a::Chooser::new('text',%options);
+ my $doc=Locale::Po4a::Chooser::new(po4a_type($masterfile),
+ po4a_options($masterfile));
$doc->process(
'po_in_name' => [ $infile ],
'file_in_name' => [ $masterfile ],
@@ -1160,6 +1156,37 @@ sub isvalidpo ($) {
"to previous page to continue edit"));
}
+sub po4a_type ($) {
+ my $file = shift;
+
+ my $pagetype = pagetype($file);
+ if ($pagetype eq 'html') {
+ return 'xhtml';
+ }
+ return 'text';
+}
+
+sub po4a_options($) {
+ my $file = shift;
+
+ my %options;
+ my $pagetype = pagetype($file);
+
+ if ($pagetype eq 'html') {
+ # how to disable options is not consistent across po4a modules
+ $options{includessi} = '';
+ $options{includeexternal} = 0;
+ }
+ elsif ($pagetype eq 'mdwn') {
+ $options{markdown} = 1;
+ }
+ else {
+ $options{markdown} = 0;
+ }
+
+ return %options;
+}
+
# ,----
# | PageSpecs
# `----
diff --git a/doc/plugins/po.mdwn b/doc/plugins/po.mdwn
index 646d0cef3..fab6053b3 100644
--- a/doc/plugins/po.mdwn
+++ b/doc/plugins/po.mdwn
@@ -213,16 +213,16 @@ preferred `$EDITOR`, without needing to be online.
Markup languages support
------------------------
-[[Markdown|mdwn]] is well supported. Some other markup languages supported
-by ikiwiki mostly work, but some pieces of syntax are not rendered
-correctly on the slave pages:
+[[Markdown|mdwn]] and [[html]] are well supported. Some other markup
+languages supported by ikiwiki mostly work, but some pieces of syntax
+are not rendered correctly on the slave pages:
* [[reStructuredText|rst]]: anonymous hyperlinks and internal
cross-references
* [[wikitext]]: conversion of newlines to paragraphs
* [[creole]]: verbatim text is wrapped, tables are broken
-* [[html]] and LaTeX: not supported yet; the dedicated po4a modules
- could be used to support them, but they would need a security audit
+* LaTeX: not supported yet; the dedicated po4a module
+ could be used to support it, but it would need a security audit
* other markup languages have not been tested.
Security
diff --git a/doc/plugins/po/discussion.mdwn b/doc/plugins/po/discussion.mdwn
index 27683f1ea..73858c818 100644
--- a/doc/plugins/po/discussion.mdwn
+++ b/doc/plugins/po/discussion.mdwn
@@ -150,6 +150,23 @@ The following analysis was done with his help.
variables; according to [[Joey]], this is "Freaky code, but seems ok
due to use of `quotementa`".
+##### Locale::Po4a::Xhtml
+
+* does not run any external program
+* does not build regexp's from untrusted variables
+
+=> Seems safe as far as the `includessi` option is disabled; the po
+plugin explicitly disables it.
+
+Relies on Locale::Po4a::Xml` to do most of the work.
+
+##### Locale::Po4a::Xml
+
+* does not run any external program
+* the `includeexternal` option makes it able to read external files;
+ the po plugin explicitly disables it
+* untrusted variables are escaped when used to build regexp's
+
##### Text::WrapI18N
`Text::WrapI18N` can cause DoS