[rt-devel] I18N bug fixed

Fri Feb 28 12:01:12 EST 2003

Stan,

	Your first change opens RT up to a cross-site scripting attack, as I
mentioned in January:

http://lists.fsck.com/pipermail/rt-devel/2003-January/002943.html

I suspect that what you really want is to tell mason to a different sort
of html escaping, rather than none. I'll have a look at the fix to
encoding {}

	-j

On Fri, Feb 28, 2003 at 07:42:52AM -0800, Stanislav Sinyagin wrote:
> Hi all, 
> 
> as promised, I tracked down the problem with translations:
> Umlauts and accents and Russian characters were displayed as 
> two Unicode symbols each.
> 
> In lib/RT/Interface/Web.pm, I had to change the Mason encoding:
> 
> In NewApacheHandler and NewCGIHandler, the correct value is:
>         default_escape_flags => 'n',
> otherwise it presents all non-ascii symbols as HTML entities, and that's 
> bad for many languages.
> In addition, in many Mason templates, this escaping is already turned off
> for some hidden reasons, like this here:
> 
> share/html/Elements/TitleBoxStart:      <span class="titleboxright"><%$titleright ? $titleright :
> '&nbsp;' |n %></span>
> 
> In lib/RT/I18N.pm, the procedure "encoding" referenced $self as an object reference, 
> but in fact it was a class name. Here's the corrected version:
> 
> sub encoding { 
>     my $class = shift;
>     my $self = {};
>     bless $self, $class;
> 
> 
> With these fixups, the web interface works like charm, though some 
> words miss translations (I hope they will be updated before the 3.0 release).
> I tested German, French, and Russian. I didn't test the email interface.
> 
> Now the language is determined from the browser preferences. 
> It would be nice to have the menu for chosing the language, 
> both before logging in and after that.
> 
> Cheers, 
> Stan
> _______________________________________________
> rt-devel mailing list
> rt-devel at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-devel

-- 
http://www.bestpractical.com/rt  -- Trouble Ticketing. Free.