gnucash-htdocs master: Update php-gettext to latest Debian patch.
John Ralls
jralls at code.gnucash.org
Fri Mar 31 17:24:39 EDT 2023
Updated via https://github.com/Gnucash/gnucash-htdocs/commit/aaaf2699 (commit)
from https://github.com/Gnucash/gnucash-htdocs/commit/9dae2198 (commit)
commit aaaf269954707f346fd45e8cf7b7ac2793d2f24a
Author: John Ralls <jralls at ceridwen.us>
Date: Fri Mar 31 14:18:58 2023 -0700
Update php-gettext to latest Debian patch.
Fixes CVE-2016-6175, among other things.
diff --git a/externals/gettext.inc b/externals/gettext.inc
index 399a0f2..423eb77 100644
--- a/externals/gettext.inc
+++ b/externals/gettext.inc
@@ -32,7 +32,6 @@ LC_MESSAGES 5
LC_ALL 6
*/
-
// LC_MESSAGES is not available if php-gettext is not loaded
// while the other constants are already available from session extension.
if (!defined('LC_MESSAGES')) {
@@ -168,21 +167,20 @@ function _check_locale_and_function($function=false) {
function _get_codeset($domain=null) {
global $text_domains, $default_domain, $LC_CATEGORIES;
if (!isset($domain)) $domain = $default_domain;
- return (isset($text_domains[$domain]->codeset))? $text_domains[$domain]->codeset : ini_get('mbstring.internal_encoding');
+ return (isset($text_domains[$domain]->codeset))? $text_domains[$domain]->codeset : ini_get('default_charset');
}
/**
* Convert the given string to the encoding set by bind_textdomain_codeset.
*/
function _encode($text) {
+ $target_encoding = _get_codeset();
+ if (function_exists("mb_detect_encoding")) {
$source_encoding = mb_detect_encoding($text);
- $target_encoding = _get_codeset();
- if ($source_encoding != $target_encoding) {
- return mb_convert_encoding($text, $target_encoding, $source_encoding);
- }
- else {
- return $text;
- }
+ if ($source_encoding != $target_encoding)
+ $text = mb_convert_encoding($text, $target_encoding, $source_encoding);
+ }
+ return $text;
}
@@ -229,7 +227,9 @@ function _setlocale($category, $locale) {
}
// Allow locale to be changed on the go for one translation domain.
global $text_domains, $default_domain;
- unset($text_domains[$default_domain]->l10n);
+ if (array_key_exists($default_domain, $text_domains)) {
+ unset($text_domains[$default_domain]->l10n);
+ }
return $CURRENTLOCALE;
}
}
@@ -288,9 +288,9 @@ function __($msgid) {
/**
* Plural version of gettext.
*/
-function _ngettext($single, $plural, $number) {
+function _ngettext($singular, $plural, $number) {
$l10n = _get_reader();
- return _encode($l10n->ngettext($single, $plural, $number));
+ return _encode($l10n->ngettext($singular, $plural, $number));
}
/**
@@ -304,9 +304,9 @@ function _dgettext($domain, $msgid) {
/**
* Plural version of dgettext.
*/
-function _dngettext($domain, $single, $plural, $number) {
+function _dngettext($domain, $singular, $plural, $number) {
$l10n = _get_reader($domain);
- return _encode($l10n->ngettext($single, $plural, $number));
+ return _encode($l10n->ngettext($singular, $plural, $number));
}
/**
@@ -319,9 +319,9 @@ function _dcgettext($domain, $msgid, $category) {
/**
* Plural version of dcgettext.
*/
-function _dcngettext($domain, $single, $plural, $number, $category) {
+function _dcngettext($domain, $singular, $plural, $number, $category) {
$l10n = _get_reader($domain, $category);
- return _encode($l10n->ngettext($single, $plural, $number));
+ return _encode($l10n->ngettext($singular, $plural, $number));
}
/**
@@ -405,29 +405,29 @@ function T_($msgid) {
if (_check_locale_and_function()) return _($msgid);
return __($msgid);
}
-function T_ngettext($single, $plural, $number) {
+function T_ngettext($singular, $plural, $number) {
if (_check_locale_and_function())
- return ngettext($single, $plural, $number);
- else return _ngettext($single, $plural, $number);
+ return ngettext($singular, $plural, $number);
+ else return _ngettext($singular, $plural, $number);
}
function T_dgettext($domain, $msgid) {
if (_check_locale_and_function()) return dgettext($domain, $msgid);
else return _dgettext($domain, $msgid);
}
-function T_dngettext($domain, $single, $plural, $number) {
+function T_dngettext($domain, $singular, $plural, $number) {
if (_check_locale_and_function())
- return dngettext($domain, $single, $plural, $number);
- else return _dngettext($domain, $single, $plural, $number);
+ return dngettext($domain, $singular, $plural, $number);
+ else return _dngettext($domain, $singular, $plural, $number);
}
function T_dcgettext($domain, $msgid, $category) {
if (_check_locale_and_function())
return dcgettext($domain, $msgid, $category);
else return _dcgettext($domain, $msgid, $category);
}
-function T_dcngettext($domain, $single, $plural, $number, $category) {
+function T_dcngettext($domain, $singular, $plural, $number, $category) {
if (_check_locale_and_function())
- return dcngettext($domain, $single, $plural, $number, $category);
- else return _dcngettext($domain, $single, $plural, $number, $category);
+ return dcngettext($domain, $singular, $plural, $number, $category);
+ else return _dcngettext($domain, $singular, $plural, $number, $category);
}
function T_pgettext($context, $msgid) {
@@ -451,26 +451,27 @@ function T_dcpgettext($domain, $context, $msgid, $category) {
return _dcpgettext($domain, $context, $msgid, $category);
}
-function T_npgettext($context, $singular, $plural) {
+function T_npgettext($context, $singular, $plural, $number) {
if (_check_locale_and_function('npgettext'))
- return npgettext($context, $single, $plural, $number);
+ return npgettext($context, $singular, $plural, $number);
else
- return _npgettext($context, $single, $plural, $number);
+ return _npgettext($context, $singular, $plural, $number);
}
-function T_dnpgettext($domain, $context, $singular, $plural) {
+function T_dnpgettext($domain, $context, $singular, $plural, $number) {
if (_check_locale_and_function('dnpgettext'))
- return dnpgettext($domain, $context, $single, $plural, $number);
+ return dnpgettext($domain, $context, $singular, $plural, $number);
else
- return _dnpgettext($domain, $context, $single, $plural, $number);
+ return _dnpgettext($domain, $context, $singular, $plural, $number);
}
-function T_dcnpgettext($domain, $context, $singular, $plural, $category) {
+function T_dcnpgettext($domain, $context, $singular, $plural,
+ $number, $category) {
if (_check_locale_and_function('dcnpgettext'))
- return dcnpgettext($domain, $context, $single,
+ return dcnpgettext($domain, $context, $singular,
$plural, $number, $category);
else
- return _dcnpgettext($domain, $context, $single,
+ return _dcnpgettext($domain, $context, $singular,
$plural, $number, $category);
}
@@ -494,39 +495,39 @@ if (!function_exists('gettext')) {
function _($msgid) {
return __($msgid);
}
- function ngettext($single, $plural, $number) {
- return _ngettext($single, $plural, $number);
+ function ngettext($singular, $plural, $number) {
+ return _ngettext($singular, $plural, $number);
}
function dgettext($domain, $msgid) {
return _dgettext($domain, $msgid);
}
- function dngettext($domain, $single, $plural, $number) {
- return _dngettext($domain, $single, $plural, $number);
+ function dngettext($domain, $singular, $plural, $number) {
+ return _dngettext($domain, $singular, $plural, $number);
}
function dcgettext($domain, $msgid, $category) {
return _dcgettext($domain, $msgid, $category);
}
- function dcngettext($domain, $single, $plural, $number, $category) {
- return _dcngettext($domain, $single, $plural, $number, $category);
+ function dcngettext($domain, $singular, $plural, $number, $category) {
+ return _dcngettext($domain, $singular, $plural, $number, $category);
}
function pgettext($context, $msgid) {
return _pgettext($context, $msgid);
}
- function npgettext($context, $single, $plural, $number) {
- return _npgettext($context, $single, $plural, $number);
+ function npgettext($context, $singular, $plural, $number) {
+ return _npgettext($context, $singular, $plural, $number);
}
function dpgettext($domain, $context, $msgid) {
return _dpgettext($domain, $context, $msgid);
}
- function dnpgettext($domain, $context, $single, $plural, $number) {
- return _dnpgettext($domain, $context, $single, $plural, $number);
+ function dnpgettext($domain, $context, $singular, $plural, $number) {
+ return _dnpgettext($domain, $context, $singular, $plural, $number);
}
function dcpgettext($domain, $context, $msgid, $category) {
return _dcpgettext($domain, $context, $msgid, $category);
}
- function dcnpgettext($domain, $context, $single, $plural,
+ function dcnpgettext($domain, $context, $singular, $plural,
$number, $category) {
- return _dcnpgettext($domain, $context, $single, $plural,
+ return _dcnpgettext($domain, $context, $singular, $plural,
$number, $category);
}
}
diff --git a/externals/gettext.php b/externals/gettext.php
index de50b8c..295d4b0 100644
--- a/externals/gettext.php
+++ b/externals/gettext.php
@@ -21,6 +21,8 @@
*/
+require('plurals.php');
+
/**
* Provides a simple gettext replacement that works independently from
* the system's gettext abilities.
@@ -98,7 +100,7 @@ class gettext_reader {
* @param object Reader the StreamReader object
* @param boolean enable_cache Enable or disable caching of strings (default on)
*/
- function gettext_reader($Reader, $enable_cache = true) {
+ function __construct($Reader, $enable_cache = true) {
// If there isn't a StreamReader, turn on short circuit mode.
if (! $Reader || isset($Reader->error) ) {
$this->short_circuit = true;
@@ -139,18 +141,16 @@ class gettext_reader {
*/
function load_tables() {
if (is_array($this->cache_translations) &&
- is_array($this->table_originals) &&
- is_array($this->table_translations))
+ is_array($this->table_originals) &&
+ is_array($this->table_translations))
return;
/* get original and translations tables */
- if ($this->table_originals &&
- !is_array($this->table_originals)) {
+ if (!is_array($this->table_originals)) {
$this->STREAM->seekto($this->originals);
$this->table_originals = $this->readintarray($this->total * 2);
}
- if ($this->table_translations &&
- !is_array($this->table_translations)) {
+ if (!is_array($this->table_translations)) {
$this->STREAM->seekto($this->translations);
$this->table_translations = $this->readintarray($this->total * 2);
}
@@ -271,41 +271,6 @@ class gettext_reader {
}
}
- /**
- * Sanitize plural form expression for use in PHP eval call.
- *
- * @access private
- * @return string sanitized plural form expression
- */
- function sanitize_plural_expression($expr) {
- // Get rid of disallowed characters.
- $expr = preg_replace('@[^a-zA-Z0-9_:;\(\)\?\|\&=!<>+*/\%-]@', '', $expr);
-
- // Add parenthesis for tertiary '?' operator.
- $expr .= ';';
- $res = '';
- $p = 0;
- for ($i = 0; $i < strlen($expr); $i++) {
- $ch = $expr[$i];
- switch ($ch) {
- case '?':
- $res .= ' ? (';
- $p++;
- break;
- case ':':
- $res .= ') : (';
- break;
- case ';':
- $res .= str_repeat( ')', $p) . ';';
- $p = 0;
- break;
- default:
- $res .= $ch;
- }
- }
- return $res;
- }
-
/**
* Parse full PO header and extract only plural forms line.
*
@@ -332,14 +297,14 @@ class gettext_reader {
$this->load_tables();
// cache header field for plural forms
- if (! is_string($this->pluralheader)) {
+ if ($this->pluralheader === NULL) {
if ($this->enable_cache) {
$header = $this->cache_translations[""];
} else {
$header = $this->get_translation_string(0);
}
$expr = $this->extract_plural_forms_header_from_po_header($header);
- $this->pluralheader = $this->sanitize_plural_expression($expr);
+ $this->pluralheader = new PluralHeader($expr);
}
return $this->pluralheader;
}
@@ -352,16 +317,16 @@ class gettext_reader {
* @return int array index of the right plural form
*/
function select_string($n) {
- $string = $this->get_plural_forms();
- $string = str_replace('nplurals',"\$total",$string);
- $string = str_replace("n",$n,$string);
- $string = str_replace('plural',"\$plural",$string);
+ if (!is_int($n)) {
+ throw new InvalidArgumentException(
+ "Select_string only accepts integers: " . $n);
+ }
+ $plural_header = $this->get_plural_forms();
+ $plural = $plural_header->expression->evaluate($n);
- $total = 0;
- $plural = 0;
+ if ($plural < 0) $plural = 0;
+ if ($plural >= $plural_header->total) $plural = $plural_header->total - 1;
- eval("$string");
- if ($plural >= $total) $plural = $total - 1;
return $plural;
}
@@ -411,12 +376,23 @@ class gettext_reader {
function pgettext($context, $msgid) {
$key = $context . chr(4) . $msgid;
- return $this->translate($key);
+ $ret = $this->translate($key);
+ if (strpos($ret, "\004") !== FALSE) {
+ return $msgid;
+ } else {
+ return $ret;
+ }
}
function npgettext($context, $singular, $plural, $number) {
- $singular = $context . chr(4) . $singular;
- return $this->ngettext($singular, $plural, $number);
+ $key = $context . chr(4) . $singular;
+ $ret = $this->ngettext($key, $plural, $number);
+ if (strpos($ret, "\004") !== FALSE) {
+ return $singular;
+ } else {
+ return $ret;
+ }
+
}
}
diff --git a/externals/streams.php b/externals/streams.php
index 3cdc158..00cf6cc 100644
--- a/externals/streams.php
+++ b/externals/streams.php
@@ -49,7 +49,7 @@ class StringReader {
var $_pos;
var $_str;
- function StringReader($str='') {
+ function __construct($str='') {
$this->_str = $str;
$this->_pos = 0;
}
@@ -86,7 +86,7 @@ class FileReader {
var $_fd;
var $_length;
- function FileReader($filename) {
+ function __construct($filename) {
if (file_exists($filename)) {
$this->_length=filesize($filename);
@@ -143,7 +143,7 @@ class FileReader {
// Preloads entire file in memory first, then creates a StringReader
// over it (it assumes knowledge of StringReader internals)
class CachedFileReader extends StringReader {
- function CachedFileReader($filename) {
+ function __construct($filename) {
if (file_exists($filename)) {
$length=filesize($filename);
Summary of changes:
externals/gettext.inc | 93 ++++++++++++++++++++++++++-------------------------
externals/gettext.php | 86 +++++++++++++++++------------------------------
externals/streams.php | 6 ++--
3 files changed, 81 insertions(+), 104 deletions(-)
More information about the gnucash-changes
mailing list