On Wed, Mar 30, 2011 at 15:35, Olav Vitters <[email protected]> wrote: > > Looking at: > http://git.gnome.org/browse/gnomeweb-wp/tree/wp-content/plugins/wppo/wppo.php > > | $wppo_cache[$p->ID] = $wpdb->get_row ("SELECT * FROM " . $wpdb->prefix . > "wppo WHERE post_id = '" . $p->ID . "' AND (lang = '" . $lang . "' OR lang = > '" . $fallback_lang . "')", ARRAY_A); > > That is bad. Please do proper escaping. It doesn't matter if the $lang > and so on is restricted to well known values; it *must* be escaped!
Hey Olav! The localization plugin won't be used the first days after GNOME 3.0 release. This is clearly something that must fixed before using it. > | $cmd = "/usr/bin/xml2po -m xhtml -p " . PO_DIR . "$po_file -o > $translated_xml_file " . XML_DIR . "gnomesite.xml"; > > that is also *very* bad. Don't execute via shell! I fully agree this is pretty ugly. Do you have any suggestion regarding this (a way to execute xml2po via php without executing it with shell)? Thank you! > > Similarly: > | mkdir (WPPO_DIR, 0777); > | mkdir (PO_DIR, 0777); > | mkdir (POT_DIR, 0777); > | mkdir (XML_DIR, 0777); > > Can't this be 755? Changed and commited. Thank you! -- Vinicius Depizzol <[email protected]> http://vinicius.depizzol.com.br _______________________________________________ gnome-web-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-web-list
