search

translate / translate

Useful localization tools with Python API for building localization & translation systems
https://toolkit.translatehouse.org/
GNU General Public License v2.0
852 stars 311 forks source link

PHP: keys/names are not getting escaped #5348

Closed johnstef99 closed 1 month ago

johnstef99 commented 1 month ago

In a php translation file it's possible to have a key that contains a quote ' for example:

<?php

return [
  'john\'s ball' => 'john\'s ball',
];

when converted to po and back to php the above will turn to a broken php file

<?php

return [
  'john's ball' => 'john\'s ball',
];

in /translate/storage/php.py:282 the function getoutput should escape the name too.

Trying to add something like this

 q1 = name.find(self.escape_type)
 q2 = name.rfind(self.escape_type)
 if q1 != -1 and q2 != -1:
     name = self.escape_type + phpencode(name[q1+1:q2], self.escape_type) + self.escape_type

works fine for me but I'am sure this is not the best way to do that so I will not open a PR.

Could we get this fixed?

johnstef99 commented 1 month ago

I think this issue is related

nijel commented 1 month ago

Using phpencode should be safe even without the condition, but it just needs to be invoked only in case array members are rendered, not in other cases. The existing tests should cover this pretty well, so you are welcome to experiment with a PR.