Item11698: Localized form field names

pencil
Priority: Normal
Current State: Duplicate
Released In: n/a
Target Release: n/a
Applies To: Engine
Component:
Branches:
Reported By: AlexMorozov
Waiting For:
Last Change By: CrawfordCurrie
Hi,

Is there a reason why the form fields names can`t be in other language than English? For all my installations I comment out line #187 in lib/Foswiki/Form.pm and all installed plugins work fine.

-- AlexMorozov - 27 Mar 2012

-- AlexMorozov - 27 Mar 2012

Because we don't have enough non-english language users reporting excellent bugs like this!

Okay, the thing you should know is that this regex also wipes out potentially dangerous XSS characters. Although we (mostly?) use CGI.pm to build up HTML in Foswiki core, which should de-fang most dangerous chars in the field name, we can't vouch for all the wiki-applications emitting hand-crafted HTML where a stray quote or < sign might break things.

We probably should change the regex from a whitelist to a blacklist, but there really should be a wider review of this stuff at the same time if we're going to be careful.

Also, could you please share what language you're using, and your {Site}{CharSet} too?

-- PaulHarvey - 28 Mar 2012

Sure. We`re using Foswiki in Russian, charset is ru_RU.UTF-8. I had to patch previous versions in many places to get it work with Unicode, but 1.4 works like a charm out of the box (except the bug mentioned above). Correct me if I`m wrong, but DataForms are more administrator`s piece of functionality, and thus can be trusted more than the usual user input. So something like http://api.drupal.org/api/drupal/modules!filter!filter.module/function/filter_xss/6 will be okay, IMHO.

-- AlexMorozov - 28 Mar 2012

I'm not aware of any mechanism that can completely prevent a user from doing their own dataforms. I guess, apart from XSS, use of quotes in a field name could also simply break the HTML markup.

Do you have time/effort to spare in improving Foswiki's utf-8 support? CrawfordCurrie spent a lot of effort working on the experimental UnicodeSupport branch (that work is on github, see topic for details).

But this effort has stalled, due to lack of interest/engagement with users outside of the Latin-1 charset.

-- PaulHarvey - 28 Mar 2012

Unfortunately, my knowledge of Perl is limited to commenting out specific lines :). To be honest, I remember times I wrote Perl scripts, and it always was a pain to process unicode correctly. So I`m surely not the right person to mantain i18n submodules.

-- AlexMorozov - 30 Mar 2012

Duplicate of Item9448

-- CrawfordCurrie - 17 Feb 2015

 

ItemTemplate edit

Summary Localized form field names
ReportedBy AlexMorozov
Codebase 1.1.4
SVN Range
AppliesTo Engine
Component
Priority Normal
CurrentState Duplicate
WaitingFor
Checkins
TargetRelease n/a
ReleasedIn n/a
CheckinsOnBranches
trunkCheckins
masterCheckins
ItemBranchCheckins
Release01x01Checkins
Topic revision: r6 - 17 Feb 2015, CrawfordCurrie
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy