Moodle

Lang files do not excape single quotes in the string index; can cause site failure, especially when editing local lang files for contrib plugins

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Won't Fix
  • Affects Version/s: 1.9.5
  • Fix Version/s: None
  • Component/s: Language
  • Labels:
    None
  • Environment:
    n/a
  • Difficulty:
    Easy
  • Affected Branches:
    MOODLE_19_STABLE

Description

Some descriptive background first...

  • Single quotes are technically allowed by PHP in array indexes. It is not good coding practice though!
  • The $string variable is an array, and thus technically allows a single quote.
  • If you include a single quote in the index, and then do "local language editing" through the Moodle interface for that, Moodle does not escape the single quote.

Easy fix: escape the single quote in the string index as well as in the value.

Simple workaround: Don't edit lang files that suffer from this issue.

At least one contrib module suffers from this problem, which I have detailed here: CONTRIB-1264

The Wimba "Liveclassroom" module. Example snippet from that file: Line 129

----- BEGIN -----
$string['Enable Student\'s microphones at presentation start'] = "Enable Student's microphones at presentation start";
----- END -----

I know the reason why single quotes are used in the string indexes is because they just use the same value for the index and the value. But I'm not saying it is a good idea.

Thanks!

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Petr Škoda (skodak) added a comment -

solution is to use var_export() instead of custom escaping code

Show
Petr Škoda (skodak) added a comment - solution is to use var_export() instead of custom escaping code
Hide
Permalink
Koen Roggemans added a comment -

Can this be closed as a won't fix?
Personally I think it is not necessary at all to make it possible to use quotes in strings in language files. It's easy to solve: just don't do it

Show
Koen Roggemans added a comment - Can this be closed as a won't fix? Personally I think it is not necessary at all to make it possible to use quotes in strings in language files. It's easy to solve: just don't do it
Hide
Permalink
Michael de Raadt added a comment -

Thanks for reporting this issue.

We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported.

If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed.

Michael d;

lqjjLKA0p6

Show
Michael de Raadt added a comment - Thanks for reporting this issue. We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported. If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed. Michael d; lqjjLKA0p6
Hide
Permalink
Michael de Raadt added a comment -

I'm closing this issue as it appears to have become inactive and is probably not relevant to a current supported version. If you are encountering this problem or one similar, please launch a new issue.

Show
Michael de Raadt added a comment - I'm closing this issue as it appears to have become inactive and is probably not relevant to a current supported version. If you are encountering this problem or one similar, please launch a new issue.

People

Vote (0)
Watch (2)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.