Skip to content
Permalink
Browse files Browse the repository at this point in the history
Adding version 2.0: Fixing shown language in the switching message. U…
…se htmlspecialchars() to prevent XSS vulnerabilities. Thanks again to Matt Fuller for teaching me how to do it correctly!

git-svn-id: https://plugins.svn.wordpress.org/kau-boys-backend-localization/trunk@579938 b8457f37-d9ea-0310-8a92-e5e31aec5664
  • Loading branch information
Kau-Boy authored and Kau-Boy committed Jul 31, 2012
1 parent 43dc96d commit 36f457e
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 12 deletions.
20 changes: 8 additions & 12 deletions backend_localization.php
Expand Up @@ -3,7 +3,7 @@
Plugin Name: Backend Localization
Plugin URI: http://kau-boys.com/230/wordpress/kau-boys-backend-localization-plugin
Description: This plugin enables you to run your blog in a different language than the backend of your blog. So you can serve your blog using e.g. German as the default language for the users, but keep English as the language for the administration.
Version: 2.0
Version: 2.1
Requires at least: 3.2
Author: Bernhard Kau
Author URI: http://kau-boys.com
Expand Down Expand Up @@ -175,16 +175,16 @@ function backend_localization_admin_settings(){

$backend_locale = backend_localization_get_locale();

// set default if values haven't been recieved from the database
if( empty( $backend_locale ) ) $backend_locale = 'en_US';

// do redirection for dashboard from the qTranslate Plugin (www.qianqin.de/qtranslate)
if(isset($_GET['godashboard'])) {
echo '<h2>' . __( 'Switching Language', 'backend-localization' ) . '</h2>'
. sprintf( __( 'Switching language to %1$s... If the Dashboard isn\'t loading, use this <a href="%2$s" title="Dashboard">link</a>.', 'backend-localization' ), $wp_locale_all[$locale_value], admin_url() )
. sprintf( __( 'Switching language to %1$s... If the Dashboard isn\'t loading, use this <a href="%2$s" title="Dashboard">link</a>.', 'backend-localization' ), $wp_locale_all[$backend_locale], admin_url() )
. '<script type="text/javascript">document.location="' . admin_url() . '";</script>';
exit();
}

// set default if values haven't been recieved from the database
if( empty( $backend_locale ) ) $backend_locale = 'en_US';
?>

<div class="wrap">
Expand Down Expand Up @@ -255,7 +255,7 @@ function backend_localization_get_languages(){

function backend_localization_save_setting(){
if( isset( $_REQUEST['kau-boys_backend_localization_language'] ) ){
setcookie( 'kau-boys_backend_localization_language', backend_localization_filter_var( $_REQUEST['kau-boys_backend_localization_language'] ), time()+60*60*24*30, '/' );
setcookie( 'kau-boys_backend_localization_language', htmlspecialchars( $_REQUEST['kau-boys_backend_localization_language'] ), time()+60*60*24*30, '/' );
}

return true;
Expand Down Expand Up @@ -287,7 +287,7 @@ function backend_localization_login_form(){

function backend_localization_get_locale(){
return isset( $_REQUEST['kau-boys_backend_localization_language'] )
? backend_localization_filter_var( $_REQUEST['kau-boys_backend_localization_language'] )
? htmlspecialchars( $_REQUEST['kau-boys_backend_localization_language'] )
: ( isset( $_COOKIE['kau-boys_backend_localization_language'] )
? $_COOKIE['kau-boys_backend_localization_language']
: get_option( 'kau-boys_backend_localization_language' ) );
Expand All @@ -303,11 +303,7 @@ function localize_backend($locale){

function backend_localization_set_login_language(){
setcookie( 'kau-boys_backend_localization_language', "", time() - 3600, '/' );
setcookie( 'kau-boys_backend_localization_language', backend_localization_filter_var( $_REQUEST['kau-boys_backend_localization_language'] ), time()+60*60*24*30, '/' );
}

function backend_localization_filter_var($lang){
return preg_replace('/\W/', '', $lang);
setcookie( 'kau-boys_backend_localization_language', htmlspecialchars( $_REQUEST['kau-boys_backend_localization_language'] ), time()+60*60*24*30, '/' );
}

add_action( 'init', 'init_backend_localization' );
Expand Down
1 change: 1 addition & 0 deletions readme.txt
Expand Up @@ -61,6 +61,7 @@ No you don't have to. I love qTranslate and use it for my own blog. qTranslate a

== Change Log ==

* **2.0.1** Fixing shown language in the switching message. Use htmlspecialchars() to prevent XSS vulnerabilities. Thanks again to Matt Fuller for teaching me how to do it correctly!
* **2.0** Adding some new languages. Fixing link to switch languages in backend. Thanks to Justin! Fixing XSS vulnerabilities. Many Thanks to Matt Fuller from MOZILLA!
* **1.6.1** Fixing typo in language names
* **1.6** Add WP3 CSS class for the language select on the login form
Expand Down

0 comments on commit 36f457e

Please sign in to comment.