Forum OpenACS Development: Auto-localization of variables

Collapse
1: Auto-localization of variables
Posted by Daniël Mantione on 11/13/05 11:34 AM
Hi,

By default OpenACS localizes variables. I don't know what the reason was to do it, but it makes it possible to crash about any package by including a locale string that needs a variable. See my previous bboard message for a demonstration.

Is it really a good idea to localize all variables by default?

Collapse
2: Re: Auto-localization of variables (response to 1)
Posted by Daniël Mantione on 11/16/05 05:36 PM
Not everybody at once, please :)

Seriously, I think it is a big problem that any user can break any page he can make a string appear.

Collapse
3: Re: Auto-localization of variables (response to 1)
Posted by Malte Sussdorff on 11/16/05 06:13 PM
Interesting. I think we might want to prohibit using language keys upon input of data by the user (probably an additional check for the valid input strings). I know that we rely heavily in the fact that OpenACS I18N everything by default, so if this behaviour was changed we would be in deep trouble.

Alternatively we could try to add something like ;nolocalize to variable, preventing them from being localized.

Collapse
4: Re: Auto-localization of variables (response to 1)
Posted by Daniël Mantione on 11/21/05 09:17 AM
Bug report:

https://openacs.org/bugtracker/openacs/bug?bug%5fnumber=2692

In my humble opinion, just as it is a good idea to quote html by default and require noquote to prevent quoting; it is a bad idea to auto localize variables, it shouldn't be so troublesome to do [_ message_string], which is done in most packages.

Collapse
5: Re: Auto-localization of variables (response to 1)
Posted by Dave Bauer on 11/21/05 05:46 PM
Perhaps we need two types or localization.

One with variable replacement and one without. The variable replacement is the problem. I can't see any reason to substitute variables inside message keys in a form posting.

I think it makes more sense to replace the varaibles you know need replacing in the Tcl datasource. Perhaps it was a mistake to auto-localize variables. This also puts a large amount of uneeded processing on most variables. User entered data generally does not include message keys, ie: forum postings, CMS content, etc.