From b776c51856e387941130562e3711005036ee26fb Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 14 Aug 2014 22:50:05 +0200
Subject: [i18n] Sanity checks, introduced subdir for template language files

---
 inc/dictionary.inc.php | 16 ++++++++++++----
 inc/util.inc.php       | 20 ++++++++++++++++++++
 2 files changed, 32 insertions(+), 4 deletions(-)

(limited to 'inc')

diff --git a/inc/dictionary.inc.php b/inc/dictionary.inc.php
index 3a157555..5ac0d569 100644
--- a/inc/dictionary.inc.php
+++ b/inc/dictionary.inc.php
@@ -5,6 +5,8 @@ class Dictionary
 
 	private static $messageArray;
 	private static $languages;
+	private static $templateCache = array();
+	private static $hardcodedMessages = false;
 
 	public static function init()
 	{
@@ -53,7 +55,9 @@ class Dictionary
 	{
 		if ($lang === false)
 			$lang = LANG;
-		$file = "lang/" . $lang . "/" . $template . ".json";
+		$file = "lang/" . $lang . "/templates/" . $template . ".json";
+		if (isset(self::$templateCache[$file]))
+			return self::$templateCache[$file];
 		$language = array('lang' => $lang);
 		$content = @file_get_contents($file);
 		if ($content === false) // File does not exist for language
@@ -61,13 +65,16 @@ class Dictionary
 		$json = json_decode($content, true);
 		if (!is_array($json))
 			return $language;
-		return array_merge($language, $json);
+		return self::$templateCache[$file] = array_merge($language, $json);
 	}
 
 	public static function translate($string)
 	{
-		$hardcoded = json_decode(file_get_contents("lang/" . LANG . "/messages-hardcoded.json"), true);
-		return $hardcoded[$string];
+		if (self::$hardcodedMessages === false)
+			self::$hardcodedMessages = @json_decode(@file_get_contents("lang/" . LANG . "/messages-hardcoded.json"), true);
+		if (!isset(self::$hardcodedMessages[$string]))
+			return "(missing: $string :missing)";
+		return self::$hardcodedMessages[$string];
 	}
 
 	public static function getMessages()
@@ -83,3 +90,4 @@ class Dictionary
 }
 
 Dictionary::init();
+
diff --git a/inc/util.inc.php b/inc/util.inc.php
index 45a6b684..109c0c5d 100644
--- a/inc/util.inc.php
+++ b/inc/util.inc.php
@@ -103,6 +103,26 @@ class Util
 		return preg_replace('/[^a-zA-Z0-9_\-]+/', '_', $name);
 	}
 
+	public static function safePath($path, $prefix = '')
+	{
+		if (empty($path))
+			return false;
+		$path = trim($path);
+		if ($path{0} == '/' || preg_match('/[\x00-\x19\?\*]/', $path))
+			return false;
+		if (strpos($path, '..') !== false)
+			return false;
+		if (substr($path, 0, 2) !== './')
+			$path = "./$path";
+		if (empty($prefix))
+			return $path;
+		if (substr($prefix, 0, 2) !== './')
+			$prefix = "./$prefix";
+		if (substr($path, 0, strlen($prefix)) !== $prefix)
+			return false;
+		return $path;
+	}
+
 	/**
 	 * Create human readable error description from a $_FILES[<..>]['error'] code
 	 * 
-- 
cgit v1.2.3-55-g7522