po: use prep_writefile before creating any files in refreshpot and refreshpo

Signed-off-by: intrigeri <intrigeri@boum.org>

diff --git a/IkiWiki/Plugin/po.pm b/IkiWiki/Plugin/po.pm
index 9dc4061efd6241633910ce38f96fe4203de05183..cfba839958d0be0569b3b2de9316f01f2e754899 100644 (file)
--- a/IkiWiki/Plugin/po.pm
+++ b/IkiWiki/Plugin/po.pm
@@ -164,6 +164,7 @@ sub refreshpot ($) { #{{{
        $doc->{TT}{po_out}->set_charset('utf-8');
        # do the actual work
        $doc->parse;
+       IkiWiki::prep_writefile(basename($potfile),dirname($potfile));
        $doc->writepo($potfile);
 } #}}}
 
@@ -175,6 +176,7 @@ sub refreshpofiles ($@) { #{{{
        error("[po/refreshpofiles] POT file ($potfile) does not exist") unless (-e $potfile);
 
        foreach my $pofile (@pofiles) {
+               IkiWiki::prep_writefile(basename($pofile),dirname($pofile));
                if (-e $pofile) {
                        system("msgmerge", "-U", "--backup=none", $pofile, $potfile) == 0
                                or error("[po/refreshpofiles:$pofile] failed to update");

diff --git a/doc/plugins/po.mdwn b/doc/plugins/po.mdwn
index dddb46fc8d9d6672820f42e08dd4be29820bf904..c9d5b664e91c51e8f104c1773cea544aa27f79ec 100644 (file)
--- a/doc/plugins/po.mdwn
+++ b/doc/plugins/po.mdwn
@@ -219,12 +219,6 @@ Security checks
   thoroughly to prevent any security issue (command injection, etc.).
   > Always pass `system()` a list of parameters to avoid the shell.
   > I've checked in a change fixing that. --[[Joey]]
-- `refreshpofiles` and `refreshpot` create new files; this may need
-  some checks, e.g. using `IkiWiki::prep_writefile()`
-  > Yes, it would be ideal to call `prep_writefile` on each file 
-  > that they write, beforehand. This way you'd avoid symlink attacks etc to the
-  > generated po/pot files. I haven't done it, but it seems pretty trivial.
-  > --[[Joey]]
 - Can any sort of directives be put in po files that will
   cause mischief (ie, include other files, run commands, crash gettext,
   whatever).