po plugin: todo++ : security note about system()

author intrigeri <intrigeri@boum.org>

Tue, 14 Oct 2008 22:34:25 +0000 (00:34 +0200)

committer intrigeri <intrigeri@boum.org>

Sat, 18 Oct 2008 13:49:11 +0000 (15:49 +0200)
author intrigeri <intrigeri@boum.org>
Tue, 14 Oct 2008 22:34:25 +0000 (00:34 +0200)
committer intrigeri <intrigeri@boum.org>
Sat, 18 Oct 2008 13:49:11 +0000 (15:49 +0200)
diff --git a/doc/plugins/po.mdwn b/doc/plugins/po.mdwn

index 9ae6d964a020b4f47b7b948ef3b724d2a6220de7..044a165b3151d9f5a5619b7eb43a9e3c1d1b0fac 100644 (file)
--- a/doc/plugins/po.mdwn
+++ b/doc/plugins/po.mdwn
@@ -186,6 +186,10 @@ Committing changes to a "master" page:
  - all the needed POT and PO files have to be created
  - the PO files must be checked into version control
  
+**FIXME** `refreshpofiles` uses `system()`, whose args have to be
+checked more thoroughly to prevent any security issue (command
+injection, etc.).
+
  UI consistency: rename "Edit" button on slave pages
  ---------------------------------------------------
author	intrigeri <intrigeri@boum.org>
	Tue, 14 Oct 2008 22:34:25 +0000 (00:34 +0200)
committer	intrigeri <intrigeri@boum.org>
	Sat, 18 Oct 2008 13:49:11 +0000 (15:49 +0200)