`refreshpofiles()` runs this external program. A po4a developer
answered he does "not expect any security issues from it".
+### msgfmt
+
+`isvalidpo()` runs this external program. Its security should be checked.
+
### Fuzzing input
I was not able to find any public information about gettext or po4a
the page titles set with the [[meta|plugins/meta]] plugin. This has to
be merged upstream, though.
-Translation quality assurance
------------------------------
-
-Modifying a PO file via the CGI must be forbidden if the new version
-is not a valid PO file. As a bonus, check that it provides a more
-complete translation than the existing one.
-
-A new `cansave` type of hook would be needed to implement this.
-
-Note: committing to the underlying repository is a way to bypass
-this check.
-
-Creating new pages on the web
------------------------------
-
-See [[contrib/po|contrib/po]].
-
Robustness tests
----------------
-### Disabling the plugin
+### Enabling/disabling the plugin
- enabling the plugin with `po_translatable_pages` set
- enabling the plugin without `po_translatable_pages` set: **OK**
`po_slave_languages`: needs two rebuilds, but **OK** (this is quite
a perverse test actually)
-### Creating pages
-
-- creating a master page via RCS: **OK**
-- creating a master page via CGI: **OK**
-
-### Deleting pages
+### Creating/deleting/renaming pages
-- removing a master page via RCS: **OK**
-- removing a translation via RCS: **OK**
-- removing a master page via CGI: **OK**
-- removing a translation via CGI: **OK**
-
-### Renaming pages
-
-- renaming a master page via RCS: **OK** (but the old translations
- are lost, because not all RCS track file renaming)
-- renaming a master page and its translations via RCS: **OK**
-- renaming a master page via CGI: **OK**
-- renaming a translation via RCS
-- renaming a translation via CGI
+All cases of master/slave page creation/deletion/rename, both via RCS
+and via CGI, have been tested.
### Misc
Maybe write separate documentation depending on the people it targets:
translators, wiki administrators, hackers. This plugin may be complex
enough to deserve this.
-
-Gettext-ize the plugin code.