update for rename of ikiwikiusers.mdwn to jasatamanjogja.mdwn

[git.ikiwiki.info.git] / doc / plugins / po.mdwn

diff --git a/doc/plugins/po.mdwn b/doc/plugins/po.mdwn
index 6d468f07efb16fdde46a5a51a3402ac11533f3ee..0a764b6947a1f1e307522df46d86d6d6df361ca1 100644 (file)
--- a/doc/plugins/po.mdwn
+++ b/doc/plugins/po.mdwn
@@ -5,6 +5,10 @@ This plugin adds support for multi-lingual wikis, translated with
 gettext, using [po4a](http://po4a.alioth.debian.org/).
 
 It depends on the Perl `Locale::Po4a::Po` library (`apt-get install po4a`).
 gettext, using [po4a](http://po4a.alioth.debian.org/).
 
 It depends on the Perl `Locale::Po4a::Po` library (`apt-get install po4a`).

+As detailed bellow in the security section, `po4a` is subject to
+denial-of-service attacks before version 0.35.
+
+[[!toc levels=2]]

 
 Introduction
 ============
 
 Introduction
 ============


@@ -29,6 +33,12 @@ Example: `bla/page.fr.po` is the PO "message catalog" used to
 translate `bla/page.mdwn` into French; if `usedirs` is enabled, it is
 rendered as `bla/page/index.fr.html`, else as `bla/page.fr.html`
 
 translate `bla/page.mdwn` into French; if `usedirs` is enabled, it is
 rendered as `bla/page/index.fr.html`, else as `bla/page.fr.html`
 

+(In)Compatibility
+=================
+
+This plugin does not support the `indexpages` mode (a.k.a. "use page/index.mdwn source files"). If you don't know
+what it is, you probably don't care.
+

 
 Configuration
 =============
 
 Configuration
 =============


@@ -39,15 +49,15 @@ Supported languages
 `po_master_language` is used to set the "master" language in
 `ikiwiki.setup`, such as:
 
 `po_master_language` is used to set the "master" language in
 `ikiwiki.setup`, such as:
 

-        po_master_language => { 'code' => 'en', 'name' => 'English' }
+        po_master_language: en|English

 
 `po_slave_languages` is used to set the list of supported "slave"
 languages, such as:
 
 
 `po_slave_languages` is used to set the list of supported "slave"
 languages, such as:
 

-        po_slave_languages => { 'fr' => 'Français',
-                                'es' => 'Castellano',
-                                'de' => 'Deutsch',
-        }
+        po_slave_languages:
+         - fr|Français
+         - es|Español
+         - de|Deutsch

 
 Decide which pages are translatable
 -----------------------------------
 
 Decide which pages are translatable
 -----------------------------------


@@ -62,39 +72,40 @@ worry about excluding them explicitly from this [[ikiwiki/PageSpec]].
 Internal links
 --------------
 
 Internal links
 --------------
 

+### Links targets
+

 The `po_link_to` option in `ikiwiki.setup` is used to decide how
 internal links should be generated, depending on web server features
 and site-specific preferences.
 
 The `po_link_to` option in `ikiwiki.setup` is used to decide how
 internal links should be generated, depending on web server features
 and site-specific preferences.
 

-### Default linking behavior
+#### Default linking behavior

 
 If `po_link_to` is unset, or set to `default`, ikiwiki's default
 linking behavior is preserved: `\[[destpage]]` links to the master
 language's page.
 
 
 If `po_link_to` is unset, or set to `default`, ikiwiki's default
 linking behavior is preserved: `\[[destpage]]` links to the master
 language's page.
 

-### Link to current language
+#### Link to current language

 
 If `po_link_to` is set to `current`, `\[[destpage]]` links to the
 `destpage`'s version written in the current page's language, if
 available, *i.e.*:
 
 
 If `po_link_to` is set to `current`, `\[[destpage]]` links to the
 `destpage`'s version written in the current page's language, if
 available, *i.e.*:
 

-- `foo/destpage/index.LL.html` if `usedirs` is enabled
-- `foo/destpage.LL.html` if `usedirs` is disabled
+* `foo/destpage/index.LL.html` if `usedirs` is enabled
+* `foo/destpage.LL.html` if `usedirs` is disabled

 
 

-### Link to negotiated language
+#### Link to negotiated language

 
 If `po_link_to` is set to `negotiated`, `\[[page]]` links to the
 negotiated preferred language, *i.e.* `foo/page/`.
 
 (In)compatibility notes:
 
 
 If `po_link_to` is set to `negotiated`, `\[[page]]` links to the
 negotiated preferred language, *i.e.* `foo/page/`.
 
 (In)compatibility notes:
 

-- if `usedirs` is disabled, it does not make sense to set `po_link_to`
+* if `usedirs` is disabled, it does not make sense to set `po_link_to`

   to `negotiated`; this option combination is neither implemented
   nor allowed.
   to `negotiated`; this option combination is neither implemented
   nor allowed.

-- if the web server does not support Content Negotiation, setting
+* if the web server does not support Content Negotiation, setting

   `po_link_to` to `negotiated` will produce a unusable website.
 
   `po_link_to` to `negotiated` will produce a unusable website.
 

-

 Server support
 ==============
 
 Server support
 ==============
 


@@ -103,23 +114,28 @@ Apache
 
 Using Apache `mod_negotiation` makes it really easy to have Apache
 serve any page in the client's preferred language, if available.
 
 Using Apache `mod_negotiation` makes it really easy to have Apache
 serve any page in the client's preferred language, if available.

-This is the default Debian Apache configuration.

 
 

-When `usedirs` is enabled, one has to set `DirectoryIndex index` for
-the wiki context.
+Add 'Options MultiViews' to the wiki directory's configuration in Apache.

 
 

-Setting `DefaultLanguage LL` (replace `LL` with your default MIME
-language code) for the wiki context can help to ensure
-`bla/page/index.en.html` is served as `Content-Language: LL`.
+When `usedirs` is enabled, you should also set `DirectoryIndex index`.
+
+These settings are also recommended, in order to avoid serving up rss files
+as index pages:
+
+       AddType application/rss+xml;qs=0.8 .rss
+       AddType application/atom+xml;qs=0.8 .atom
+
+For details, see [Apache's documentation](http://httpd.apache.org/docs/2.2/content-negotiation.html).

 
 lighttpd
 --------
 
 
 lighttpd
 --------
 

-lighttpd unfortunately does not support content negotiation.
+Recent versions of lighttpd should be able to use
+`$HTTP["language"]` to configure the translated pages to be served.

 
 

-**FIXME**: does `mod_magnet` provide the functionality needed to
- emulate this?
+See [Lighttpd Issue](http://redmine.lighttpd.net/issues/show/1119)

 
 

+TODO: Example

 
 Usage
 =====
 
 Usage
 =====


@@ -127,51 +143,36 @@ Usage
 Templates
 ---------
 
 Templates
 ---------
 

+When `po_link_to` is not set to `negotiated`, one should replace some
+occurrences of `BASEURL` with `HOMEPAGEURL` to get correct links to
+the wiki homepage.
+

 The `ISTRANSLATION` and `ISTRANSLATABLE` variables can be used to
 display things only on translatable or translation pages.
 
 The `ISTRANSLATION` and `ISTRANSLATABLE` variables can be used to
 display things only on translatable or translation pages.
 

+The `LANG_CODE` and `LANG_NAME` variables can respectively be used to
+display the current page's language code and pretty name.
+

 ### Display page's versions in other languages
 
 The `OTHERLANGUAGES` loop provides ways to display other languages'
 versions of the same page, and the translations' status.
 
 ### Display page's versions in other languages
 
 The `OTHERLANGUAGES` loop provides ways to display other languages'
 versions of the same page, and the translations' status.
 

-One typically adds the following code to `templates/page.tmpl`:
-
-       <TMPL_IF NAME="OTHERLANGUAGES">
-       <div id="otherlanguages">
-         <ul>
-         <TMPL_LOOP NAME="OTHERLANGUAGES">
-           <li>
-             <a href="<TMPL_VAR NAME="URL">"><TMPL_VAR NAME="LANGUAGE"></a>
-             <TMPL_UNLESS NAME="MASTER">
-               (<TMPL_VAR NAME="PERCENT">&nbsp;%)
-             </TMPL_UNLESS>
-           </li>
-         </TMPL_LOOP>
-         </ul>
-       </div>
-       </TMPL_IF>
-
-The following variables are available inside the loop (for every page in):
-
-- `URL` - url to the page
-- `CODE` - two-letters language code
-- `LANGUAGE` - language name (as defined in `po_slave_languages`)
-- `MASTER` - is true (1) if, and only if the page is a "master" page
-- `PERCENT` - for "slave" pages, is set to the translation completeness, in percents
+An example of its use can be found in the default
+`templates/page.tmpl`. In case you want to customize it, the following
+variables are available inside the loop (for every page in):
+
+* `URL` - url to the page
+* `CODE` - two-letters language code
+* `LANGUAGE` - language name (as defined in `po_slave_languages`)
+* `MASTER` - is true (1) if, and only if the page is a "master" page
+* `PERCENT` - for "slave" pages, is set to the translation completeness, in percents

 
 ### Display the current translation status
 
 The `PERCENTTRANSLATED` variable is set to the translation
 
 ### Display the current translation status
 
 The `PERCENTTRANSLATED` variable is set to the translation

-completeness, expressed in percent, on "slave" pages.
-
-One can use it this way:
-
-       <TMPL_IF NAME="ISTRANSLATION">
-       <div id="percenttranslated">
-         <TMPL_VAR NAME="PERCENTTRANSLATED">
-       </div>
-       </TMPL_IF>
+completeness, expressed in percent, on "slave" pages. It is used by
+the default `templates/page.tmpl`.

 
 Additional PageSpec tests
 -------------------------
 
 Additional PageSpec tests
 -------------------------


@@ -184,128 +185,76 @@ Automatic PO file update
 
 Committing changes to a "master" page:
 
 
 Committing changes to a "master" page:
 

-1. updates the POT file and the PO files for the supported languages;
-   the updated PO files are then put under version control
-2. triggers a refresh of the corresponding HTML slave pages
+1. updates the POT file and the PO files for the "slave" languages;
+   the updated PO files are then put under version control;
+2. triggers a refresh of the corresponding HTML slave pages.

 
 Also, when the plugin has just been enabled, or when a page has just
 been declared as being translatable, the needed POT and PO files are
 created, and the PO files are checked into version control.
 
 
 Also, when the plugin has just been enabled, or when a page has just
 been declared as being translatable, the needed POT and PO files are
 created, and the PO files are checked into version control.
 

-Discussion pages
-----------------
+Discussion pages and other sub-pages
+------------------------------------

 
 

-Discussion should happen in the language in which the pages are written for
-real, *i.e.* the "master" one. If discussion pages are enabled, "slave" pages
-therefore link to the "master" page's discussion page.
+Discussion should happen in the language in which the pages are
+written for real, *i.e.* the "master" one. If discussion pages are
+enabled, "slave" pages therefore link to the "master" page's
+discussion page.
+
+Likewise, "slave" pages are not supposed to have sub-pages;
+[[WikiLinks|ikiwiki/wikilink]] that appear on a "slave" page therefore link to
+the master page's sub-pages.

 
 Translating
 -----------
 
 
 Translating
 -----------
 

-One can edit the PO files using ikiwiki's CGI (a message-by-message interface
-could also be implemented at some point).
+One can edit the PO files using ikiwiki's CGI (a message-by-message
+interface could also be implemented at some point).

 
 If [[tips/untrusted_git_push]] is setup, one can edit the PO files in one's
 preferred `$EDITOR`, without needing to be online.
 
 
 If [[tips/untrusted_git_push]] is setup, one can edit the PO files in one's
 preferred `$EDITOR`, without needing to be online.
 

-TODO
-====
-
-OTHERLANGUAGES dependencies
----------------------------
+Markup languages support
+------------------------

 
 

-Pages using `OTHERLANGUAGES` depend on any "master" and "slave" pages
-whose status is being displayed. It is supposed to trigger dependency
-loops, but no practical bugs were noticed yet.
+[[Markdown|mdwn]] and [[html]] are well supported. Some other markup
+languages supported by ikiwiki mostly work, but some pieces of syntax
+are not rendered correctly on the slave pages:

 
 

-Should pages using the `OTHERLANGUAGES` template loop be declared as
-linking to the same page in other versions? To be rigorous, they
-should, but this may clutter the backlinks.
+* [[reStructuredText|rst]]: anonymous hyperlinks and internal
+  cross-references
+* [[wikitext]]: conversion of newlines to paragraphs
+* [[creole]]: verbatim text is wrapped, tables are broken
+* LaTeX: not supported yet; the dedicated po4a module
+  could be used to support it, but it would need a security audit
+* other markup languages have not been tested.

 
 

-Security checks
+Renaming a page

 ---------------
 
 ---------------
 

-- `refreshpofiles` uses `system()`, whose args have to be checked more
-  thoroughly to prevent any security issue (command injection, etc.).
-  > Always pass `system()` a list of parameters to avoid the shell.
-  > I've checked in a change fixing that. --[[Joey]]
-- `refreshpofiles` and `refreshpot` create new files; this may need
-  some checks, e.g. using `IkiWiki::prep_writefile()`
-  > Yes, it would be ideal to call `prep_writefile` on each file 
-  > that they write, beforehand. This way you'd avoid symlink attacks etc to the
-  > generated po/pot files. I haven't done it, but it seems pretty trivial.
-  > --[[Joey]]
-- Can any sort of directives be put in po files that will
-  cause mischief (ie, include other files, run commands, crash gettext,
-  whatever).
-- Any security issues on running po4a on untrusted content?
-
-gettext/po4a rough corners
---------------------------
-
-- fix infinite loop when synchronizing two ikiwiki (when checkouts
-  live in different directories): say bla.fr.po has been updated in
-  repo2; pulling repo2 from repo1 seems to trigger a PO update, that
-  changes bla.fr.po in repo1; then pushing repo1 to repo2 triggers
-  a PO update, that changes bla.fr.po in repo2; etc.; fixed in
-  `629968fc89bced6727981c0a1138072631751fee`?
-- new translations created in the web interface must get proper charset/encoding
-  gettext metadata, else the next automatic PO update removes any non-ascii
-  chars; possible solution: put such metadata into the Pot file, and let it
-  propagate; should be fixed in `773de05a7a1ee68d2bed173367cf5e716884945a`, time
-  will tell.
-
-Misc. improvements
-------------------
-
-### preview
-
-preview does not work for PO files.
-
-### automatic POT/PO update
-
-Use the `change` hook instead of `needsbuild`?
-
-### page titles
+A translatable page may be renamed using the web interface and the
+[[rename plugin|plugins/rename]], or using the VCS directly; in
+the latter case, *both* the "master" page and every corresponding
+`.po` file must be renamed in the same commit.

 
 

-Use nice page titles from meta plugin in links, as inline already does. This is
-actually a duplicate for
-[[bugs/pagetitle_function_does_not_respect_meta_titles]], which might be fixed
-by something like [[todo/using_meta_titles_for_parentlinks]].
+Security
+========

 
 

-### websetup
+[[po/discussion]] contains a detailed security analysis of this plugin
+and its dependencies.

 
 

-Which configuration settings are safe enough for websetup?
+When using po4a older than 0.35, it is recommended to uninstall
+`Text::WrapI18N` (Debian package `libtext-wrapi18n-perl`), in order to
+avoid a potential denial of service.

 
 

-> I see no problems with `po_master_language` and `po_slave_languages`
-> (assuming websetup handles the hashes correctly). Would not hurt to check
-> that the values of these are legal language codes, in `checkconfig`. 
-> `po_translatable_pages` seems entirely safe. `po_link_to` w/o usedirs
-> causes ikiwiki to error out. If it were changed to fall back to a safe
-> setting in this case rather than error, it would be safe.
-> --[[Joey]]
-
-### parentlinks
-
-When the wiki home page is translatable, the parentlinks plugin sets
-`./index.html` as its translations' single parent link. Ideally, the home page's
-translations should get no parent link at all, just like the version written in
-the master language.
-
-### backlinks
-
-If a given translatable `sourcepage.mdwn` links to \[[destpage]],
-`sourcepage.LL.po` also link to \[[destpage]], and the latter has the master
-page *and* all its translations listed in the backlinks.
-
-Translation quality assurance
------------------------------
+BUGS
+====

 
 

-Modifying a PO file via the CGI must be forbidden if the new version
-is not a valid PO file. As a bonus, check that it provides a more
-complete translation than the existing one.
+[[!inline pages="bugs/po:* and !bugs/done and !link(bugs/done) and !bugs/*/*"
+feeds=no actions=no archive=yes show=0]]

 
 

-A new `cansave` type of hook would be needed to implement this.
+TODO
+====

 
 

-Note: committing to the underlying repository is a way to bypass
-this check.
+[[!inline pages="todo/po:* and !todo/done and !link(todo/done) and !todo/*/*"
+feeds=no actions=no archive=yes show=0]]