X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/5852f03efacb391f97d3d68e98ec8888cd09dc84..c8e3136d0091bd024e6dc1f3c21a10a92f2017d4:/doc/plugins/po.mdwn

diff --git a/doc/plugins/po.mdwn b/doc/plugins/po.mdwn
index 919864ede..9298b3d37 100644
--- a/doc/plugins/po.mdwn
+++ b/doc/plugins/po.mdwn
@@ -399,6 +399,10 @@ use in our case, I suggest we define `ENV{COLUMNS}` before loading
 `refreshpofiles()` runs this external program. A po4a developer
 answered he does "not expect any security issues from it".
 
+### msgfmt
+
+`isvalidpo()` runs this external program. Its security should be checked.
+
 ### Fuzzing input
 
 I was not able to find any public information about gettext or po4a
@@ -527,34 +531,10 @@ Using the fix to
 the page titles set with the [[meta|plugins/meta]] plugin. This has to
 be merged upstream, though.
 
-Translation quality assurance
------------------------------
-
-Modifying a PO file via the CGI must be forbidden if the new version
-is not a valid PO file. As a bonus, check that it provides a more
-complete translation than the existing one.
-
-A new `cansave` type of hook would be needed to implement this.
-
-Note: committing to the underlying repository is a way to bypass
-this check.
-
-Creating new pages on the web
------------------------------
-
-See [[contrib/po|contrib/po]].
-
-Renaming/deleting pages
------------------------
-
-Renaming or deleting a translation in the CGI should be forbidden.
-Implementing this requires two new hooks: `canrename` and `canremove`,
-that would be run respectively by the `rename` and the `remove` plugins.
-
 Robustness tests
 ----------------
 
-### Disabling the plugin
+### Enabling/disabling the plugin
 
 - enabling the plugin with `po_translatable_pages` set
 - enabling the plugin without `po_translatable_pages` set: **OK**
@@ -571,26 +551,10 @@ Robustness tests
   `po_slave_languages`: needs two rebuilds, but **OK** (this is quite
   a perverse test actually)
 
-### Creating pages
-
-- creating a master page via RCS: **OK**
-- creating a master page via CGI: **OK**
-
-### Deleting pages
-
-- removing a master page via RCS: **OK**
-- removing a translation via RCS: **OK**
-- removing a master page via CGI: **OK**
-- removing a translation via CGI: **OK**
-
-### Renaming pages
+### Creating/deleting/renaming pages
 
-- renaming a master page via RCS: **OK** (but the old translations
-  are lost, because not all RCS track file renaming)
-- renaming a master page and its translations via RCS: **OK**
-- renaming a master page via CGI: **OK**
-- renaming a translation via RCS
-- renaming a translation via CGI
+All cases of master/slave page creation/deletion/rename, both via RCS
+and via CGI, have been tested.
 
 ### Misc