From: intrigeri <intrigeri@boum.org>
Date: Tue, 14 Oct 2008 22:34:25 +0000 (+0200)
Subject: po plugin: todo++ : security note about system()
X-Git-Tag: 3.15~432
X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/d07c6b707da7c22d6b744b8cf50e306766e11ba9?ds=sidebyside

po plugin: todo++ : security note about system()

Signed-off-by: intrigeri <intrigeri@boum.org>
---

diff --git a/doc/plugins/po.mdwn b/doc/plugins/po.mdwn
index 9ae6d964a..044a165b3 100644
--- a/doc/plugins/po.mdwn
+++ b/doc/plugins/po.mdwn
@@ -186,6 +186,10 @@ Committing changes to a "master" page:
 - all the needed POT and PO files have to be created
 - the PO files must be checked into version control
 
+**FIXME** `refreshpofiles` uses `system()`, whose args have to be
+checked more thoroughly to prevent any security issue (command
+injection, etc.).
+
 UI consistency: rename "Edit" button on slave pages
 ---------------------------------------------------