automatic language selection and security holes

  • JCV

    (@psykonevro)


    16 years, 2 months ago

    Hi all,

    I own a blog mainly in French, but sometimes I also write some English messages. Moreover, most plugins/blog are both languages capable. If I had defined WPLANG to en_EN (config.php file), almost all the blog would be in English.

    Thus, I was wondering why WordPress doesn’t implement a fully automated option, which is on my very config.php, for instance, to recognize the user browser language. Google does this. I implemented a code on my blgo to do (part) of this :

    $browserlanguageis = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
if ( $browserlanguageis == "en" ) {
define ('WPLANG', 'en_EN');
} else {
define ('WPLANG', 'fr_FR');
}

    which replaces

    define ('WPLANG', 'fr_FR');

    I’m wondering if this code (may) involve any security issue? I can understand WordPress doesn’t implement all languages available (it would be a huge waste of space), but I don’t know if this kind of piece of code could be a security hole…

    What do you think?

Viewing 2 replies - 1 through 2 (of 2 total)

  • I totally agree with you that WPLANG need rework. Still your code is not wright. Auot-selecting the best language can be made using HTTP_ACCEPT_LANGUAGE and the list of available translations (PO/MO files).

    But I’m pretty sure that we can found this code in another open-source project.

    Here’s some slightly more rubust code to check the browser preferences and offer the fuirst language that is available on the WordPress site:

    // ====================================================
    if ( !defined(‘ABSPATH’) )
    define(‘ABSPATH’, dirname(__FILE__) . ‘/’);

    // default language
    $wplang = ”;

    // try and set language from browser preferences
    if (isset($_SERVER[‘HTTP_ACCEPT_LANGUAGE’])) {
    $langs = explode(‘,’, str_replace(‘ ‘, ”, strtolower($_SERVER[‘HTTP_ACCEPT_LANGUAGE’])));
    foreach ($langs as $lang) {
    if ($strpos = strpos($lang, ‘;’)) {
    $lang = substr($lang, 0, $strpos);
    }
    if ($lang==’en’ || is_file(ABSPATH . “wp-content/languages/$lang.mo”)) {
    $wplang = $lang;
    break;
    }
    if ($strpos = strpos($lang, ‘-‘)) {
    $lang = substr($lang, 0, $strpos);
    if ($lang==’en’ || is_file(ABSPATH . “wp-content/languages/$lang.mo”)) {
    $wplang = $lang;
    break;
    }
    }
    }
    }
    define (‘WPLANG’, $wplang);
    unset($langs, $lang, $strpos, $wplang);
    // ====================================================

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘automatic language selection and security holes’ is closed to new replies.