On Wed, Mar 30, 2011 at 02:39:46PM +0200, Olav Vitters wrote: > Did you talk to someone from gnome-sysadmin or arrange it'll actually > happen?
Looking at: http://git.gnome.org/browse/gnomeweb-wp/tree/wp-content/plugins/wppo/wppo.php | $wppo_cache[$p->ID] = $wpdb->get_row ("SELECT * FROM " . $wpdb->prefix . "wppo WHERE post_id = '" . $p->ID . "' AND (lang = '" . $lang . "' OR lang = '" . $fallback_lang . "')", ARRAY_A); That is bad. Please do proper escaping. It doesn't matter if the $lang and so on is restricted to well known values; it *must* be escaped! Further, the SQL returns 2 rows, no? Dealt with (the PHP is a bit difficult to read)? | $cmd = "/usr/bin/xml2po -m xhtml -p " . PO_DIR . "$po_file -o $translated_xml_file " . XML_DIR . "gnomesite.xml"; that is also *very* bad. Don't execute via shell! Similarly: | mkdir (WPPO_DIR, 0777); | mkdir (PO_DIR, 0777); | mkdir (POT_DIR, 0777); | mkdir (XML_DIR, 0777); Can't this be 755? -- Regards, Olav -- marketing-list mailing list marketing-list@gnome.org http://mail.gnome.org/mailman/listinfo/marketing-list