#2604 closed defect (fixed)
compile-messages.py fails on win32
| Reported by: | Jarosław Zabiełło | Owned by: | hugo |
|---|---|---|---|
| Component: | Internationalization | Version: | dev |
| Severity: | normal | Keywords: | win32 i18n |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
compile-messages.py script is too much UNIX related so it does not work for Windows. Fixing is easy.
Instead of
os.environ['djangocompilemo'] = pf + '.mo' os.environ['djangocompilepo'] = pf + '.po' cmd = 'msgfmt -o "$djangocompilemo" "$djangocompilepo"'
it should be
cmd = 'msgfmt -o "%s" "%s"' % (pf + '.mo', pf + '.po')
Change History (6)
comment:1 by , 18 years ago
comment:2 by , 18 years ago
Good point. Here is never version:
Instead of
cmd = 'msgfmt -o "$djangocompilemo" "$djangocompilepo"'
it should be:
if sys.platform == 'win32':
cmd = 'msgfmt -o "%djangocompilemo%" "%djangocompilepo%"'
else:
cmd = 'msgfmt -o "$djangocompilemo" "$djangocompilepo"'
comment:3 by , 18 years ago
We cannot universally make this change; this is the small security problem that was fixed recently (see the svn log message for the last change to that file to see the problem we are fixing). So somebody with detailed Windows shell knowledge needs to work out a similar fix. Reverting the change is not the (complete) solution.
comment:4 by , 18 years ago
Malcolm, from what I understand of Windows scripting, Jaroslaw's second suggestion would work; Windows shell variables are referenced by preceding and trailing percent signs.
comment:6 by , 18 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Your suggested patch is how it actually used to be, except that creates a security vulnerability; a malicious user with knowledge of how most shells work could -- if you didn't pay attention to the name of the file you were compiling -- cause arbitrary shell commands to be executed by giving the file a creative name. See this entry in the official Django blog for details: http://www.djangoproject.com/weblog/2006/aug/16/compilemessages/.
The correct solution here is to check which platform we're on and use that to determine whether variables are referenced using a dollar sign (for Unix) or a percent sign (for Windows).