If the string " \' " is inserted in a translatable field. For example the no behaviour text, it will give this error:
Parse error: syntax error, unexpected 't' (T_STRING) in /srv/quadrupal7/sites/all/modules/contrib/features/features.export.inc(629) : eval()'d code on line 110
\' becomes \\' so you're out of the string because the ' isn't ignored with a double backslash.
I'm not a security expert, but escaping from a string might be a security issue?
Faulty code:
$output .= $indent . " t('" . str_replace("'", "\'", $string) . "'),\n";
Shouldn't the str_replace($string)
be replaced by a addslashes($string)
function?
Comment | File | Size | Author |
---|---|---|---|
#1 | views-backslash_localization_bug-2530164-1.patch | 740 bytes | StefanPr |
Comments
Comment #1
StefanPr CreditAttribution: StefanPr commentedThis fixes it.
Comment #2
StefanPr CreditAttribution: StefanPr commentedComment #3
StefanPr CreditAttribution: StefanPr commented