All geek questions in one place

Am I breaking any “good php practice” in the following php array that deals with 3 (human) languages?

This is the most optimal way to work with a multilingual website that I can think of right now (not sure), which does not include gettext, zend_translate or any php plugin or framework.

I think this is pretty straightforward: I have 3 languages, and I write their “content” in different files (in the form of arrays), and later I call this content mine index.php, as you can appreciate in the following picture:

alt text http://img31.imageshack.us/img31/1471/codew.png

I was just starting out with php and I would like to know if I break good PHP methods if the code is vulnerable to an XSS attack or if I write more code than necessary.

EDIT: I posted a picture so you can see the file tree (I'm not lazy)

EDIT2: I am using Vim with the theme ir_black and NERDTree.

+3
source share
6 answers

It looks good, although I personally prefer to create and use a dictionary helper function:

<?php echo dictionary("showcase_li2"); ?>

which allows you to easily switch methods later and gives you more control over your dictionary. Also with the array you will have a problem with the scope - you will have to import it into each function, using a global $language;very annoying one.

You will probably also reach the point where you need to insert values ​​into an internationalized string:

You have %1 votes left in the next %2 hours.
Sie haben %1 stimmen übrig für die nächsten %2 stunden.
Sinulla on %1 ääntä jäljellä seuraavan %2 tunnin ajassa.

Something helper function can be very useful for:

<?php echo dictionary("xyz", $value1, $value2 ); ?>

$value1 $value2 %1 %2.

, func_get_args().

+10

, :

, /, ?

$localization = array(
  'module' => (object)array(
    'heading' => 'oh, no!',
    'perex'   => 'oh, yes!'
  )
);

creat stdClass

$localization = (object)$localization;


$localization->module->heading;

:) 2

+2

. , punBB . . . , . , , .

, , .

-

lang.en.php

$langs['en'] = array(
    ...
);

lang.cn.php

$langs['cn'] = array(
    ...
);

[prepend].php ( lib)

define('DEFAULT_LANG', 'en');
include_once('lang.' . DEFAULT_LANG '.php');
include_once('lang.' . $user->lang . '.php');
$lang = array_merge($langs[DEFAULT_LANG], $langs[$user->lang]);
+2

, xss, , register_globals = On, $lang ['showcase_lil'] $lang's. , . , .

xss: http://127.0.0.1/whatever.php?lang[showcase_lil]= alert (/xss/)

0

?

, - . - gettext, , , .

, , - <?php echo lang('yourKey'); ?>

0

One thing to look out for is interpolation; this is really the only place where XSS can infiltrate if your server settings are reasonable. If at some point you need to do something in accordance with the translation principles "$ project-> name has members $ project-> member_count", you will need to make sure that you avoid all the HTML that is there.

But other than that you should be fine.

0
source

Source: https://habr.com/ru/post/1734326/

More articles:


All Articles