I've added the following text in the t() function in page.tpl.php page.
<?php echo t('Some random text to translate.'); ?>
Now when I go to admin/build/translate/search to translate the string drupal cannot find it.
I've refreshed all caches, and also the "Refresh" tab in internationalization module.
thanks
The t() function, to save on performance for single-language sites, won't store the string in the database until it is requested from another language. View the page in one of the non-default languages in order to populate the database (t() calls locale() to do this), thus making the string available for translation.
Related
I'm trying to create a function on my theme's functions.php file that accomplishes that goal.
I want the editor to prevent saving or updating new posts when certain characters are used on the editor. Characters like non-breaking space, certain brackets and aposthrophes and encoded html entities.
I've managed to create a function to sanitize the input after the post was saved to the database, getting rid of all these undesired characters. I did this by writing a function that includes
$wpdb->update('wp_posts', ['post_excerpt' =>$sanitized_post_excerpt], ['id' => $post_id]);
and then adding the function as a hook to save_post:
add_action('save_post', 'sm_sanitize_HTML_entities', 99, 3);
Is there a way to prevent the input of the characters being saved (maybe even displaying a message to the user), rather than updating a sanitized version of the data after it's already been saved?
What da butt? enter code here
Blockquo [enter link description here][1]
Olá
[1]: https://%20xpt.
I'm in charge of an old site on Drupal7, that I know too little. This site is a bilingual site English/French.
So in a template, I added some fields, with strings that need to be translated :
<div class="offer_content">
<span class="title" style="text-transform:uppercase;font-size:18px;"><?php echo t('Our Firma').(': ');?></span>
<?php echo html_entity_decode(t($fields['field_presentation_societe']->content)); ?>
<span class="title" style="text-transform:uppercase;font-size:18px;"><?php echo t('Job presentation').(': ');?></span>
<?php echo html_entity_decode(t($fields['body']->content));?>
<span class="title" style="text-transform:uppercase;font-size:18px;"><?php echo t('Skills').(': ');?></span>
<?php echo html_entity_decode(t($fields['field_profil_recherche']->content)); ?>
However, in French, that keeps me showing "Our Firma" and "Skills" ... instead of the translation ? Why ?
Thanks you :)
Variables ain't translatable by design. See the t-docs:
Translating Variables
You should never use t() to translate variables, such as calling
t($text);
, unless the text that the variable holds has been passed through t()
elsewhere (e.g., $text is one of several translated literal strings in
an array). It is especially important never to call
t($user_text);
, where $user_text is some text that a user entered - doing that can
lead to cross-site scripting and other security problems. However, you
can use variable substitution in your string, to put variable text
such as user names or link URLs into translated text. Variable
substitution looks like this:
$text = t("#name's blog", array(
'#name' => format_username($account),
));
Basically, you can put variables like #name into your string, and t()
will substitute their sanitized values at translation time. (See the
Localization API pages referenced above and the documentation of
format_string() for details about how to define variables in your
string.) Translators can then rearrange the string as necessary for
the language (e.g., in Spanish, it might be "blog de #name").
So what you could do instead, is to use Entity Translation to make these fields translatable. You'll then be able to translate your content and the correct translation will get printed based on what value was added to the field in the matching language.
Or to use i18n_string(), see https://drupal.stackexchange.com/a/184584
I am trying to pass the variables from one page to another in Drupal 7. Since in Drupal 7 we do not create the php file as such the content of the page gets saved as a plain text in DB, no files get created, so GET/POST are out of the solution.
How can I do this?
Content is saved in database, but every content is defined in some content type. And for every content type you can have different template file. Inside that template file you can put your php code reading GET/POST, or what ever.
So, you can use the usual way and read parameters from template, do what ever you want with them.
One way is to use variable_set() to save the value to database and variable_get() to retrieve the value from database.
To save the value:
variable_set('my_variable_unique_id', 'the value to be saved.');
To read the value back:
$myVariable = variable_get('my_variable_unique_id', 'default value in case could not find a saved value for the variable.');
Making an ad manager plugin for WordPress, so the advertisement code can be almost anything, from good code to dirty, even evil.
I'm using simple sanitization like:
$get_content = '<script>/*code to destroy the site*/</script>';
//insert into db
$sanitized_code = addslashes( $get_content );
When viewing:
$fetched_data = /*slashed code*/;
//show as it's inserted
echo stripslashes( $fetched_data );
I'm avoiding base64_encode() and base64_decode() as I learned their performance is a bit slow.
Is that enough?
if not, what else I should ensure to protect the site and/or db from evil attack using bad ad code?
I'd love to get your explanation why you are suggestion something - it'll help deciding me the right thing in future too. Any help would be greatly appreciated.
addslashes then removeslashes is a round trip. You are echoing the original string exactly as it was submitted to you, so you are not protected at all from anything. '<script>/*code to destroy the site*/</script>' will be output exactly as-is to your web page, allowing your advertisers to do whatever they like in your web page's security context.
Normally when including submitted content in a web page, you should be using htmlspecialchars so that everything comes out as plain text and < just means a less then sign.
If you want an advertiser to be able to include markup, but not dangerous constructs like <script> then you need to parse the HTML, only allowing tags and attributes you know to be safe. This is complicated and difficult. Use an existing library such as HTMLPurifier to do it.
If you want an advertiser to be able to include markup with scripts, then you should put them in an iframe served from a different domain name, so they can't touch what's in your own page. Ads are usually done this way.
I don't know what you're hoping to do with addslashes. It is not the correct form of escaping for any particular injection context and it doesn't even remove difficult characters. There is almost never any reason to use it.
If you are using it on string content to build a SQL query containing that content then STOP, this isn't the proper way to do that and you will also be mangling your strings. Use parameterised queries to put data in the database. (And if you really can't, the correct string literal escape function would be mysql_real_escape_string or other similarly-named functions for different databases.)
I am confuse about get_the_* and the_* template tags. I have used those many times to my theme but i am not clear enough when to use get_the_* and when to use the_* . Would you please explain both concept clearly.
Typically, there are two key differences between get_the_* and the_* functions.
get_the_* methods don't echo anything themselves. Instead, they return the value that you're interested in, normally as a string. For example, get_the_time() echoes nothing, and returns a string representation of the posting time of the current post. the_* methods directly output the same value, without you having to echo it; the_time() returns nothing, but directly echoes the posting time.
the_* methods are generally designed to be used inside the Loop, so they often don't take a parameter to specify which post you're asking about; for example, the_title() doesn't take a post_id parameter, and can therefore only act on the "current" post inside the Loop. It doesn't make sense to call it outside the loop—which post would it be getting the title for? However, get_the_title() takes a post ID as a parameter, so you can use it from anywhere to get the title of any post, as long as you've got the post's ID. (Many of the get_the_ methods take an optional post id parameter, and default to returning the value for the current post if they're used from in the Loop, for convenience.)
Because WordPress has been in development for so many years, and things have gradually been added, these aren't guaranteed rules, and you'll find exceptions here and there. You should take this as general advice and check the documentation for each specific instance as you need it.
The difference is that you can only use the_* inside your loop. But get_the* you can use inside or oustide the loop. Outside the loop you should give the post_id as a parameter.
And by default the_* echo's the title for example and get_the* just gets the title for using it in your PHP.
There is something more to it. I just tried the_content() and echo get_the_content() which should the same thing but.. If you add a filter('the_content') it wont work with echo get_the_content() but it works fine with the_content() method.