po(cansave): check PO validity using new isvalidpo function

... because Po4a's parser does not care about malformed PO data. Use gettext's msgfmt program instead. Signed-off-by: intrigeri <intrigeri@boum.org>
author: intrigeri <intrigeri@boum.org> 2009-01-01 23:10:16 +0100
committer: intrigeri <intrigeri@boum.org> 2009-01-01 23:12:08 +0100
commit: c821cee108257e0d124c2b7516017af4be334463 (patch)
tree: a491f910ce7d905771063dc1b144b9dd8af59646 /doc/plugins
parent: 4ee7f6314891489d6f42120e97f2c1c393d6093f (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/plugins/po.mdwn b/doc/plugins/po.mdwn
index c150092bf..a32d66af1 100644
--- a/doc/plugins/po.mdwn
+++ b/doc/plugins/po.mdwn
@@ -399,6 +399,10 @@ use in our case, I suggest we define `ENV{COLUMNS}` before loading
 `refreshpofiles()` runs this external program. A po4a developer
 answered he does "not expect any security issues from it".
 
+### msgfmt
+
+`isvalidpo()` runs this external program. Its security should be checked.
+
 ### Fuzzing input
 
 I was not able to find any public information about gettext or po4a
author	intrigeri <intrigeri@boum.org>	2009-01-01 23:10:16 +0100
committer	intrigeri <intrigeri@boum.org>	2009-01-01 23:12:08 +0100
commit	c821cee108257e0d124c2b7516017af4be334463 (patch)
tree	a491f910ce7d905771063dc1b144b9dd8af59646 /doc/plugins
parent	4ee7f6314891489d6f42120e97f2c1c393d6093f (diff)