From c821cee108257e0d124c2b7516017af4be334463 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Thu, 1 Jan 2009 23:10:16 +0100
Subject: po(cansave): check PO validity using new isvalidpo function

... because Po4a's parser does not care about malformed PO data.
Use gettext's msgfmt program instead.

Signed-off-by: intrigeri <intrigeri@boum.org>
---
 doc/plugins/po.mdwn | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'doc/plugins')

diff --git a/doc/plugins/po.mdwn b/doc/plugins/po.mdwn
index c150092bf..a32d66af1 100644
--- a/doc/plugins/po.mdwn
+++ b/doc/plugins/po.mdwn
@@ -399,6 +399,10 @@ use in our case, I suggest we define `ENV{COLUMNS}` before loading
 `refreshpofiles()` runs this external program. A po4a developer
 answered he does "not expect any security issues from it".
 
+### msgfmt
+
+`isvalidpo()` runs this external program. Its security should be checked.
+
 ### Fuzzing input
 
 I was not able to find any public information about gettext or po4a
-- 
cgit v1.2.3