Posts Tagged securityfix

Version 0.8.4 – Professional human translation is here

Professional work

Professional work

Less professional work

Less professional work

We are very proud to present this release of our plugin.

This version, in addition to normal enhancements and bug fixes, finally integrates professional human translation with a basic integration with OneHourTranslation.com professional translation service.


The way this works is the following:

  • Go to OneHourTranslaion.com and create an account
  • Use the account details generated and insert them to Transposh’s settings page
  • When using the translation interface, an admin (and only an admin) will see a “One Hour Translation queue” button
  • Pressing this button will add the phrase to a queue, another click will dequeue the item
  • 10 minutes after the last phrase was added a translation project will be generated on one hour translation
  • Give it an hour (or less from our experience) and the translations will appear on your site
  • Everybody is happy and you actually support the Transposh project (Yay!)

This is rather new, so if Murphy strikes, just contact us and we’ll do whatever we can to make things work.

Now, for the rest of this release:

  • Fixed flag of Swahili to Tanzania as noted by Ed Jordan
  • Lots of fixes to backup service
  • Fix for a parser bug when having translate in default language following a select element
  • Fixed XSS reported by Infern0_ (big thanks!)
  • For programmers: Added a global function to return the current language “transposh_get_current_language()
  • Seems like Lybia has a new flag too ;)
  • Fixed widget IDs containing a backslash so that we’ll pass w3c validation
  • Updated jQueryUI to 1.8.23 to avoid conflict with jQuery 1.8 used by some themes
  • Portuguese (Brazil) translation by Amilton Junior

Our operators are waiting for your feedback, if you get a busy signal, try contacting us again!

P.S. This is the very first version to have passed 1,000 daily downloads, we are humbled.

, , , ,

6 Comments

Version 0.6.6 – Finally! a security release

By Dmitry Baranovskiy - http://www.flickr.com/photos/dmitry-baranovskiy/

Cross Site Scripting -> XSS

We would like to thank Joshua Hansen and Scott Caveza for their help in identifying and helping us debug two XSS vulnerabilities that had the potential to effect users using internet explorer browser with versions lower than 8, or when xss protection was explicitly off. We avoided the urge to call this version 0.6.6.6 and resumed the regular naming policies. Those vulnerabilities don’t pose any risk to webmasters or hosters using Transposh, but to users that might trust scripts from these sites by using the sneaky XSS method.

This release also bundles two other changes that were already committed and would have probably waited for a later release otherwise, the first being a small improvement to the parser, enabling support for some more html “breaker entities” such as ’ which were created by software trying to outsmart the user, we would like to thank archon810 on his help in this bug report.

Last but not least is a change in the support for Google Sitemaps XML generator, the patch has one letter removed in order to have proper support for php5.3, and on other good news, the coming version 4 of this plugin has support already built in, this version also helps in breaking the 50k url limits that some users had. So we would to thank Arne Brachhold on his great work on this project.

So everybody, go and upgrade! just because finding an image to match this post was such a difficult fit.

, , , ,

13 Comments