You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was done with an anonymous account in context of a study. The actual author might want to open a PR with its true account for proper credits, after the study ended. However, I am opening this here to show that this issue has been addressed, so no one starts doubled work 😉.
My only concern was that it re-introduced this RCE vulnerability: GHSA-j945-qm58-4gjx
However, the %$ seems to be replaced by motion before it is piped through the shell, so %$VARIALE and %$(command) are expanded to Camera1VARIABLE and Camera1(command) respectively, no variable or command substitution hence happens.
@copilot
A translated string is expanded a way here, which does not require human re-translation. Please replace the respective origin string in the backend's .po files, and add the %$ to the translations as well. So msgmerge (and Weblate) won't treat this as new string, but keep the old translation just with %$ added.
Great #3274 is ready to be merged into whichever PR adds this change. That way we avoid any additional translation needs. A blueprint for whenever we change source strings in a sufficiently trivial way, or in a way which does not render the translations entirely wrong. If some native speaker shall better have a look, we can let Copilot add the fuzzy tag, maybe even another custom tag: so it appears as unfinished in Weblate, but without the existing translation lost, and optionally with some custom explanation.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit was done with an anonymous account in context of a study. The actual author might want to open a PR with its true account for proper credits, after the study ended. However, I am opening this here to show that this issue has been addressed, so no one starts doubled work 😉.
My only concern was that it re-introduced this RCE vulnerability: GHSA-j945-qm58-4gjx
However, the
%$seems to be replaced bymotionbefore it is piped through the shell, so%$VARIALEand%$(command)are expanded toCamera1VARIABLEandCamera1(command)respectively, no variable or command substitution hence happens.