Skip to content

FEATURE: Localization fallbacks (server-side) #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
adamsaimi wants to merge 1 commit into
base: localization-system-pre
Choose a base branch
from
Open

FEATURE: Localization fallbacks (server-side) #2

adamsaimi wants to merge 1 commit into from

Conversation

@adamsaimi
Copy link
Owner

@adamsaimi adamsaimi commented Oct 25, 2025

Test 9

@riking
FEATURE: Localization fallbacks (server-side)
ecfa17b 
The FallbackLocaleList object tells I18n::Backend::Fallbacks what order the
languages should be attempted in. Because of the translate_accelerator patch,
the SiteSetting.default_locale is *not* guaranteed to be fully loaded after the
server starts, so a call to ensure_loaded! is added after the locale is set for
the current user.

The declarations of config.i18n.fallbacks = true in the environment files were
actually garbage, because the I18n.default_locale was
SiteSetting.default_locale, so there was nothing to fall back to. *derp*
adamsaimi
adamsaimi commented Oct 25, 2025
View reviewed changes
config/initializers/i18n.rb
# user locale, site locale, english
# TODO - this can be extended to be per-language for a better user experience
# (e.g. fallback zh_TW to zh_CN / vice versa)
[locale, SiteSetting.default_locale.to_sym, :en].uniq.compact
Copy link
Owner Author

@adamsaimi adamsaimi Oct 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Security] Path Traversal in I18n.locale

  • Problem: User-controlled I18n.locale is used in locale loading without sanitization, risking arbitrary file reads via path traversal.
  • Fix: Strictly validate and sanitize I18n.locale to allow only valid identifiers, preventing path traversal attacks.

adamsaimi
adamsaimi commented Oct 25, 2025
View reviewed changes
lib/freedom_patches/translate_accelerator.rb
end
end

def ensure_loaded!(locale)
Copy link
Owner Author

@adamsaimi adamsaimi Oct 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Refactor] Intrusive Monkey-Patching of I18n Backend

  • Problem: The ensure_loaded! method is added to I18n::Backend::Simple via a freedom patch, leading to fragility and potential conflicts.
  • Fix: Re-evaluate the need for monkey-patching; consider alternative, less intrusive ways to extend I18n functionality or encapsulate the behavior.

adamsaimi
adamsaimi commented Oct 25, 2025
View reviewed changes
config/initializers/i18n.rb
# user locale, site locale, english
# TODO - this can be extended to be per-language for a better user experience
# (e.g. fallback zh_TW to zh_CN / vice versa)
[locale, SiteSetting.default_locale.to_sym, :en].uniq.compact
Copy link
Owner Author

@adamsaimi adamsaimi Oct 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Refactor] Tight Coupling in I18n Fallback Logic

  • Problem: The FallbackLocaleList directly accesses SiteSetting.default_locale, tightly coupling the I18n fallback mechanism to a specific application configuration.
  • Fix: Decouple FallbackLocaleList from SiteSetting.default_locale by injecting the default locale or using a more generic configuration access pattern.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@adamsaimi @riking