[development] Proposed hook_message_alter

FGM fgm at osinet.fr
Sat Mar 17 08:51:56 UTC 2007


Maybe this also means that for some modules which can't use t(), it might be
a worthwile recommendation to module authors to comment in code why they are
not using it: there are still some cases where you can't use it.

This could (should ?) be added to the t() api page, and maybe to the module
developer's guide.

----- Original Message ----- 
From: "Karoly Negyesi" <karoly at negyesi.net>
To: <development at drupal.org>
Sent: Saturday, March 17, 2007 6:23 AM
Subject: Re: [development] Proposed hook_message_alter


----- Start Original Message -----
Sent: Fri, 16 Mar 2007 10:49:13 -0700
From: "Greg Holsclaw" <Greg.Holsclaw at trouvemedia.com>
To: <development at drupal.org>
Subject: Re: [development] Proposed hook_message_alter

> Unfortunately, there are many. I will try to compile a list and submit
> bugs, but even the best modules like devel miss t() on a message or two.
> A quick search results in 1305 uses of drupal_set_message in 5.x
> releases modules, and quick look around found almost 10 in less than 100
> messages checked.

It's not just messages. And also, if there a lot, then there should be
critical (yes, this IS critical) bugs filed for every single project saying
"there are t calls missing" and adding a few examples. Let the
(co)maintainers find the others. It's not that you shall scourge 1000+
modules.

t() must be a habit because if you get used to output raw, then you will
have an XSS hole before long which t() could have avoided. That's why it's
critical.



More information about the development mailing list