Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Js Translation Bundle Laravel Package

willdurand/js-translation-bundle

View on GitHub

Deep Wiki

Context7

8.0.0

What's Changed

Make the bundle configuration compatible with using ENV variables by @kick-the-bucket in https://github.com/willdurand/BazingaJsTranslationBundle/pull/365
Add Symfony 8 support and update CI matrix by @monteiro and @AdamReece-WebBox in https://github.com/willdurand/BazingaJsTranslationBundle/pull/374
Fix default dump directory from web/js to public/js by @monteiro and @l-vo in https://github.com/willdurand/BazingaJsTranslationBundle/pull/375
Update to version 8.0.0 with symfony 8 support by @monteiro in https://github.com/willdurand/BazingaJsTranslationBundle/pull/377

New Contributors

@kick-the-bucket made their first contribution in https://github.com/willdurand/BazingaJsTranslationBundle/pull/365

Full Changelog: https://github.com/willdurand/BazingaJsTranslationBundle/compare/7.0.0...8.0.0

7.0.0

What's Changed

Replace the JS test runner by @stof in https://github.com/willdurand/BazingaJsTranslationBundle/pull/367
Remove usage of the deprecated base extension from HttpKernel by @stof in https://github.com/willdurand/BazingaJsTranslationBundle/pull/360
Update WebTestCase to be compatible with Symfony 7 by @stof in https://github.com/willdurand/BazingaJsTranslationBundle/pull/369
Clean the CI setup by @stof in https://github.com/willdurand/BazingaJsTranslationBundle/pull/368
bump version to release 7.0.0 by @monteiro in https://github.com/willdurand/BazingaJsTranslationBundle/pull/370

Full Changelog: https://github.com/willdurand/BazingaJsTranslationBundle/compare/6.1.0...7.0.0

6.1.0

What's Changed

Use the UMD build of intl-messageformat in the testsuite by @stof in https://github.com/willdurand/BazingaJsTranslationBundle/pull/361
remove polyfill.io becouse of security by @karion in https://github.com/willdurand/BazingaJsTranslationBundle/pull/359
fix broken link by @tacman in https://github.com/willdurand/BazingaJsTranslationBundle/pull/353
Prepare 6.1 version by @monteiro in https://github.com/willdurand/BazingaJsTranslationBundle/pull/366

New Contributors

@karion made their first contribution in https://github.com/willdurand/BazingaJsTranslationBundle/pull/359
@tacman made their first contribution in https://github.com/willdurand/BazingaJsTranslationBundle/pull/353

Thanks @karion @tacman and @stof for helping this release.

Full Changelog: https://github.com/willdurand/BazingaJsTranslationBundle/compare/6.0.0...6.1.0

6.0.0

What's Changed

Add support for Symfony 7 by @stof in https://github.com/willdurand/BazingaJsTranslationBundle/pull/348
Remove 'app' from DumpCommand path by @mfadul24 in https://github.com/willdurand/BazingaJsTranslationBundle/pull/345
Fix the branch alias for the master branch by @stof in https://github.com/willdurand/BazingaJsTranslationBundle/pull/350

New Contributors

@mfadul24 made their first contribution in https://github.com/willdurand/BazingaJsTranslationBundle/pull/345

Full Changelog: https://github.com/willdurand/BazingaJsTranslationBundle/compare/5.1.0...6.0.0

5.1.0

What's Changed

Fix CI badge in README file by @willdurand in https://github.com/willdurand/BazingaJsTranslationBundle/pull/333
Remove symfony2 reference by @gabiudrescu in https://github.com/willdurand/BazingaJsTranslationBundle/pull/331
Update getTranslations.js.twig by @AngelikLy in https://github.com/willdurand/BazingaJsTranslationBundle/pull/317
Update CI versions by @monteiro in https://github.com/willdurand/BazingaJsTranslationBundle/pull/339
Exclude tests and development files from the archive by @stof in https://github.com/willdurand/BazingaJsTranslationBundle/pull/283
Fix deprecations of Symfony 6.3 by @stof in https://github.com/willdurand/BazingaJsTranslationBundle/pull/343

New Contributors

@gabiudrescu made their first contribution in https://github.com/willdurand/BazingaJsTranslationBundle/pull/331
@AngelikLy made their first contribution in https://github.com/willdurand/BazingaJsTranslationBundle/pull/317

Full Changelog: https://github.com/willdurand/BazingaJsTranslationBundle/compare/5.0.0...5.1.0

5.0.0

What's Changed

Fix using HTML tags in ICU messages (#310) by @sustmi in https://github.com/willdurand/BazingaJsTranslationBundle/pull/325
Allow Symfony 6 by @Kocal in https://github.com/willdurand/BazingaJsTranslationBundle/pull/323

New Contributors

@sustmi made their first contribution in https://github.com/willdurand/BazingaJsTranslationBundle/pull/325

Full Changelog: https://github.com/willdurand/BazingaJsTranslationBundle/compare/4.0.2...5.0.0

4.0.2

Added: Github action support (https://github.com/willdurand/BazingaJsTranslationBundle/pull/309)

Fixed: Fixed: Fix get_message on intl_icu if domain is undefined (#314) - Thanks @spras Fixed: Prevent translation files overwriting files from addResource calls (#320) - Thanks @carakas

4.0.1

Fixed: Check the commonJS before AMD dependency for intl-messageformat (#304) - Thanks @ChristianVermeulen

4.0.0

Added: Support for Composer 2.0 (https://github.com/willdurand/BazingaJsTranslationBundle/pull/282) - Thanks @blankse Added: Support for ICU-based message formatting (https://github.com/willdurand/BazingaJsTranslationBundle/pull/288) - Thanks @Kocal Removed: support for Symfony < 3.3 constructor signature (#214) - Thanks @pierredup Fixed: All Travis tests, dropping officially the support of Symfony 3.4 (#296, #300) - Thanks @craigh

3.0.1

Fix: Return value of "Bazinga\Bundle\JsTranslationBundle\Command\DumpCommand::execute()" must be of the type int, NULL returned, to support Symfony 5 (https://github.com/willdurand/BazingaJsTranslationBundle/pull/275) - Thanks to @kl3sk and @amorebietakoUdala

3.0.0

Documentation fix (#262) - Thanks to @bocharsky-bw
Support versions 4.x and 5.x of Symfony (#263 / #271 ) - Thanks to @romantymoshyk, @vanputten, @stof and @maxhelias

2.6.6

Fix: IE bug related to $0 in target placeholder value (#207)
Fix: replace phantom.args by system.args to run the latest version of phantomJS (#215)
Fix: Register command manually to avoid warning in Symfony 3.4 (#220)
Drop PHP 5.3 Support (#218)
Added: Symfony 4 support (#224)
Build URL for specific locales with Symfony Router (#234)
Remove templating dependency (#213)
Remove container injection (#221)

2.6.5

Added: Symfony 3.3 support (https://github.com/willdurand/BazingaJsTranslationBundle/pull/201)
Added: Decrease the size of generated translation and config files (#202)
Removed: Router dependency of the Dump command (https://github.com/willdurand/BazingaJsTranslationBundle/pull/203)

2.6.4

Fix: translator.min.js had syntax errors when in strict mode (#196)

2.6.3

Fix: Language fallback in locales with region (#189)
Added: Support for three letter languages (#191)
Fix: Definition/alias for translation.default service in CompilerPass (#193)

2.6.2

Added: PHP 5.3 support (#182)
Fix: Return default locale if none is found in the Javascript library (#183)
Fix: Document public Translator.add API (#184)
Added: Default count parameter in transchoice (#185)
Fix: Use PhpUnit from composer when running the tests, to avoid collisions with PhpUnit PHAR file (#186)

2.6.1

Fix: Support for server side rendering using NodeJS (https://github.com/willdurand/BazingaJsTranslationBundle/pull/179)
Added: npm run build command inside Resources/ to minify the translator.js file.

v2.6.0

Added: Support for framework.translator.paths configuration (more information in http://symfony.com/doc/2.8/translation.html)
Added: --format and --merge-domains options to bazinga:js-translation:dump command:
- --format allows you to specify which formats must be included in the output
- --merge-domains when set will generate only one file per locale with all the domains in it
Removed: Kernel dependency from TranslationFinder. Every translation file is fetched from the Symfony's FrameworkBundle.

v2.5.0

Added: Symfony3 support

v2.4.0

Added: Widen TranslationFinder::getLocations() visibility to use is in an inheritant class
Added: update routing to expose bazinga_jstranslation_js
Added square brackets around optional arguments in doc blocks
Fixed: create target dir if not exists

v2.3.0

Added: support for Node.js
Fixed: safer twig locale
Fixed: Replace string casting on ConfigCache instance with getPath() to omit deprecated warning
Fixed: Replace Validator classname with Validation to omit deprecated warning

v2.2.2

Fixed: replaced routing deprecated arguments (#136)

v2.2.1

Fixed: documentation (change the doc to let composer guess the version constraint)
Fixed: now using chmod 0777 on all occurrences of mkdir

v2.2.0

Added: allow to set expiration time for translations
Added: news parameters active locales and active domains
Fixed: don’t make the fallback locale the only one active

v2.1.4

Fixed: allow all sort of locales (see #119)

v2.1.3

Fixed: better locale filtering

v2.1.2

Added: docs for Angular integration
Fixed: fallback path through multipart locales
Fixed: travis-ci configuration

v2.1.1

This is a security release. All users MUST upgrade to this release to prevent two potential security issues:

path traversal attack
remote code injection

These two security issues have been reported by Andreas Forsblom. THANKS!

Below is the original report Andreas sent me:

Hi William,

First, thank you for a very useful bundle :)

Unfortunately, while investigating if a Symfony project I'm working on was vulnerable to the recent translation-related Symfony security issue (CVE-2014-4931), fixed in Symfony 2.5.2, I discovered that JsTranslationBundle seems to be vulnerable to a unrelated path traversal attack, and potentially also a js injection attack.

---

If I try to retrieve the translations using the following url:

http://localhost/translations?locales=randomstring/something

the file something.js gets created in the subdirectory messages.randomstring of the cache directory:

/var/www/someproject/app/cache/dev/bazinga-js-translation/messages.randomstring/something.js

(this is the actual string that gets passed to the constructor of ConfigCache by the JsTranslationBundle controller)

I can now traverse down from the JsTranslationBundle cache directory (without first creating the "messages.randomstring" directory using the previous step, this won't work):

http://localhost/translations?locales=randomstring/../../evil

becomes

/var/www/someproject/app/cache/dev/bazinga-js-translation/messages.randomstring/../../evil.js

... and depending on the configuration of the server, I could also do
http://localhost/translations?locales=randomstring/../../../../../web/evil

=>

/var/www/someproject/app/cache/dev/bazinga-js-translation/messages.randomstring/../../../../../web/evil.js

thus creating the file evil.js (and evil.js.meta) under the Symfony web root. Depending on file system permissions, this will also overwrite existing files.


---


Again depending on the server configuration, it also seems to be possible to inject actual JavaScript code:

http://localhost/translations?locales=foo%0Auncommented%20code;

=>

(function (Translator) {
    Translator.fallback      = 'en';
    Translator.defaultDomain = 'messages';
    // foo
uncommented code;
})(Translator);

This works on some systems I tried, but not others. I suspect it might be related to the character set configuration, but I haven't investigated it further yet.


---

I did my testing using JsTranslationBundle 2.1.0 and Symfony 2.5.2.

Since this is a security issue, I didn't want to submit a pull request or use the GitHub issue tracker.

Three commits fixed these issues: df6c0fd603c0192ebc5584991a52a1092c5f60bd, 7accee93569c3f3d2379f035a41ece66522801fc, and 6ee06b9e974b9b768544fbbd6e1432773d205ebd.

You will find three patch files below in case you can't easily upgrade to this release.

Changelog

Fixed: hange test related to path traversal attack
Fixed: potential code injection via locale parameter
Added: test to prove a path traversal attack
Added: HHVM support in travis-ci

v2.1.0

Added: retry on locale fallback in case of locale exists but not the domain
Added: tests when using es5-shim and transChoice in MSIE8
Added: support for pt-BR lang attribute
Fixed: prevent iterating over shim-ed Array.prototype methods

Important: This bundle is now tested against PHP 5.4, 5.5, and 5.6. No effort will be made to keep the code "5.3 compliant".

Thanks to all contributors!

1.2.2

Fixed: Symfony 2.1 is now supported again

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

emuniq/filament-browser-notifications

syriable/filament-translator

hungnm28/livewire-form

wenprise/eloquent

crudly/encrypted

fadion/bouncy

cuci/prototurk-sdk

gos/pubsub-router-bundle

cuci/prototurk-sdk-symfony

clementtalleu/easyadmin-markdown-bundle

codeflextech/permission-manager

karnoweb/livewire-datepicker

sayedenam/sayed-dashboard

milito/query-filter

apiboxsym/user-bundle

apiboxsym/health-check-bundle

jayeshmepani/jpl-moshier-ephemeris-php

elnasnato/laraliveui

labrodev/rest-sdk

sampaui/sampaui