Project:Localization client
Version:6.x-1.x-dev
Component:Code
Category:bug report
Priority:normal
Assigned:Unassigned
Status:active

Issue Summary

I permitted anonymous users to translate using l10n client (my local site) so I can translate strings logged in users can't see, like captcha.

When translating as anonymous I can see the translation turns green, but when I reload the page it's not there (I also checked the .po file).

The permission I gave to anonymous users are
l10n_client modul use on-page translation
locale modul user interface

I had to use gtranslator on the po file and imported it to get those strings translated.

Comments

#1

same here...

#2

Any progress on this?

#3

I'd welcome if you could help figure this out, since I've never used the module in this use case. Looks like drupal_valid_token() might be the culprit here, since it generates a form token based on your session ID (http://api.drupal.org/api/function/drupal_valid_token/6), but it you are anonymous, Drupal will not save a session for you unless it has data associated. This is solely a suspicion.

#4

I'm not really sure I can help but I can explain the use case better:

simply put, I'd like to translate the login and registration form elements, but you have to anonymous to see them..

Idan

#5

Gabor, you are completely right, removing the check for drupal_valid_token fixes the problem:

On line 434 of l10n_client.module, changing:

     if (isset($_POST['source']) && isset($_POST['target']) && !empty($_POST['textgroup']) && !empty($_POST['form_token']) && drupal_valid_token($_POST['form_token'], 'l10n_client_form')) {

into:

    if (isset($_POST['source']) && isset($_POST['target']) && !empty($_POST['textgroup']) && !empty($_POST['form_token'])) {

fixes the problem.

I'm not sure if && drupal_valid_token($_POST['form_token'], 'l10n_client_form') is really necessary here, as there are other permission checks in place.

#6

Well, I'd rather attempt to add data to your session in l10n_client if you are anonymous, so you get a session saved. The token check is there to avoid cross-site request forgery attacks, and is a required for security reasons.

#7

Title:Anonymous translated in GUI but not saved» Anonymous translation input not saved

Retitling to better explain what is going on.

nobody click here