[Aptitude-devel] Bug#835524: The German description of ack-grep is truncated in aptitude

[Hartmut Buhrmester]

My best guess is, that the term ".svn-Verzeichnissen" in the German 
description of ack-grep is erroneously interpreted as an embedded groff 
formating command. This makes about two lines of text missing. I assume, 
that the leading dot should be properly escaped in the German description.

I still wonder, if aptitude could do some input filtering, to prevent 
this bug.

Synaptic seems to do that. In Synaptic, the English description for 
ack-grep is:


"Ack is designed as an alternative for 99% of the uses of grep. ack is
intelligent about the files it searches. It knows about certain file
types, based on both the extension on the file and, in some cases, the
contents of the file.

Ack ignores backup files and files under CVS and .svn directories. It
also highlights matches to help you see where the match was. Ack uses
perl regular expressions."


The German description is:


"Ack wurde als Alternative für 99% der Anwendungsfälle von grep entwickelt.
Das Programm wählt die zu durchsuchenden Dateien intelligent aus. Es erkennt
bestimmte Dateitypen anhand der Endung und in einigen Fällen anhand des
Inhaltes der Datei.

Ack ignoriert Sicherheitskopien und Dateien innerhalb von CVS- und
svn-Verzeichnissen. Ebenso markiert es Treffer, damit Sie sehen, wo
die Treffer gefunden wurden. Ack verwendet reguläre Ausdrücke von Perl."


This looks almost correct, but the leading dot in ".svn" is missing. So 
Synaptic does some input sanitation and removes leading dots, which are 
not properly escaped.

Then there would be two things to do:

1) The German description for ack-grep should be corrected and leading 
dots should be escaped.

2) aptitude should do some simple input sanitation like Synaptic. groff 
formating commands won't do much harm; but in other applications, this 
would be a serious bug, e.g. it could be compared to SQL injection bugs.

-- 
Hartmut Buhrmester