This post is part of the sub-series on Internationalizing a ClassicPress plugin which is part of the Internationalizing a ClassicPress plugin series.
In the previous post, of this series, I explained what functions were available for use in internationalizing a plugin, but there is something you need to consider when deciding which one to use.
With security at the forefront, it is important to remember that you cannot trust translators as you do not know who the translator will be. As you don't know them, you can't be sure that they won't add something malicious to the translated string. To protect against this, you need to treat the localized strings as you would any other untrusted input: by escaping them.
So instead of using the plugins at the top of the previous post, you should be using the ones at the bottom which escape the returned or echoed strings.
The Inside Microsoft Dynamics GP blog has started a series Feature of the Day posts for Microsoft Dynamics GP "October 2019" Release on which I am following and adding commentary. The index for this series of posts is here.
The first Feature of the Day is a new User Approval workflow. Maintained with the rest of the workflows in Workflow Maintenance ( ), this workflow forces approval of new or changed user:
The workflow status bar and buttons will show on the User window when a workflow is active.
The new workflows around security, such as this one, could be very useful. Security is becoming more prominent for a number of clients and this will allow them control over which users have access to what and