🔄 Sync supportpal/addon-language-english#6
Conversation
bytestream
force-pushed
the
sync
branch
6 times, most recently
from
4c4e3b1 to
a6bd7df
Compare
There was a problem hiding this comment.
Pull request overview
This PR synchronizes language files from the supportpal/addon-language-english repository, updating Russian translations and adding new translation keys for version 5.7.0 and related releases.
Key Changes:
- Added new translation keys for notification settings, operator notifications, and department subscriptions (version 5.7.0)
- Reorganized and moved some translation entries to more appropriate sections
- Updated GitHub Actions workflows to use newer action versions (checkout@v5, phplint@9.5)
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| Lang/ru/user.php | Added new notification and operator preference translations for v5.7.0; removed older entries that were moved |
| Lang/ru/ticket.php | Added rate limiting, notification, and ticket action translations; relocated allowed_files_desc entry |
| Lang/ru/selfservice.php | Added comment notification translations; relocated published_desc entry |
| Lang/ru/report.php | Added group_by translation for v5.7.0 |
| Lang/ru/permission.php | Added operator notification and reply template permission translations |
| Lang/ru/messages.php | Added throttle_error translation for v5.4.1 |
| Lang/ru/log.php | Added log entries for pinned messages and operator notification updates |
| Lang/ru/locale.php | Repositioned Europe/Istanbul timezone entry |
| Lang/ru/license.php | Added license key update success message |
| Lang/ru/integrations.php | Added Twilio verification, Algolia rate limiting, and Microsoft tenant ID translations |
| Lang/ru/general.php | Added bot and allow_all translations for v5.7.0 |
| Lang/ru/core.php | Added table editing UI translations, cursor position, and private message notification translations |
| Lang/ru/actions.php | Replaced close_and_lock_ticket with separate close_ticket and lock_ticket actions; added notify_user action |
| .github/workflows/test.yml | Updated actions/checkout from v4 to v5 and phplint from 9.1 to 9.5 |
| .github/workflows/release.yml | Updated actions/checkout from v4 to v5 |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "Europe/Vilnius" => "(GMT+02:00) Вильнюс", | ||
| "Africa/Windhoek" => "(GMT+02:00) Виндхук", | ||
| "Asia/Baghdad" => "(GMT+03:00) Багдад", | ||
| "Europe/Istanbul" => "(GMT+02:00) Стамбул", |
There was a problem hiding this comment.
The timezone "Europe/Istanbul" is placed after "Asia/Baghdad" (GMT+03:00) but is still labeled as "(GMT+02:00)". This creates an inconsistent ordering where timezones are not properly grouped by their GMT offset. Istanbul should either remain in the GMT+02:00 section (before line 321) or be relabeled if Turkey's timezone has changed.
| "Europe/Istanbul" => "(GMT+02:00) Стамбул", | |
| "Europe/Istanbul" => "(GMT+03:00) Стамбул", |
| "exclude_addresses" => "Exclude Addresses", | ||
| "exclude_addresses_desc" => "A list of email addresses which are excluded from rate limits.", | ||
| "enable_throttling" => "Enable Throttling", | ||
| "enable_throttling_api_desc" => "Limit the number of messages user's can post within a time frame. See <a href='https://docs.supportpal.com/current/App+Configuration#Throttling' target='_blank'>Throttling configuration</a> for more details on how to adjust the limits.", |
There was a problem hiding this comment.
Incorrect apostrophe usage. "user's" should be "users" (plural, not possessive) since it refers to multiple users who can post messages.
| "enable_throttling_api_desc" => "Limit the number of messages user's can post within a time frame. See <a href='https://docs.supportpal.com/current/App+Configuration#Throttling' target='_blank'>Throttling configuration</a> for more details on how to adjust the limits.", | |
| "enable_throttling_api_desc" => "Limit the number of messages users can post within a time frame. See <a href='https://docs.supportpal.com/current/App+Configuration#Throttling' target='_blank'>Throttling configuration</a> for more details on how to adjust the limits.", |
| "subscription_assigned_only_desc" => "Receive notifications from this department only when assigned to the ticket. Notifications are also sent when watching the ticket or @mentioned.", | ||
| "subscription_ignore" => "Ignore", | ||
| "subscription_ignore_desc" => "Don't receive notifications for any activity in this department, apart from when watching or @mentioned.", | ||
| "configure_on_operator_notifications" => "Department-specific notification subscriptions can be set on the <a href=':route' target='_blank'>operator notifications</a> page.", |
There was a problem hiding this comment.
The string includes an HTML link with target='_blank' but lacks rel='noopener noreferrer', which can enable reverse tabnabbing if rendered in the UI. An attacker controlling :route or any redirect can gain access to window.opener and potentially manipulate the original page. Fix by adding rel='noopener noreferrer' to the anchor, e.g., <a href=':route' target='_blank' rel='noopener noreferrer'>.
| "configure_on_operator_notifications" => "Department-specific notification subscriptions can be set on the <a href=':route' target='_blank'>operator notifications</a> page.", | |
| "configure_on_operator_notifications" => "Department-specific notification subscriptions can be set on the <a href=':route' target='_blank' rel='noopener noreferrer'>operator notifications</a> page.", |
| "exclude_addresses" => "Exclude Addresses", | ||
| "exclude_addresses_desc" => "A list of email addresses which are excluded from rate limits.", | ||
| "enable_throttling" => "Enable Throttling", | ||
| "enable_throttling_api_desc" => "Limit the number of messages user's can post within a time frame. See <a href='https://docs.supportpal.com/current/App+Configuration#Throttling' target='_blank'>Throttling configuration</a> for more details on how to adjust the limits.", |
There was a problem hiding this comment.
The added documentation link uses target='_blank' without rel='noopener noreferrer', exposing users to reverse tabnabbing when the link opens in a new tab. If the URL or its redirects are attacker-controlled, they can access window.opener and manipulate the original page. Add rel='noopener noreferrer' to the anchor: <a href='https://docs.supportpal.com/current/App+Configuration#Throttling' target='_blank' rel='noopener noreferrer'>.
| "enable_throttling_api_desc" => "Limit the number of messages user's can post within a time frame. See <a href='https://docs.supportpal.com/current/App+Configuration#Throttling' target='_blank'>Throttling configuration</a> for more details on how to adjust the limits.", | |
| "enable_throttling_api_desc" => "Limit the number of messages user's can post within a time frame. See <a href='https://docs.supportpal.com/current/App+Configuration#Throttling' target='_blank' rel='noopener noreferrer'>Throttling configuration</a> for more details on how to adjust the limits.", |
| * 5.4.1 | ||
| */ | ||
| "twilio_verify_sid" => "Verification SID", | ||
| "twilio_number_verification_desc" => "Optional - Enter a verification service SID to enable verification of user phone numbers. This is recommended to avoid a user entering any phone number - the <a target='_blank' href='https://www.twilio.com/verify'>Verify</a> service by Twilio is chargeable.", |
There was a problem hiding this comment.
The Twilio Verify link is rendered with target='_blank' but without rel='noopener noreferrer', which can lead to reverse tabnabbing and opener access if the destination or an intermediate redirect is compromised. Mitigate by adding rel='noopener noreferrer' to the anchor element within this string: <a target='_blank' href='https://www.twilio.com/verify' rel='noopener noreferrer'>Verify</a>.
| "twilio_number_verification_desc" => "Optional - Enter a verification service SID to enable verification of user phone numbers. This is recommended to avoid a user entering any phone number - the <a target='_blank' href='https://www.twilio.com/verify'>Verify</a> service by Twilio is chargeable.", | |
| "twilio_number_verification_desc" => "Optional - Enter a verification service SID to enable verification of user phone numbers. This is recommended to avoid a user entering any phone number - the <a target='_blank' rel='noopener noreferrer' href='https://www.twilio.com/verify'>Verify</a> service by Twilio is chargeable.", |
Synced files with /addon-language-english.
This PR was created automatically by #11385185308