refactor: Use XliffParser exclusively to eliminate custom XML parsing #50
Description
Background
Currently, the TranslationController::importAction() method uses direct simplexml_load_string() for XLF file parsing, bypassing TYPO3's secure XliffParser class.
Problem
Using custom XML parsing:
- Requires manual security hardening (XXE protection)
- Duplicates functionality already in TYPO3 core
- Increases maintenance burden
- May miss future security updates to core parser
Proposed Solution
Refactor TranslationController::importAction() to use TYPO3 XliffParser exclusively by creating temporary files with acceptable names if needed.
Benefits
- Leverage TYPO3 core security updates automatically
- Reduce code complexity and duplication
- Improve long-term maintainability
- Align with TYPO3 best practices
Priority
Medium - This is a long-term improvement. Immediate XXE protection is being addressed separately in a security fix.
Related
- ImportService already uses XliffParser securely (Classes/Service/ImportService.php:93)