Changes between Version 21 and Version 22 of TracWikiPrintPlugin


Ignore:
Timestamp:
Nov 24, 2009 8:09:48 AM (5 years ago)
Author:
airadier
Comment:

Security Concerns

Legend:

Unmodified
Added
Removed
Modified
  • TracWikiPrintPlugin

    v21 v22  
    8080For example, if you access the trac project from your browser using the URL http://myserver/trac/myproject, but address of ''myserver'' is locally resolved at your workstation (via /etc/hosts or similar), and not globally known, then ''xhtml2pdf'' will fail to resolve ''myserver'' and won't be able to download the images from http://myserver/trac/myproject/. In that case, use the server IP instead. 
    8181 
     82=== Security Concerns === 
     83 
     84When setting up header, footer, style, etc. the user can select a file from the file system and preview it. This could mean a security risk, as the user might display ''/etc/passwd'' or critical files. This is not a WikiPrint problem, as anyone with TRAC_ADMIN permissions would be able to install and run a potentially insecure plugin. So, make sure you trust users with TRAC_ADMIN permissions. 
     85 
    8286=== Export formats === 
    8387