Modify

Opened 8 years ago

Closed 8 years ago

#6250 closed enhancement (fixed)

Improve security

Reported by: Álvaro Iradier Owned by: Álvaro Iradier
Priority: high Component: TracWikiPrintPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

Now, users with TRAC_ADMIN permission can select any file from the system as css, header, or footer, and preview it.

Two fixes should be made:

  1. TracWikiPrintPlugin should not require TRAC_ADMIN permissions for basic configuration. Create a new permission, like WIKIPRINT_ADMIN, to allow non-admin user users to configure Wiki Print.
  1. Allow the TRAC_ADMIN user to disable using files from filesystem in Wiki Print. If the option is disabled, only URLs will be allowed to select css, header or footer.

Attachments (0)

Change History (2)

comment:1 Changed 8 years ago by Álvaro Iradier

Status: newassigned

comment:2 Changed 8 years ago by Álvaro Iradier

Resolution: fixed
Status: assignedclosed

(In [7699]) New version 1.7

  • Improvements resolving image links
  • Added WIKIPRINT_ADMIN and WIKIPRINT_FILESYSTEM permissions (fixes #6250)
  • Replace [[TOC]] with Table of Contents (fixes #6213), and support parameters in TOC and PageOutline macros

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Álvaro Iradier.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.