Opened 7 years ago

Closed 7 years ago

#6250 closed enhancement (fixed)

Improve security

Reported by: airadier Owned by: airadier
Priority: high Component: TracWikiPrintPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11


Now, users with TRAC_ADMIN permission can select any file from the system as css, header, or footer, and preview it.

Two fixes should be made:

  1. TracWikiPrintPlugin should not require TRAC_ADMIN permissions for basic configuration. Create a new permission, like WIKIPRINT_ADMIN, to allow non-admin user users to configure Wiki Print.
  1. Allow the TRAC_ADMIN user to disable using files from filesystem in Wiki Print. If the option is disabled, only URLs will be allowed to select css, header or footer.

Attachments (0)

Change History (2)

comment:1 Changed 7 years ago by airadier

  • Status changed from new to assigned

comment:2 Changed 7 years ago by airadier

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [7699]) New version 1.7

  • Improvements resolving image links
  • Added WIKIPRINT_ADMIN and WIKIPRINT_FILESYSTEM permissions (fixes #6250)
  • Replace [[TOC]] with Table of Contents (fixes #6213), and support parameters in TOC and PageOutline macros

Add Comment

Modify Ticket

as closed The owner will remain airadier.
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.