id summary reporter owner description type status priority component severity resolution keywords cc release 6250 Improve security Álvaro Iradier Álvaro Iradier "Now, users with TRAC_ADMIN permission can select any file from the system as css, header, or footer, and preview it. Two fixes should be made: 1. TracWikiPrintPlugin should not require TRAC_ADMIN permissions for basic configuration. Create a new permission, like WIKIPRINT_ADMIN, to allow non-admin user users to configure Wiki Print. 2. Allow the TRAC_ADMIN user to disable using files from filesystem in Wiki Print. If the option is disabled, only URLs will be allowed to select css, header or footer." enhancement closed high TracWikiPrintPlugin normal fixed 0.11