Changes between Version 8 and Version 9 of GenshiMacro


Ignore:
Timestamp:
Jul 11, 2016, 10:02:26 PM (8 years ago)
Author:
figaro
Comment:

Further cosmetic changes

Legend:

Unmodified
Added
Removed
Modified
  • GenshiMacro

    v8 v9  
    44
    55{{{#!box warn
    6 **Notice:** This plugin has not been developed with security considerations in mind. '''Only enable this macro on sites where you trust *all* users who can edit *any* wiki text with the web server's account.'''
     6**Notice:** This plugin has '''not''' been developed with security considerations in mind. '''Only enable this macro on sites where you trust *all* users who can edit *any* wiki text with the web server's account.'''
    77}}}
    88
     
    1515'''Note: no security considerations whatsoever went into the making of this plugin. Remy Blank gave some advice:'''
    1616
    17 Genshi templates allow executing arbitrary Python code. So you basically
    18 give users who can insert the macro anywhere (wiki page, ticket comment,
    19 etc) permission to act as the user running Trac, including running run
    20 any shell command.
     17Genshi templates allow executing arbitrary Python code. So you basically give users who can insert the macro anywhere (wiki page, ticket comment, etc) permission to act as the user running Trac, including running any shell command:
    2118
    2219{{{
    23 {{{ #!Genshi
     20{{{#!Genshi
    2421<div>${open('/etc/apache2/htpasswd').read()}</div>
    2522}}}
     
    3532}}}
    3633
    37 So my advice is, only enable this macro on sites where you trust *all*
    38 users who can edit *any* wiki text with the web server's account.
     34So my advice is, only enable this macro on sites where you trust *all* users who can edit *any* wiki text with the web server's account.
    3935
    4036== Bugs/Feature Requests
     
    4642[/newticket?component=GenshiMacro new ticket].
    4743
     44[[TicketQuery(component=GenshiMacro&group=type,format=progress)]]
     45
    4846== Download
    4947
     
    5452You can clone GenshiMacro from [git://github.com/ejucovy/trac-GenshiMacro.git here] using Git, or [https://github.com/ejucovy/trac-GenshiMacro browse the source] with Github.
    5553
    56 == Configuration and Usage
     54== Installation
    5755
    58 To use the plugin, install it in your Trac environment and enable its components in `trac.ini`:
     56To use the plugin, install it in your Trac environment and enable it in your `trac.ini` file:
    5957
    60 {{{
     58{{{#!ini
    6159[components]
    6260genshimacro.* = enabled
     
    8381    <py:otherwise>
    8482     <b>To file a new ticket, you'll need to
    85         <a  href="${req.href.login()}">log in</a> or
    86         <a  href="${req.href.register()}">create an account</a>
     83        <a href="${req.href.login()}">log in</a> or
     84        <a href="${req.href.register()}">create an account</a>
    8785        first.</b>
    8886    </py:otherwise>