Changes between Version 8 and Version 9 of GenshiMacro
- Timestamp:
- Jul 11, 2016, 10:02:26 PM (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GenshiMacro
v8 v9 4 4 5 5 {{{#!box warn 6 **Notice:** This plugin has notbeen developed with security considerations in mind. '''Only enable this macro on sites where you trust *all* users who can edit *any* wiki text with the web server's account.'''6 **Notice:** This plugin has '''not''' been developed with security considerations in mind. '''Only enable this macro on sites where you trust *all* users who can edit *any* wiki text with the web server's account.''' 7 7 }}} 8 8 … … 15 15 '''Note: no security considerations whatsoever went into the making of this plugin. Remy Blank gave some advice:''' 16 16 17 Genshi templates allow executing arbitrary Python code. So you basically 18 give users who can insert the macro anywhere (wiki page, ticket comment, 19 etc) permission to act as the user running Trac, including running run 20 any shell command. 17 Genshi templates allow executing arbitrary Python code. So you basically give users who can insert the macro anywhere (wiki page, ticket comment, etc) permission to act as the user running Trac, including running any shell command: 21 18 22 19 {{{ 23 {{{ 20 {{{#!Genshi 24 21 <div>${open('/etc/apache2/htpasswd').read()}</div> 25 22 }}} … … 35 32 }}} 36 33 37 So my advice is, only enable this macro on sites where you trust *all* 38 users who can edit *any* wiki text with the web server's account. 34 So my advice is, only enable this macro on sites where you trust *all* users who can edit *any* wiki text with the web server's account. 39 35 40 36 == Bugs/Feature Requests … … 46 42 [/newticket?component=GenshiMacro new ticket]. 47 43 44 [[TicketQuery(component=GenshiMacro&group=type,format=progress)]] 45 48 46 == Download 49 47 … … 54 52 You can clone GenshiMacro from [git://github.com/ejucovy/trac-GenshiMacro.git here] using Git, or [https://github.com/ejucovy/trac-GenshiMacro browse the source] with Github. 55 53 56 == Configuration and Usage54 == Installation 57 55 58 To use the plugin, install it in your Trac environment and enable it s components in `trac.ini`:56 To use the plugin, install it in your Trac environment and enable it in your `trac.ini` file: 59 57 60 {{{ 58 {{{#!ini 61 59 [components] 62 60 genshimacro.* = enabled … … 83 81 <py:otherwise> 84 82 <b>To file a new ticket, you'll need to 85 <a 86 <a 83 <a href="${req.href.login()}">log in</a> or 84 <a href="${req.href.register()}">create an account</a> 87 85 first.</b> 88 86 </py:otherwise>