From: joey Date: Sat, 21 Oct 2006 19:49:23 +0000 (+0000) Subject: notes about this plugin, including a security issue X-Git-Tag: 1.31~34 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=a70b71c663eabdb88ed3a16c07aed6f39c18e4ad;p=ikiwiki.git notes about this plugin, including a security issue --- diff --git a/doc/plugins/contrib/syntax/discussion.mdwn b/doc/plugins/contrib/syntax/discussion.mdwn new file mode 100644 index 000000000..ace53dad0 --- /dev/null +++ b/doc/plugins/contrib/syntax/discussion.mdwn @@ -0,0 +1,14 @@ +I'd like to include this in ikiwiki. Using vim for syntax highlighting is +suprising to me, but it seems to work great. Would it be possible to +license it the same as the rest of ikiwiki (GPL) instead of dragging in the +perl license? + +Text::VimColor will need to be added to Debian.. + +It looks to me like the file parameter is a security hole, since it allows +inclusion of arbitrary files into the wiki, including ones outside of the +wiki source tree. I think this option should either be removed, or be +limited to reading files inside the wiki source tree. If it's retained it +should also add an appropriate dependency on the included file. + +--[[Joey]]