From a70b71c663eabdb88ed3a16c07aed6f39c18e4ad Mon Sep 17 00:00:00 2001 From: joey Date: Sat, 21 Oct 2006 19:49:23 +0000 Subject: [PATCH] notes about this plugin, including a security issue --- doc/plugins/contrib/syntax/discussion.mdwn | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 doc/plugins/contrib/syntax/discussion.mdwn diff --git a/doc/plugins/contrib/syntax/discussion.mdwn b/doc/plugins/contrib/syntax/discussion.mdwn new file mode 100644 index 000000000..ace53dad0 --- /dev/null +++ b/doc/plugins/contrib/syntax/discussion.mdwn @@ -0,0 +1,14 @@ +I'd like to include this in ikiwiki. Using vim for syntax highlighting is +suprising to me, but it seems to work great. Would it be possible to +license it the same as the rest of ikiwiki (GPL) instead of dragging in the +perl license? + +Text::VimColor will need to be added to Debian.. + +It looks to me like the file parameter is a security hole, since it allows +inclusion of arbitrary files into the wiki, including ones outside of the +wiki source tree. I think this option should either be removed, or be +limited to reading files inside the wiki source tree. If it's retained it +should also add an appropriate dependency on the included file. + +--[[Joey]] -- 2.26.2