finish including hnb plugin

1 files changed, 0 insertions, 28 deletions

diff --git a/doc/plugins/contrib/hnb/discussion.mdwn b/doc/plugins/contrib/hnb/discussion.mdwn
deleted file mode 100644
index 45bd703c4..000000000
--- a/doc/plugins/contrib/hnb/discussion.mdwn
+++ /dev/null
@@ -1,28 +0,0 @@
-I've reviewed this plugin's code, and there is one major issue with it,
-namely this line:
-
-	system("hnb '$params{page}.hnb' 'go root' 'export_html $tmp' > /dev/null");
-
-This could potentially allow execution of artibtary shell code, if the filename
-contains a single quote.
-
-* Fixed with version 0.02 by usage of `$params{content}` -- XTaran
-
-Which ikiwiki doesn't allow by default, but I prefer to never involve a shell where one is not needed. The otl plugin is a good example of how to safely fork a child process without involving the shell.
-
-* Had a look at that one as example before writing the hnb plugin, but hnb has different input/output characteristics. I would prefer another solution, too, but as long as it works and is secure, I'm fine with the current (fixed :-) ) solution -- [[XTaran]].
-
-Other problems:
-
-* Use of shell mktemp from perl is suboptimal. File::Temp would be better.
-  * Fixed with version 0.02 -- [[XTaran]]
-* The htmlize hook should not operate on the contents of `$params{page}.hnb`.
-  The content that needs to be htmlized is passed in to the hook in
-  `$params{content}`.
-  * Fixed with version 0.02 -- [[XTaran]]
-
-If these problems are resolved and a copyright statement is added to the file,
-
-* Copyright Statement is in their for about a month. -- [[XTaran]]
-
-I'd be willing to include this plugin in ikiwiki. --[[Joey]]