notes about this plugin, including a security issue

author: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2006-10-21 19:49:23 +0000
committer: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2006-10-21 19:49:23 +0000
commit: a70b71c663eabdb88ed3a16c07aed6f39c18e4ad (patch)
tree: 74295131a8b6ba239a8f7c0413e144350c93cddc /doc/plugins
parent: bb7179966c5326d2ff79c272aa48e59e6d81731a (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/plugins/contrib/syntax/discussion.mdwn b/doc/plugins/contrib/syntax/discussion.mdwn
new file mode 100644
index 000000000..ace53dad0
--- /dev/null
+++ b/doc/plugins/contrib/syntax/discussion.mdwn
@@ -0,0 +1,14 @@
+I'd like to include this in ikiwiki. Using vim for syntax highlighting is
+suprising to me, but it seems to work great. Would it be possible to
+license it the same as the rest of ikiwiki (GPL) instead of dragging in the
+perl license?
+
+Text::VimColor will need to be added to Debian..
+
+It looks to me like the file parameter is a security hole, since it allows
+inclusion of arbitrary files into the wiki, including ones outside of the
+wiki source tree. I think this option should either be removed, or be
+limited to reading files inside the wiki source tree. If it's retained it
+should also add an appropriate dependency on the included file.
+
+--[[Joey]]
author	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2006-10-21 19:49:23 +0000
committer	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2006-10-21 19:49:23 +0000
commit	a70b71c663eabdb88ed3a16c07aed6f39c18e4ad (patch)
tree	74295131a8b6ba239a8f7c0413e144350c93cddc /doc/plugins
parent	bb7179966c5326d2ff79c272aa48e59e6d81731a (diff)