diff options
Diffstat (limited to 'doc/plugins')
| -rw-r--r-- | doc/plugins/contrib/hnb.mdwn | 2 | ||||
| -rw-r--r-- | doc/plugins/contrib/hnb/discussion.mdwn | 19 | ||||
| -rw-r--r-- | doc/plugins/teximg.mdwn | 4 | ||||
| -rw-r--r-- | doc/plugins/teximg/discussion.mdwn | 2 | ||||
| -rw-r--r-- | doc/plugins/write.mdwn | 2 |
5 files changed, 27 insertions, 2 deletions
diff --git a/doc/plugins/contrib/hnb.mdwn b/doc/plugins/contrib/hnb.mdwn index 4f4457cd6..8352e1a9b 100644 --- a/doc/plugins/contrib/hnb.mdwn +++ b/doc/plugins/contrib/hnb.mdwn @@ -1,5 +1,5 @@ [[template id=plugin name=hnb author="[[XTaran]]"]] -[[tag type/format]] +[[tag type/format type/slow]] This plugin allows ikiwiki to process `.hnb` XML files, as created by the Hierachical Notebook [hnb](http://hnb.sourceforge.net/). To use it, you need to have diff --git a/doc/plugins/contrib/hnb/discussion.mdwn b/doc/plugins/contrib/hnb/discussion.mdwn new file mode 100644 index 000000000..716753878 --- /dev/null +++ b/doc/plugins/contrib/hnb/discussion.mdwn @@ -0,0 +1,19 @@ +I've reviewed this plugin's code, and there is one major issue with it, +namely this line: + + system("hnb '$params{page}.hnb' 'go root' 'export_html $tmp' > /dev/null"); + +This could potentially allow execution of artibtary shell code, if the filename +contains a single quote. Which ikiwiki doesn't allow by default, but I prefer +to never involve a shell where one is not needed. The otl plugin is a good +example of how to safely fork a child process without involving the shell. + +Other problems: + +* Use of shell mktemp from perl is suboptimal. File::Temp would be better. +* The htmlize hook should not operate on the contents of `$params{page}.hnb`. + The content that needs to be htmlized is passed in to the hook in + `$params{content}`. + +If these problems are resolved and a copyright statement is added to the file, +I'd be willing to include this plugin in ikiwiki. --[[Joey]] diff --git a/doc/plugins/teximg.mdwn b/doc/plugins/teximg.mdwn index 5c35aa2e8..588bf5407 100644 --- a/doc/plugins/teximg.mdwn +++ b/doc/plugins/teximg.mdwn @@ -3,6 +3,10 @@ This plugin renders LaTeX formulas into images. +Of course you will need LaTeX installed for this to work. The plugin +also uses mhchem.sty, which in Debian is in the texlive-science package and +may not be part of a regular texlive installation. + ## examples \[[teximg code="\ce{[Cu(NH3)3]^{2+}}"]] diff --git a/doc/plugins/teximg/discussion.mdwn b/doc/plugins/teximg/discussion.mdwn index 17f677c21..019298670 100644 --- a/doc/plugins/teximg/discussion.mdwn +++ b/doc/plugins/teximg/discussion.mdwn @@ -1,2 +1,4 @@ A minor nitpick: if, while editing, you preview your page two times without changing anything, the second time produces an error. --[[buo]] + +> Fixed --[[Joey]] diff --git a/doc/plugins/write.mdwn b/doc/plugins/write.mdwn index 410d49aaf..b9d7c01c2 100644 --- a/doc/plugins/write.mdwn +++ b/doc/plugins/write.mdwn @@ -512,7 +512,7 @@ version of the file. In particular, in preview mode, this should still be called even if the file isn't going to be written to during the preview. Ikiwiki uses this information to automatically clean up rendered files when -the page that rendered them goes away or is changes to no longer render +the page that rendered them goes away or is changed to no longer render them. will_render also does a few important security checks. #### `pagetype($)` |