From 039c18c562f408324fcecc3cb4b88521a0f4dbb7 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 26 May 2008 08:04:55 -0400 Subject: web commit by XTaran: Everything necessary fixed with 0.02 --- doc/plugins/contrib/hnb/discussion.mdwn | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'doc/plugins') diff --git a/doc/plugins/contrib/hnb/discussion.mdwn b/doc/plugins/contrib/hnb/discussion.mdwn index 716753878..45bd703c4 100644 --- a/doc/plugins/contrib/hnb/discussion.mdwn +++ b/doc/plugins/contrib/hnb/discussion.mdwn @@ -4,16 +4,25 @@ namely this line: system("hnb '$params{page}.hnb' 'go root' 'export_html $tmp' > /dev/null"); This could potentially allow execution of artibtary shell code, if the filename -contains a single quote. Which ikiwiki doesn't allow by default, but I prefer -to never involve a shell where one is not needed. The otl plugin is a good -example of how to safely fork a child process without involving the shell. +contains a single quote. + +* Fixed with version 0.02 by usage of `$params{content}` -- XTaran + +Which ikiwiki doesn't allow by default, but I prefer to never involve a shell where one is not needed. The otl plugin is a good example of how to safely fork a child process without involving the shell. + +* Had a look at that one as example before writing the hnb plugin, but hnb has different input/output characteristics. I would prefer another solution, too, but as long as it works and is secure, I'm fine with the current (fixed :-) ) solution -- [[XTaran]]. Other problems: * Use of shell mktemp from perl is suboptimal. File::Temp would be better. + * Fixed with version 0.02 -- [[XTaran]] * The htmlize hook should not operate on the contents of `$params{page}.hnb`. The content that needs to be htmlized is passed in to the hook in `$params{content}`. + * Fixed with version 0.02 -- [[XTaran]] If these problems are resolved and a copyright statement is added to the file, + +* Copyright Statement is in their for about a month. -- [[XTaran]] + I'd be willing to include this plugin in ikiwiki. --[[Joey]] -- cgit v1.2.3 From d092e794b346e59318fe05bbe456e8fc3085a97f Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 26 May 2008 08:16:32 -0400 Subject: web commit by XTaran: Mercurial repository --- doc/plugins/contrib/hnb.mdwn | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'doc/plugins') diff --git a/doc/plugins/contrib/hnb.mdwn b/doc/plugins/contrib/hnb.mdwn index aca505865..9c2c9cfc1 100644 --- a/doc/plugins/contrib/hnb.mdwn +++ b/doc/plugins/contrib/hnb.mdwn @@ -7,6 +7,8 @@ hnb installed, since it uses the commandline interface of `hnb` program. It is roughly based on the `otl` plugin but uses `mktemp` to create temporary files since `hnb` has no "quiet" switch and otherwise the hnb version number and other as well as the output file name always would be in the output itself. -For now it's available for download at . It's available under the GPL +For now [[XTaran]]'s currently used version is available for download at . The Mercurial repository is at . + +The hnb plugin is available under the GPL. TODO: Make a switch to allow both HTML export routines of hnb (`export_html` and `export_htmlcss`) to be used. -- cgit v1.2.3