From 8f8543389e1472292b55b7394835932d206ecddb Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 15 Jun 2008 16:27:08 -0400 Subject: finish including hnb plugin --- doc/plugins/contrib/hnb.mdwn | 14 -------------- doc/plugins/contrib/hnb/discussion.mdwn | 28 ---------------------------- doc/plugins/hnb.mdwn | 14 ++++++++++++++ doc/plugins/hnb/discussion.mdwn | 28 ++++++++++++++++++++++++++++ 4 files changed, 42 insertions(+), 42 deletions(-) delete mode 100644 doc/plugins/contrib/hnb.mdwn delete mode 100644 doc/plugins/contrib/hnb/discussion.mdwn create mode 100644 doc/plugins/hnb.mdwn create mode 100644 doc/plugins/hnb/discussion.mdwn (limited to 'doc/plugins') diff --git a/doc/plugins/contrib/hnb.mdwn b/doc/plugins/contrib/hnb.mdwn deleted file mode 100644 index 9c2c9cfc1..000000000 --- a/doc/plugins/contrib/hnb.mdwn +++ /dev/null @@ -1,14 +0,0 @@ -[[template id=plugin name=hnb author="[[XTaran]]"]] -[[tag type/format type/slow]] - -This plugin allows ikiwiki to process `.hnb` XML files, as created by -the Hierachical Notebook [hnb](http://hnb.sourceforge.net/). To use it, you need to have -hnb installed, since it uses the commandline interface of `hnb` program. - -It is roughly based on the `otl` plugin but uses `mktemp` to create temporary files since `hnb` has no "quiet" switch and otherwise the hnb version number and other as well as the output file name always would be in the output itself. - -For now [[XTaran]]'s currently used version is available for download at . The Mercurial repository is at . - -The hnb plugin is available under the GPL. - -TODO: Make a switch to allow both HTML export routines of hnb (`export_html` and `export_htmlcss`) to be used. diff --git a/doc/plugins/contrib/hnb/discussion.mdwn b/doc/plugins/contrib/hnb/discussion.mdwn deleted file mode 100644 index 45bd703c4..000000000 --- a/doc/plugins/contrib/hnb/discussion.mdwn +++ /dev/null @@ -1,28 +0,0 @@ -I've reviewed this plugin's code, and there is one major issue with it, -namely this line: - - system("hnb '$params{page}.hnb' 'go root' 'export_html $tmp' > /dev/null"); - -This could potentially allow execution of artibtary shell code, if the filename -contains a single quote. - -* Fixed with version 0.02 by usage of `$params{content}` -- XTaran - -Which ikiwiki doesn't allow by default, but I prefer to never involve a shell where one is not needed. The otl plugin is a good example of how to safely fork a child process without involving the shell. - -* Had a look at that one as example before writing the hnb plugin, but hnb has different input/output characteristics. I would prefer another solution, too, but as long as it works and is secure, I'm fine with the current (fixed :-) ) solution -- [[XTaran]]. - -Other problems: - -* Use of shell mktemp from perl is suboptimal. File::Temp would be better. - * Fixed with version 0.02 -- [[XTaran]] -* The htmlize hook should not operate on the contents of `$params{page}.hnb`. - The content that needs to be htmlized is passed in to the hook in - `$params{content}`. - * Fixed with version 0.02 -- [[XTaran]] - -If these problems are resolved and a copyright statement is added to the file, - -* Copyright Statement is in their for about a month. -- [[XTaran]] - -I'd be willing to include this plugin in ikiwiki. --[[Joey]] diff --git a/doc/plugins/hnb.mdwn b/doc/plugins/hnb.mdwn new file mode 100644 index 000000000..9c2c9cfc1 --- /dev/null +++ b/doc/plugins/hnb.mdwn @@ -0,0 +1,14 @@ +[[template id=plugin name=hnb author="[[XTaran]]"]] +[[tag type/format type/slow]] + +This plugin allows ikiwiki to process `.hnb` XML files, as created by +the Hierachical Notebook [hnb](http://hnb.sourceforge.net/). To use it, you need to have +hnb installed, since it uses the commandline interface of `hnb` program. + +It is roughly based on the `otl` plugin but uses `mktemp` to create temporary files since `hnb` has no "quiet" switch and otherwise the hnb version number and other as well as the output file name always would be in the output itself. + +For now [[XTaran]]'s currently used version is available for download at . The Mercurial repository is at . + +The hnb plugin is available under the GPL. + +TODO: Make a switch to allow both HTML export routines of hnb (`export_html` and `export_htmlcss`) to be used. diff --git a/doc/plugins/hnb/discussion.mdwn b/doc/plugins/hnb/discussion.mdwn new file mode 100644 index 000000000..45bd703c4 --- /dev/null +++ b/doc/plugins/hnb/discussion.mdwn @@ -0,0 +1,28 @@ +I've reviewed this plugin's code, and there is one major issue with it, +namely this line: + + system("hnb '$params{page}.hnb' 'go root' 'export_html $tmp' > /dev/null"); + +This could potentially allow execution of artibtary shell code, if the filename +contains a single quote. + +* Fixed with version 0.02 by usage of `$params{content}` -- XTaran + +Which ikiwiki doesn't allow by default, but I prefer to never involve a shell where one is not needed. The otl plugin is a good example of how to safely fork a child process without involving the shell. + +* Had a look at that one as example before writing the hnb plugin, but hnb has different input/output characteristics. I would prefer another solution, too, but as long as it works and is secure, I'm fine with the current (fixed :-) ) solution -- [[XTaran]]. + +Other problems: + +* Use of shell mktemp from perl is suboptimal. File::Temp would be better. + * Fixed with version 0.02 -- [[XTaran]] +* The htmlize hook should not operate on the contents of `$params{page}.hnb`. + The content that needs to be htmlized is passed in to the hook in + `$params{content}`. + * Fixed with version 0.02 -- [[XTaran]] + +If these problems are resolved and a copyright statement is added to the file, + +* Copyright Statement is in their for about a month. -- [[XTaran]] + +I'd be willing to include this plugin in ikiwiki. --[[Joey]] -- cgit v1.2.3