Menu
▾
▴
[TWiki-Dev] [SVN] PeterThoeny r20013 - in twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin: data/TWiki lib/TWiki/Plugins lib/TWiki/Plugins/ReStructuredTextPlugin
|
From: <de...@de...> - 2010-12-16 08:49:23
|
Author: PeterThoeny Date: 2010-12-16 02:49:14 -0600 (Thu, 16 Dec 2010) New Revision: 20013 Trac url: http://develop.twiki.org/trac/changeset/20013 Added: twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/lib/TWiki/Plugins/ReStructuredTextPlugin/Config.spec Modified: twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/data/TWiki/ReStructuredTextPlugin.txt twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/lib/TWiki/Plugins/ReStructuredTextPlugin.pm twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/lib/TWiki/Plugins/ReStructuredTextPlugin/MANIFEST Log: Item6530: Move plugin settings to configure (to fix security issue); filter options parameter (to fix security issue) Modified: twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/data/TWiki/ReStructuredTextPlugin.txt =================================================================== --- twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/data/TWiki/ReStructuredTextPlugin.txt 2010-12-16 08:48:33 UTC (rev 20012) +++ twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/data/TWiki/ReStructuredTextPlugin.txt 2010-12-16 08:49:14 UTC (rev 20013) @@ -1,4 +1,4 @@ -%META:TOPICINFO{author="TWikiContributor" date="1292484990" format="1.1" version="$Rev$"}% +%META:TOPICINFO{author="TWikiContributor" date="1292489251" format="1.1" version="$Rev$"}% ---+!! <nop>%TOPIC% <!-- Contributions to this TWiki plugin are appreciated. Please update the plugin page at @@ -75,15 +75,6 @@ * One line description, shown in the %SYSTEMWEB%.TextFormattingRules topic: * Set SHORTDESCRIPTION = Render reStructuredText (Python documentation) within a TWiki page - * Set DEBUG to 1 to get debug messages in =data/debug.txt=. Default: =0= - * Set DEBUG = 0 - - * Set TRIP to give a different path to the =trip= executable. - * Set TRIP = /var/www/twiki/lib/TWiki/Plugins/ReStructuredTextPlugin/trip/bin/trip - - * Set TRIPOPTIONS to specify default options to =trip=. - * Set TRIPOPTIONS = -D source_link=0 -D time=0 -D xformoff=DocTitle -D generator=0 -D tabstops=3 - ---++ Plugin Installation Instructions __Note:__ You do not need to install anything on the browser to use this plugin. The following instructions are for the administrator who installs the plugin on the server where TWiki is running. @@ -93,19 +84,23 @@ | *File:* | *Description:* | | ==data/TWiki/%TOPIC%.txt== | Plugin topic | | ==lib/TWiki/Plugins/%TOPIC%.pm== | Plugin Perl module | + | ==lib/TWiki/Plugins/%TOPIC%/Config.spec== | Settings for configure script | | ==lib/TWiki/Plugins/%TOPIC%/trip/*== | trip utility (Perl script) | - * Visit =configure= in your TWiki installation, and enable the plugin in the {Plugins} section. - * Test the example above if the installation was successful. + * Visit =configure= in your TWiki installation: + * Enable the plugin in the {Plugins} section + * In Extensions section, set {Plugins}{ReStructuredTextPlugin}{TripCmd} to an absolute path; the trip executable is located below your TWiki directory at =lib/TWiki/Plugins/%TOPIC%/trip/bin/trip=. + * Test above example if the installation was successful. ---++ Plugin Info -| Plugin Author: | TWiki:Main.SteveRJones | -| Plugin Copyright: | © 2005 TWiki:Main.SteveRJones <br /> © 2005-2010 TWiki:TWiki.TWikiContributor | +| Plugin Author: | TWiki:Main.SteveRJones, TWiki:Main.PeterThoeny | +| Plugin Copyright: | © 2005 TWiki:Main.SteveRJones <br /> © 2010 TWiki:Main.PeterThoeny <br /> © 2005-2010 TWiki:TWiki.TWikiContributor | | Trip tool Author: | TWiki:Main.MarkNodine | | Trip tool Copyright: | © 2002-2005 Freescale Semiconductor | | License: | GPL ([[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]]) | -| Plugin Version: | 2010-12-15 (V1.1) | +| Plugin Version: | 2010-12-16 (V1.2) | | Change History: | <!-- versions below in reverse order --> | +| 2010-12-16: | TWikibug:Item6530: Move plugin settings to configure (to fix security issue); filter options parameter (to fix security issue) -- TWiki:Main.PeterThoeny | | 2010-12-15: | TWikibug:Item6530: Doc improvements; changing TWIKIWEB to SYSTEMWEB -- TWiki:Main.PeterThoeny | | 2005-05-19: | Initial version | | TWiki Dependency: | $TWiki::Plugins::VERSION 1.024 | Added: twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/lib/TWiki/Plugins/ReStructuredTextPlugin/Config.spec =================================================================== --- twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/lib/TWiki/Plugins/ReStructuredTextPlugin/Config.spec (rev 0) +++ twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/lib/TWiki/Plugins/ReStructuredTextPlugin/Config.spec 2010-12-16 08:49:14 UTC (rev 20013) @@ -0,0 +1,14 @@ +# ---+ Extensions +# ---++ PLUGINS +# ---+++ ReStructuredTextPlugin +# **PATH M** +# Path to trip executable, located at =twiki/lib/TWiki/Plugins/ReStructuredTextPlugin/trip/bin/trip=. Set this to an absolute path matching your TWiki installation. +$TWiki::cfg{Plugins}{ReStructuredTextPlugin}{TripCmd} = '$TWiki::cfg{DataDir}/../lib/TWiki/Plugins/ReStructuredTextPlugin/trip/bin/trip'; +# **TEXT** +# Default options of trip +$TWiki::cfg{Plugins}{ReStructuredTextPlugin}{TripOptions} = '-D source_link=0 -D time=0 -D xformoff=DocTitle -D generator=0 -D tabstops=3'; +# **BOOLEAN** +# Debug flag +$TWiki::cfg{Plugins}{ReStructuredTextPlugin}{Debug} = 0; + +1; Modified: twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/lib/TWiki/Plugins/ReStructuredTextPlugin/MANIFEST =================================================================== --- twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/lib/TWiki/Plugins/ReStructuredTextPlugin/MANIFEST 2010-12-16 08:48:33 UTC (rev 20012) +++ twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/lib/TWiki/Plugins/ReStructuredTextPlugin/MANIFEST 2010-12-16 08:49:14 UTC (rev 20013) @@ -1,5 +1,6 @@ data/TWiki/ReStructuredTextPlugin.txt 0644 lib/TWiki/Plugins/ReStructuredTextPlugin.pm 0444 +lib/TWiki/Plugins/ReStructuredTextPlugin/Config.spec 0444 lib/TWiki/Plugins/ReStructuredTextPlugin/trip/bin/Directive/if.pm 0444 lib/TWiki/Plugins/ReStructuredTextPlugin/trip/bin/Directive/perl.pm 0444 lib/TWiki/Plugins/ReStructuredTextPlugin/trip/bin/Directive/system.pm 0444 Modified: twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/lib/TWiki/Plugins/ReStructuredTextPlugin.pm =================================================================== --- twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/lib/TWiki/Plugins/ReStructuredTextPlugin.pm 2010-12-16 08:48:33 UTC (rev 20012) +++ twiki/branches/TWikiRelease05x00/ReStructuredTextPlugin/lib/TWiki/Plugins/ReStructuredTextPlugin.pm 2010-12-16 08:49:14 UTC (rev 20013) @@ -2,6 +2,9 @@ # # Copyright (C) 2000-2003 Andrea Sterbini, a.s...@fl... # Copyright (C) 2001-2004 Peter Thoeny, pe...@th... +# Copyright (C) 2005 TWiki:Main.SteveRJones +# Copyright (C) 2010 TWiki:Main.PeterThoeny +# Copyright (C) 2005-2010 TWiki:TWiki.TWikiContributor # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -37,8 +40,8 @@ $tripoptions ); -$VERSION = '1.1'; -$RELEASE = '2010-12-15'; +$VERSION = '1.2'; +$RELEASE = '2010-12-16'; $pluginName = 'ReStructuredTextPlugin'; # Name of this Plugin @@ -54,15 +57,15 @@ } # Get plugin debug flag - $debug = TWiki::Func::getPluginPreferencesFlag( "DEBUG" ); + $debug = $TWiki::cfg{Plugins}{$pluginName}{Debug} || 0; # Get trip override flag - $trip = TWiki::Func::getPluginPreferencesValue( "TRIP" ) - || '/var/www/twiki/lib/TWiki/Plugins/ReStructuredTextPlugin/trip/bin/trip'; + $trip = $TWiki::cfg{Plugins}{$pluginName}{TripCmd} + || '/var/www/twiki/lib/TWiki/Plugins/ReStructuredTextPlugin/trip/bin/trip'; # Get trip override flag - $tripoptions = TWiki::Func::getPluginPreferencesValue( "TRIPOPTIONS" ) - || '-D source_link=0 -D time=0'; + $tripoptions = $TWiki::cfg{Plugins}{$pluginName}{TripOptions} + || '-D source_link=0 -D time=0 -D xformoff=DocTitle -D generator=0 -D tabstops=3'; # Plugin correctly initialized TWiki::Func::writeDebug( "- TWiki::Plugins::ReStructuredTextPlugin::initPlugin( $web.$topic ) is OK" ) if $debug; @@ -91,6 +94,9 @@ sub reST2html { my ($text, $opts) = @_; + + # security fix: Filter options to prevent nasty stuff + $opts =~ s/[^a-zA-Z0-9_\=\- ]//go; my %opts = $opts =~ /(\w+)="(.*?)"/g; # Convert each tab to 3 spaces $text =~ s/\t/ /g; |