Menu
▾
▴
Re: [Slashcode-general] attaching files/content to stories
|
From: shane <sh...@lo...> - 2006-09-14 22:59:06
|
On Aug 29, 2006, at 7:34 PM, Clifton Wood wrote: > Would be neat, but could also be BAAAD JUJU. Because effectively, > there would need to be some kind of security model in place for > Templates in stories otherwise the potential for site pwnage would > be very high. > > - Cliff Can you elaborate on this a little bit? I don't see where the problem would lie. My thinking is that it's different from a .tmpl file. The one obstacle I could see is the pre-rendering of the stories. Slashd writes them to disk as .shtml's, so there'd be no question, it'd just ignore the template toolkit code within the story.introtext and bodytext. But when a user hits articles.pl does it show pre-rendered (from cache) or render it right then and there? If right then and there, it would seem the template running would be no different from a .tmpl and it'd be limited to the current user. Obviously, you'd have to fully trust your site admins (ie authors) with writing template toolkit code. That in itself is kinda scary. Shane |
