notes about this plugin, including a security issue

master
joey 2006-10-21 19:49:23 +00:00
parent bb7179966c
commit a70b71c663
1 changed files with 14 additions and 0 deletions

View File

@ -0,0 +1,14 @@
I'd like to include this in ikiwiki. Using vim for syntax highlighting is
suprising to me, but it seems to work great. Would it be possible to
license it the same as the rest of ikiwiki (GPL) instead of dragging in the
perl license?
Text::VimColor will need to be added to Debian..
It looks to me like the file parameter is a security hole, since it allows
inclusion of arbitrary files into the wiki, including ones outside of the
wiki source tree. I think this option should either be removed, or be
limited to reading files inside the wiki source tree. If it's retained it
should also add an appropriate dependency on the included file.
--[[Joey]]