Changes between Version 11 and Version 12 of GenshiMacro


Ignore:
Timestamp:
Mar 25, 2017, 9:08:34 AM (7 years ago)
Author:
Ryan J Ollos
Comment:

Syntax highlighting.

Legend:

Unmodified
Added
Removed
Modified

  • GenshiMacro

    v11 v12  
    66**Notice:** This plugin is deprecated in Trac 1.3.2 and later because Trac has switched from Genshi to Jinja2 as the template engine. The plugin will not function in Trac 1.5.1 and later.
    77
    8 This plugin has '''not''' been developed with security considerations in mind. '''Only enable this macro on sites where you trust *all* users who can edit *any* wiki text with the web server's account.'''
     8This plugin has '''not''' been developed with security considerations in mind. '''Only enable this macro on sites where you trust //all// users who can edit //any// wiki text with the web server's account.'''
    99}}}
    1010
     
    1919Genshi templates allow executing arbitrary Python code. So you basically give users who can insert the macro anywhere (wiki page, ticket comment, etc) permission to act as the user running Trac, including running any shell command:
    2020
    21 {{{
     21{{{#!genshi
    2222{{{#!Genshi
    2323<div>${open('/etc/apache2/htpasswd').read()}</div>
     
    2525}}}
    2626
    27 {{{
     27{{{#!genshi
    2828{{{#!Genshi
    2929<?python
     
    6767== Example
    6868
    69 {{{
     69{{{#!genshi
    7070 
    71   {{{
    72   #!Genshi
     71  {{{#!Genshi
    7372  <div xmlns:py="http://genshi.edgewall.org/">
    7473   <py:choose>
     
    9392}}}
    9493
    95 == Recent Changes
    96 
    97 [[ChangeLog(genshimacro, 3)]]
    98 
    9994== Author/Contributors
    10095