Changes between Version 21 and Version 22 of TracWikiPrintPlugin


Ignore:
Timestamp:
Nov 24, 2009, 7:09:48 AM (15 years ago)
Author:
Álvaro Iradier
Comment:

Security Concerns

Legend:

Unmodified
Added
Removed
Modified

  • TracWikiPrintPlugin

    v21 v22  
    8080For example, if you access the trac project from your browser using the URL http://myserver/trac/myproject, but address of ''myserver'' is locally resolved at your workstation (via /etc/hosts or similar), and not globally known, then ''xhtml2pdf'' will fail to resolve ''myserver'' and won't be able to download the images from http://myserver/trac/myproject/. In that case, use the server IP instead.
    8181
     82=== Security Concerns ===
     83
     84When setting up header, footer, style, etc. the user can select a file from the file system and preview it. This could mean a security risk, as the user might display ''/etc/passwd'' or critical files. This is not a WikiPrint problem, as anyone with TRAC_ADMIN permissions would be able to install and run a potentially insecure plugin. So, make sure you trust users with TRAC_ADMIN permissions.
     85
    8286=== Export formats ===
    8387