aboutsummaryrefslogtreecommitdiff
path: root/doc/plugins
diff options
context:
space:
mode:
authorJoey Hess <joey@kodama.kitenet.net>2008-05-28 15:38:36 -0400
committerJoey Hess <joey@kodama.kitenet.net>2008-05-28 15:38:36 -0400
commit774a5f86b2fa8dcbc561c50901cf655711e836dc (patch)
treeb3f501ebb0d555ff1a3fe0b315ac140087700cf5 /doc/plugins
parentd5d56a24bd49142f8d387adce6c8ca5292af1874 (diff)
parentc928a118d6250f51effdbf2682d44d2d09eeb21d (diff)
downloadikiwiki-774a5f86b2fa8dcbc561c50901cf655711e836dc.tar
ikiwiki-774a5f86b2fa8dcbc561c50901cf655711e836dc.tar.gz
Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info
Diffstat (limited to 'doc/plugins')
-rw-r--r--doc/plugins/contrib/hnb.mdwn4
-rw-r--r--doc/plugins/contrib/hnb/discussion.mdwn15
2 files changed, 15 insertions, 4 deletions
diff --git a/doc/plugins/contrib/hnb.mdwn b/doc/plugins/contrib/hnb.mdwn
index aca505865..9c2c9cfc1 100644
--- a/doc/plugins/contrib/hnb.mdwn
+++ b/doc/plugins/contrib/hnb.mdwn
@@ -7,6 +7,8 @@ hnb installed, since it uses the commandline interface of `hnb` program.
It is roughly based on the `otl` plugin but uses `mktemp` to create temporary files since `hnb` has no "quiet" switch and otherwise the hnb version number and other as well as the output file name always would be in the output itself.
-For now it's available for download at <http://noone.org/hnb/hnb.pm>. It's available under the GPL
+For now [[XTaran]]'s currently used version is available for download at <http://noone.org/hnb/hnb.pm>. The Mercurial repository is at <http://noone.org/hg/ikiwiki/plugin>.
+
+The hnb plugin is available under the GPL.
TODO: Make a switch to allow both HTML export routines of hnb (`export_html` and `export_htmlcss`) to be used.
diff --git a/doc/plugins/contrib/hnb/discussion.mdwn b/doc/plugins/contrib/hnb/discussion.mdwn
index 716753878..45bd703c4 100644
--- a/doc/plugins/contrib/hnb/discussion.mdwn
+++ b/doc/plugins/contrib/hnb/discussion.mdwn
@@ -4,16 +4,25 @@ namely this line:
system("hnb '$params{page}.hnb' 'go root' 'export_html $tmp' > /dev/null");
This could potentially allow execution of artibtary shell code, if the filename
-contains a single quote. Which ikiwiki doesn't allow by default, but I prefer
-to never involve a shell where one is not needed. The otl plugin is a good
-example of how to safely fork a child process without involving the shell.
+contains a single quote.
+
+* Fixed with version 0.02 by usage of `$params{content}` -- XTaran
+
+Which ikiwiki doesn't allow by default, but I prefer to never involve a shell where one is not needed. The otl plugin is a good example of how to safely fork a child process without involving the shell.
+
+* Had a look at that one as example before writing the hnb plugin, but hnb has different input/output characteristics. I would prefer another solution, too, but as long as it works and is secure, I'm fine with the current (fixed :-) ) solution -- [[XTaran]].
Other problems:
* Use of shell mktemp from perl is suboptimal. File::Temp would be better.
+ * Fixed with version 0.02 -- [[XTaran]]
* The htmlize hook should not operate on the contents of `$params{page}.hnb`.
The content that needs to be htmlized is passed in to the hook in
`$params{content}`.
+ * Fixed with version 0.02 -- [[XTaran]]
If these problems are resolved and a copyright statement is added to the file,
+
+* Copyright Statement is in their for about a month. -- [[XTaran]]
+
I'd be willing to include this plugin in ikiwiki. --[[Joey]]