diff options
author | https://id.koumbit.net/anarcat <https://id.koumbit.net/anarcat@web> | 2016-05-30 23:59:42 -0400 |
---|---|---|
committer | admin <admin@branchable.com> | 2016-05-30 23:59:42 -0400 |
commit | 346bac30f090a0d24c887ebc57dd4251b889dc27 (patch) | |
tree | 264017d0a5c0af0a9442baab608d368079044fc2 /doc | |
parent | 2a03e04510137c64d83b9b305b8c6b26e3a6d486 (diff) | |
download | ikiwiki-346bac30f090a0d24c887ebc57dd4251b889dc27.tar ikiwiki-346bac30f090a0d24c887ebc57dd4251b889dc27.tar.gz |
oops, forgot some changes
Diffstat (limited to 'doc')
-rw-r--r-- | doc/plugins/contrib/bibtex2html.mdwn | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/doc/plugins/contrib/bibtex2html.mdwn b/doc/plugins/contrib/bibtex2html.mdwn index b2e95a263..eff016d7e 100644 --- a/doc/plugins/contrib/bibtex2html.mdwn +++ b/doc/plugins/contrib/bibtex2html.mdwn @@ -1,6 +1,8 @@ [[!template id=plugin name=bibtex2html author="[[anarcat]]"]] -Trivial plugin to implement [[todo/BibTeX]] support simply using [bibtex2html](https://www.lri.fr/~filliatr/bibtex2html/). It is hopefully secure enough, but I have still marked it as unsafe because I am worried about parameter expansion in bibtex calls from bibtex2html that wouldn't escape those characters properly. The pipeline is called safely, but certain `-flags` could be maliciously added to the filenames somehow. +Trivial plugin to implement [[todo/BibTeX]] support simply using [bibtex2html](https://www.lri.fr/~filliatr/bibtex2html/). It only takes a `bib` file as an argument and dumps whatever bibtex2html returns for it, so it shows *all* the entries, something that is not really possible with the existing [[bibtex]] plugin, as that one requires you to explicitly state every citation you want to show. + +It is hopefully secure enough, but I have still marked it as unsafe because I am worried about parameter expansion in bibtex calls from bibtex2html that wouldn't escape those characters properly. The pipeline is called safely, but certain `-flags` could be maliciously added to the filenames somehow. The plugin is generic enough that I wonder if there's a level of abstraction that exists here that I have missed. If not it would be interesting to add. @@ -43,7 +45,7 @@ sub bibtex2html { } add_depends($params{page}, $near); $near = srcfile($near); - my @bibtex_cmd = (qw[bibtex2html -charset utf-8 -noheader -nofooter -nobibsource -nodoc -q -o -], $near); + my @bibtex_cmd = (qw[bibtex2html -noheader -nofooter -nobibsource -nodoc -q -o -], $near); open(PIPE, "-|", @bibtex_cmd) || error "can't open pipe to @bibtex_cmd: $!"; @@ -55,3 +57,5 @@ sub bibtex2html { 1; """]] + +Obviously, this should be implemented through Text::Bibtex as forking is expensive. Yet I haven't found a way to do what this plugin does with the existing [[bibtex]] module. [[bibtex]] could of course be extended and then render this plugin obsolete, but I have found it simpler to just reuse an existing working rendered than rewrite my own in Perl. --[[anarcat]] |