I was playing with tt2 and twiki. I discovered that a lot of plugins are
quite unsecure.
First question: is there an easy way of enabling only some plugin?
I mean disable the standard Template::Plugin and pass
the PLUGINS only for those "safe"?
Second question: It seems that if I set the INCLUDE_PATH, I should not be
able to list files using the Dir plugin outside this path, but the
INCLUDE_PATH is not used in this plugin....
Third question: I think that instead of overriding all dangerous methods
(say: include, etc.) one could think to the possibility of defining a
callback function in the configuration options,
AUTHORIZE => \$myAccessHandler
which is given the path of the file (or generally the resource accessed,
using some standard) and the necessary informations (the stash?), so that
I can write
AUTHORIZE => sub {
my ($file, $stash) = @_;
my $dbh = Mysql->Connect(...);
my $sth=$dbh->query("select auth from users where name = ",
$stash->get....
return 1 if $sth->....
return undef;
}
Which kind of resources should I take into consideration ?
--
Franco Bagnoli (franchino) <[EMAIL PROTECTED]> ([EMAIL PROTECTED])
virtual location: Dipartimento di Energetica "S. Stecco"
real location: Dip. Matematica Applicata "G. Sansone", Universita' Firenze,
Via S. Marta, 3 I-50139 Firenze, Italy. Tel. +39 0554796422, fax: +39 055471787
GPG Key fingerprint = 169D 9EA5 8FD3 7EDA E43A 9830 255F BCEC 0D63 3728
_______________________________________________
templates mailing list
[EMAIL PROTECTED]
http://lists.template-toolkit.org/mailman/listinfo/templates
