While experimenting with a tt2-enabled wiki, I discovered that
many plugins are much more insecure than TT2 itself. Since I do not want
to disinstall TT2, and since I was unable to set up an indipendent
installation, I started looking into the code.
I propose to replace the load subroutine in Plugin.pm with
sub load {
my ($plugin, $context) = @_;
my $name = $plugin;
$name =~ s/^Template::Plugin:://; # any better way?
my $use = $context->{CONFIG}->{USE};
if (ref($use) eq "ARRAY") {
$use=join ",", @$use;
}
if (defined($use) and ($use !~ /\b$name\b/)) {
return undef;
}
return $plugin;
}
in such a way I can use tt2 just as before, but if I write
$template=Template->new({USE => "DBI"});
I can only use the DBI plugin.
Maybe on should think to a "NOUSE" for enabling all plugins except
someones.
--
Franco Bagnoli (franchino) <[EMAIL PROTECTED]> ([EMAIL PROTECTED])
virtual location: Dipartimento di Energetica "S. Stecco"
real location: Dip. Matematica Applicata "G. Sansone", Universita' Firenze,
Via S. Marta, 3 I-50139 Firenze, Italy. Tel. +39 0554796422, fax: +39 055471787
GPG Key fingerprint = 169D 9EA5 8FD3 7EDA E43A 9830 255F BCEC 0D63 3728
_______________________________________________
templates mailing list
[EMAIL PROTECTED]
http://lists.template-toolkit.org/mailman/listinfo/templates
