-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
* Franco Bagnoli <franco.bagnoli at unifi.it> [2003-05-30 09:50]:
> While experimenting with a tt2-enabled wiki, I discovered that many
> plugins are much more insecure than TT2 itself. Since I do not want to
> disinstall TT2, and since I was unable to set up an indipendent
> installation, I started looking into the code.
>
> I propose to replace the load subroutine in Plugin.pm with
You can modify Template::Plugins to only "know about" the plugins you
want to support:
use Template::Plugins;
foreach my $bad (@untrustworthy_plugins) {
delete $Template::Plugins::STD_PLUGINS->{$bad};
}
And then those deleted plugins can't be loaded from USE (be sure that
LOAD_PERL is not set, of course, and that PLUGIN_BASE is explicitly
unset).
If you're really paranoid, you can simply:
%$Template::Plugins::STD_PLUGINS = ();
Bye bye, plugins!
(darren)
- --
Time is an illusion, lunchtime doubly so.
-- Ford Prefect
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: This message is digitally signed and can be verified for authenticity.
iD8DBQE+12jNzsinjrVhZaoRA8TYAJ9JKEswajsYvTkTiNyk9QOE+ieRtACfTsDE
cYd6pL68i+2Sk4PaDiQvbMg=
=2pox
-----END PGP SIGNATURE-----
_______________________________________________
templates mailing list
[EMAIL PROTECTED]
http://lists.template-toolkit.org/mailman/listinfo/templates
