Hi Andy/Guys,
I've attached a diff of a patch that does the following:
1) Allows plugins to be completely disabled, and allow the admin to explicitly
define which plugins are allowed.
Just add the following to your config with this patch:
IGNORE_PLUGIN_BASE => 1, # disable checking for plugin in Template/Plugin/
IGNORE_STD_PLUGINS => 1, # don't use standard plugins in Plugins.pm
(Make sure LOAD_PERL doesn't exist, or is set to 0.)
Then you just define a PLUGINS key in the configuration hash like so:
PLUGINS => {
'pageset' => 'Template::Plugin::Pageset',
},
2) Allows the user to specify that the keys in PLUGINS => {} are all lowercase,
so that the user can specify any case when doing a [% USE PageSet %].
Just add the following to the config:
PLUGINS_USE_LOWERCASE => 1,
The attachment contains both the normal diff, and the '-u' human readable diff.
Also, it's based off of 2.14.
Feel free to criticize or comment, as it'd be nice to get this into the offical
distribution so I don't have to change things myself each time.
Also, I never did hear back about the security issue related to relative paths
I mentioned back in January.
http://www.template-toolkit.org/pipermail/templates/2005-January/007141.html
http://www.template-toolkit.org/pipermail/templates/2005-January/007160.html
So any comments on that would be good, as I'd like to see a patch for that in
the standard distribution as well. (So I don't have to do it myself anymore.) :)
Thanks,
-- Josh
[EMAIL PROTECTED] 3]# diff -u Plugins.pm ../Plugins.pm
--- Plugins.pm 2004-10-04 04:27:39.000000000 -0600
+++ ../Plugins.pm 2005-08-02 18:18:15.000000000 -0600
@@ -153,9 +153,11 @@
push(@$pbase, 'Template::Plugin');
$self->{ PLUGIN_BASE } = $pbase;
- $self->{ PLUGINS } = { %$STD_PLUGINS, %$plugins };
+ $self->{ PLUGINS } = { ($params->{ IGNORE_STD_PLUGINS } ? () :
%$STD_PLUGINS ), %$plugins };
$self->{ TOLERANT } = $params->{ TOLERANT } || 0;
$self->{ LOAD_PERL } = $params->{ LOAD_PERL } || 0;
+ $self->{ PLUGINS_USE_LOWERCASE } = $params->{ PLUGINS_USE_LOWERCASE } || 0;
+ $self->{ IGNORE_PLUGIN_BASE } = $params->{ IGNORE_PLUGIN_BASE } || 0;
$self->{ FACTORY } = $factory || { };
$self->{ DEBUG } = ( $params->{ DEBUG } || 0 )
& Template::Constants::DEBUG_PLUGINS;
@@ -177,7 +179,7 @@
my ($self, $name, $context) = @_;
my ($factory, $module, $base, $pkg, $file, $ok, $error);
- if ($module = $self->{ PLUGINS }->{ $name }) {
+ if ($module = $self->{ PLUGINS }->{ ($self->{ PLUGINS_USE_LOWERCASE } ?
lc($name) : $name) } ) {
# plugin module name is explicitly stated in PLUGIN_NAME
$pkg = $module;
($file = $module) =~ s|::|/|g;
@@ -187,7 +189,7 @@
$ok = eval { require "$file.pm" };
$error = $@;
}
- else {
+ elsif(!$self->{IGNORE_PLUGIN_BASE}) {
# try each of the PLUGIN_BASE values to build module name
($module = $name) =~ s/\./::/g;
@@ -263,7 +265,7 @@
my $format = " %-16s => %s\n";
my $key;
- foreach $key (qw( TOLERANT LOAD_PERL )) {
+ foreach $key (qw( TOLERANT LOAD_PERL IGNORE_PLUGIN_BASE
PLUGINS_USE_LOWERCASE)) {
$output .= sprintf($format, $key, $self->{ $key });
}
--------------------------------------------------------
[EMAIL PROTECTED] 3]# diff Plugins.pm ../Plugins.pm
156c156
< $self->{ PLUGINS } = { %$STD_PLUGINS, %$plugins };
---
> $self->{ PLUGINS } = { ($params->{ IGNORE_STD_PLUGINS } ? () :
> %$STD_PLUGINS ), %$plugins };
158a159,160
> $self->{ PLUGINS_USE_LOWERCASE } = $params->{ PLUGINS_USE_LOWERCASE } ||
> 0;
> $self->{ IGNORE_PLUGIN_BASE } = $params->{ IGNORE_PLUGIN_BASE } || 0;
180c182
< if ($module = $self->{ PLUGINS }->{ $name }) {
---
> if ($module = $self->{ PLUGINS }->{ ($self->{ PLUGINS_USE_LOWERCASE } ?
> lc($name) : $name) } ) {
190c192
< else {
---
> elsif(!$self->{IGNORE_PLUGIN_BASE}) {
266c268
< foreach $key (qw( TOLERANT LOAD_PERL )) {
---
> foreach $key (qw( TOLERANT LOAD_PERL IGNORE_PLUGIN_BASE
> PLUGINS_USE_LOWERCASE)) {
