 | trac-GenshiMacroWrite Genshi templates in Trac wiki pages |
| Download | |
trac-GenshiMacro Ranking & Summary
Advertisement
trac-GenshiMacro Tags
trac-GenshiMacro Description
trac-GenshiMacro is a Trac plugin that allows you to write and render Genshi templates directly in wiki pages with a new Genshi processor.Your templates will have access to the request as req, which can be useful for tasks like URL generation, rendering form tokens for POST requests, and checking for a logged-in user.Note: no security considerations whatsoever went into the making of this plugin. It might be a terrible idea. Trac core dev Remy Blank said: > Genshi templates allow executing arbitrary Python code. So you basically > give users who can insert the macro anywhere (wiki page, ticket comment, > etc) permission to act as the user running Trac, including running run > any shell command. >{{{#!Genshi< div >${open('/etc/apache2/htpasswd').read()}< /div >}}}{{{#!Genshi< ?python import os os.system("rm /path/to/env/db/trac.db")? >}}} > > So my advice is, only enable this macro on sites where you trust *all* > users who can edit *any* wiki text with the web server's account.Configuration and UsageTo use the plugin, install it in your Trac environment and enable its components in trac.ini:genshimacro.* = enabledYou can then write Genshi templates directly in wiki pages like so:{{{#!Genshi< div xmlns:py="http://genshi.edgewall.org/" > < py:choose > < py:when test="req.session.authenticated" > < form method="POST" action="${req.href.newticket()}" > < input type="text" name="field_summary" placeholder="My new ticket" id="field-summary" / > < input type="hidden" name="__FORM_TOKEN" value="${req.form_token}" / > < input type="submit" / > < /form > < /py:when > < py:otherwise > < b >To file a new ticket, you'll need to < a href="${req.href.login()}" >log in< /a > or < a href="${req.href.register()}" >create an account< /a > first.< /b > < /py:otherwise > < /py:choose >< /div >}}}Product's homepage
trac-GenshiMacro Related Software