Mercurial > moin > 1.9
annotate MoinMoin/multiconfig.py @ 5910:7e7e1cbb9d3f
security: fix remote code execution vulnerability in twikidraw/anywikidraw actions
We have wikiutil.taintfilename() to make user supplied filenames safe,
so that they can't contain any "special" characters like path separators, etc.
It is used at many places in moin, but wasn't used here. :
author  Thomas Waldmann <tw AT waldmannedv DOT de> 

date  Sat, 29 Dec 2012 15:05:29 +0100 
parents  4d1d491c3631 
children 
rev  line source 

1057
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

1 """ This is just a dummy file to overwrite MoinMoin/multiconfig.py(c) from a 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

2 previous moin installation. 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

3 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

4 The file moved to MoinMoin/config/multiconfig.py and you have to fix your 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

5 imports as shown below. 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

6 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

7 Alternatively, you can temporarily set show_configuration_error = False, 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

8 so some compatibility code will get activated. 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

9 But this compatibility code will get removed soon, so you really should 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

10 update your config as soon as possible. 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

11 """ 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

12 show_configuration_error = True 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

13 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

14 if show_configuration_error: 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

15 from MoinMoin.error import ConfigurationError 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

16 raise ConfigurationError("""\ 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

17 Please edit your wikiconfig/farmconfig and fix your DefaultConfig import:\r\n 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

18 \r\n 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

19 Old: from MoinMoin.multiconfig import DefaultConfig\r\n 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

20 New: from MoinMoin.config.multiconfig import DefaultConfig\r\n 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

21 \r\n 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

22 If you can't do that, but if you can change the MoinMoin code, see the file 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

23 MoinMoin/multiconfig.py for an alternative, but temporary workaround. 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

24 """) 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

25 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

26 else: 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

27 from MoinMoin.config.multiconfig import * 
4d1d491c3631
make multiconfig migration more obvious and provide a temporary solution if someone can't edit the wikiconfig/farmconfig immediately
Thomas Waldmann <tw AT waldmannedv DOT de>
parents:
diff
changeset

28 