diff MoinMoin/config/multiconfig.py @ 5821:99e2309a7ec0

xslt/4suite insecurity hint, always keep allow_xslt = False
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 24 Jan 2012 17:04:29 +0100
parents d0599106e17a
children 8b3c4b85921b
line wrap: on
line diff
--- a/MoinMoin/config/multiconfig.py	Thu Jan 19 16:21:14 2012 +0100
+++ b/MoinMoin/config/multiconfig.py	Tue Jan 24 17:04:29 2012 +0100
@@ -787,7 +787,7 @@
      "Exclude unwanted actions (list of strings)"),
     ('allow_xslt', False,
-     "if True, enables XSLT processing via 4Suite (note that this enables anyone with enough know-how to insert '''arbitrary HTML''' into your wiki, which is why it defaults to `False`)"),
+        "if True, enables XSLT processing via 4Suite (Note that this is DANGEROUS. It enables anyone who can edit the wiki to get '''read/write access to your filesystem as the moin process uid/gid''' and to insert '''arbitrary HTML''' into your wiki pages, which is why this setting defaults to `False` (XSLT disabled). Do not set it to other values, except if you know what you do and if you have very trusted editors only)."),
     ('password_checker', DefaultExpression('_default_password_checker'),
      'checks whether a password is acceptable (default check is length >= 6, at least 4 different chars, no keyboard sequence, not username used somehow (you can switch this off by using `None`)'),