ANN: GenshiMacro, LighterTheme
21 views
Skip to first unread message
Ethan Jucovy
Apr 2, 2012, 9:04:01 PM4/2/12
to trac-...@googlegroups.com
Hi,
I've uploaded two new plugins on Trac Hacks and Github.
GenshiMacro is a wiki macro that lets you write, and render, Genshi templates directly in wiki pages using a ``#!Genshi`` processor for blockquotes. These templates have access to the current request, which means you can check the user's authentication status, generate links using ``req.href``, and render form tokens for POST requests. The plugin's Trac Hacks page includes a complete example of how you might use it to render a custom "New Ticket" form on a wiki page.
LighterTheme is a theme plugin that skins Trac, slightly, for a "lighter" look-and-feel. It provides a narrower (940px) main content div; fewer dark lines in the top (mainnav and metanav) banner; bigger buttons (using CSS from Twitter Bootstrap); rounded corners on input fields; and the "Ubuntu" font used on Launchpad. Screenshots are available on the plugin's Trac Hacks page.
I'll make initial releases of both plugins to PyPI soon. Feedback and bug reports welcome!
Thanks,
Ethan
Leho Kraav
May 6, 2012, 3:30:05 AM5/6/12
to trac-...@googlegroups.com
On Tuesday, April 3, 2012 4:04:01 AM UTC+3, Ethan Jucovy wrote:
I've uploaded two new plugins on Trac Hacks and Github.GenshiMacro is a wiki macro that lets you write, and render, Genshi templates directly in wiki pages using a ``#!Genshi`` processor for blockquotes. These
LighterTheme is a theme plugin that skins Trac, slightly, for a "lighter" look-and-feel. It provides a narrower (940px) main content div; fewer dark lines in the
Awesome, clicked Watch on both. But also tell me more about your UserManagerPlugin fork, where are you trying to go with that? Have you got any dieas about http://trac.edgewall.org/ticket/2456 ?
Remy Blank
May 6, 2012, 5:13:29 AM5/6/12
to trac-...@googlegroups.com
Ethan Jucovy wrote:
> *GenshiMacro* is a wiki macro that lets you write, and render, Genshi
Genshi templates allow executing arbitrary Python code. So you basically
give users who can insert the macro anywhere (wiki page, ticket comment,
etc) permission to act as the user running Trac, including running run
any shell command.
{{{#!Genshi
<div>${open('/etc/apache2/htpasswd').read()}</div>
}}}
{{{#!Genshi
<?python
import os
os.system("rm /path/to/env/db/trac.db")
?>
}}}
So my advice is, only enable this macro on sites where you trust *all*
users who can edit *any* wiki text with the web server's account.
-- Remy
> *GenshiMacro* is a wiki macro that lets you write, and render, Genshi
> templates directly in wiki pages using a ``#!Genshi`` processor for
> blockquotes.
You ask about security on the project page, so here's my take on it.
> blockquotes.
Genshi templates allow executing arbitrary Python code. So you basically
give users who can insert the macro anywhere (wiki page, ticket comment,
etc) permission to act as the user running Trac, including running run
any shell command.
{{{#!Genshi
<div>${open('/etc/apache2/htpasswd').read()}</div>
}}}
{{{#!Genshi
<?python
import os
os.system("rm /path/to/env/db/trac.db")
?>
}}}
So my advice is, only enable this macro on sites where you trust *all*
users who can edit *any* wiki text with the web server's account.
-- Remy
Ethan Jucovy
Jun 14, 2012, 5:15:55 PM6/14/12
to trac-...@googlegroups.com, lkoog...@gmail.com
Sorry I didn't respond sooner, my day job swallowed me whole. I don't have any big plans for that UserManager fork -- basically just using it to collect UserManager patches that I need to run on my Trac sites. There were a few bigger-picture changes I was thinking of making to it, and/or patches I want to submit to AccountManager to make some UserManager things easier .. but first I need to remember what those were going to be :-P
Reply all
Reply to author
Forward
0 new messages