* Add "last" parameter to hook function. Very basic ordering, and hopefully

[ikiwiki.git] / doc / security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index 5cc35b33866d31892b5c16f3ad932fa8770e27ce..723c01863ea9a3bc291464dec7553b6bc91c625a 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -6,6 +6,8 @@ security issues with this program than with cat(1). If, however, you let
 others edit pages in your wiki, then some possible security issues do need
 to be kept in mind.
 
 others edit pages in your wiki, then some possible security issues do need
 to be kept in mind.
 

+[[toc levels=2]]
+

 ----
 
 # Probable holes
 ----
 
 # Probable holes


@@ -156,6 +158,20 @@ allowed, so that's not a problem.)
 
 ----
 
 
 ----
 

+# Plugins
+
+The security of [[plugins]] depends on how well they're written and what
+external tools they use. The plugins included in ikiwiki are all held to
+the same standards as the rest of ikiwiki, but with that said, here are
+some security notes for them.
+
+* The [[plugins/img]] plugin assumes that imagemagick/perlmagick are secure
+  from malformed image attacks. Imagemagick has had security holes in the
+  past. To be able to exploit such a hole, a user would need to be able to
+  upload images to the wiki.
+
+----
+

 # Fixed holes
 
 _(Unless otherwise noted, these were discovered and immediately fixed by the
 # Fixed holes
 
 _(Unless otherwise noted, these were discovered and immediately fixed by the