X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/4a4c0b626874e9c5db38a54c678689805f790d74..3e593eb9c0edd3f5cce7381ca145c0889441d719:/doc/security.mdwn?ds=sidebyside

diff --git a/doc/security.mdwn b/doc/security.mdwn
index 5cc35b338..723c01863 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -6,6 +6,8 @@ security issues with this program than with cat(1). If, however, you let
 others edit pages in your wiki, then some possible security issues do need
 to be kept in mind.
 
+[[toc levels=2]]
+
 ----
 
 # Probable holes
@@ -156,6 +158,20 @@ allowed, so that's not a problem.)
 
 ----
 
+# Plugins
+
+The security of [[plugins]] depends on how well they're written and what
+external tools they use. The plugins included in ikiwiki are all held to
+the same standards as the rest of ikiwiki, but with that said, here are
+some security notes for them.
+
+* The [[plugins/img]] plugin assumes that imagemagick/perlmagick are secure
+  from malformed image attacks. Imagemagick has had security holes in the
+  past. To be able to exploit such a hole, a user would need to be able to
+  upload images to the wiki.
+
+----
+
 # Fixed holes
 
 _(Unless otherwise noted, these were discovered and immediately fixed by the