download plain text

[Lucas]

the download in the plain text format allows the entire view, also the protected text. This is bad.

[miau]

The diff view shows protected text, too.

[miau]

I wrote the patch to fix the problem.

It require WIKI_MODIFY permission to download the plain text or to show diff.

[anonymous]

I'm sorry for including some debugging codes. When you patch the file, remove those.

[frayja]

Please correct me if I'm wrong here but...

You don't seem to search the content of the wiki page for the #!protected pattern. So this patch will effectively prohibit viewing the diff of -any- wiki page unless you have the WIKI_MODIFY permission.

Currently the WIKI_VIEW permission handles this behavior. Although I agree that a separate permission for viewing diffs would have been more appropriate. This, however, should be provided by trac since they also provide the WIKI_VIEW and WIKI_MODIFY permissions.

It is a good approach though. Could you modify the patch a bit to search for the different #!protected patterns and apply the associated PROTECTED_VIEW permission? This should keep the ProtectedMacro from interfering to much with the 'core' trac workings.

(I'll try to do it myself in the near future if I can find the time)

[frayja]

This is now implemented using the mechanism supplied by miau (thanks!) and the strategy described in my previous reply.

[miau]

Thank you for implementing! But the format must be checked since the action will be "view" when you download a plain text. I'll attach a patch that fix the problem.

[anonymous]

Finally took the time (well it was only a few minutes) to apply the supplied patch.