Giving config page more access (#279)

* Giving a plugin's config page more control
* Adding utils to base

This potentially opens some risk to malicious plugins but really a
plugin would already have this capability given that it can run
arbitrary Python code.
selenium-screenshot-testing
Kevin Chung 2017-06-14 13:57:46 -04:00 committed by GitHub
parent 7bdfbfdd7f
commit ae45493e6e
2 changed files with 2 additions and 1 deletions

View File

@ -42,7 +42,7 @@ def admin_plugin_config(plugin):
if request.method == 'GET': if request.method == 'GET':
if plugin in utils.get_configurable_plugins(): if plugin in utils.get_configurable_plugins():
config = open(os.path.join(app.root_path, 'plugins', plugin, 'config.html')).read() config = open(os.path.join(app.root_path, 'plugins', plugin, 'config.html')).read()
return render_template('admin/page.html', content=config) return render_template_string(config)
abort(404) abort(404)
elif request.method == 'POST': elif request.method == 'POST':
for k, v in request.form.items(): for k, v in request.form.items():

View File

@ -78,6 +78,7 @@
<script src="{{ request.script_root }}/static/admin/js/vendor/marked.min.js"></script> <script src="{{ request.script_root }}/static/admin/js/vendor/marked.min.js"></script>
<script src="{{ request.script_root }}/static/admin/js/vendor/bootstrap.min.js"></script> <script src="{{ request.script_root }}/static/admin/js/vendor/bootstrap.min.js"></script>
<script src="{{ request.script_root }}/static/admin/js/main.js"></script> <script src="{{ request.script_root }}/static/admin/js/main.js"></script>
<script src="{{ request.script_root }}/static/admin/js/utils.js"></script>
{% block scripts %} {% endblock %} {% block scripts %} {% endblock %}
</body> </body>