r3 - 2006-03-02 - 14:42:42 - SteveKosteckeYou are here: NTP >  TWiki Web > NatSkinPlugin
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p13 was released on 07 March 2019. It addresses 1 medium-severity security issue in ntpd, and provides 17 non-security bugfixes and 1 other improvements over 4.2.8p12.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

Welcome to the NatSkinPlugin

This is the supplemental plugin for the NatSkin. This plugin is inspired by the TWiki:Plugins/GnuSkin by TWiki:Main/JoachimNilsson and the TWiki:Plugins/PhotonSkin by TWiki:Main/EstebanManchado (PhotonSearch) renamed to natsearch . This plugin tries to be maximal compatible with all past, current and upcomming TWiki releases, namely beijing, cairo and dakar. Therefore some mechanisms have been internalized that are only available on the newest dakar engine, sandbox security and html login dialogues comparable to TWiki:Plugins/AuthPagePlugin. In addition the plugin tries to be interface-compatible to all engines using the Func.pm API. In those cases where this is not possible, because needed functions are not part of the Func.pm API, access functions have been added to address the different implementations and incompatibilities (e.g. access to topic meta data).

Current Features

  • Sandbox security: backport of the dakar sandbox
  • Login page: independent implementation of a login page (see ) for maximal compatibility with old TWiki releases
  • WebSideBar: a configurable navigation bar on the left hand side, with topic content on the right;
  • MySideBar: every user can extend the sidebar with a personalized navigation
  • NatSearch: a search+go box that combines advanced search with the GO feature of twiki
  • Conditional content:
    • USERACTIONS: display topic actions depending on the user being logged in or not
    • IFSKINSTYLE: render different content depending on the current NatSkin style
    • IFRELEASE: render different if the NatSkinPlugin is installed on a beijing, cairo or dakar TWiki engine
    • IFACCESS: render different content or include topics depending on access rights
  • GROUPSUMMARY: render TWikiGroups nicely
  • Group based subsription: generate an automated email notification if a new TWiki user want's to join a TWiki Group
  • email address obfuscation: all email addresses in topic texts are obfuscated by the use of dynamic html; so mailto links are still clickable while the pure html text does not allow to extract the addresses by respective web crawlers.
  • skin style control: add infrastructure to get, set and display the skin style that is currently active.

Syntax Rules

Tag Desciption
%WEBSIDEBAR% displays the left navigation menu using WebSideBar and TWikiSideBar topic
%MYSIDEBAR% display a personalized WebSideBar for the user currently logged in
%WEBLINK{web="..." name="..."}% display a link to a WebHome with the given name and add the SITEMAPUSEDTO description to to the hover balloon
%NATLOGON% displays Logon|Register for TWikiGuest, and TWikiGuest|Logout otherewise
%USERACTIONS% display Edit|Attach|Move|Raw|Diffs|More when logged in and an empty string for TWikiGuest
%GROUPSUMMARY% display list of group members in a TWikiGroups nicely by extracting the GROUP and ALLOWTOPICCHANGE variables of a group topic and adds links "Contact all members" and "Contact all maintainters"; by definition maintainers of a group are those listed in the ALLOWTOPICCHANGE variable of the group topic
%ALLUSERS% display a list of all registered users generated from the TWikiUsers topic; this is usefull for specific access configurations on beijing and cairo engines (obsolete on dakar)
%SETSKINSTYLE{"&ltname>"}% set the skin to <name> for the current topic
%GETSKINSTYLE% get the current skin style; the priority is (1) urlparam style=<name>, (2) topic style set via %SETSKINSTYLE{}%,   (3) value of the session variable =NATSKIN_STYLE and (4) preference value SKINSTYLE set in (a) the user preferences (b) the WebPreferences or (c) TWikiPreferences
%IFSKINSTYLE{"<name>" then="..." else="..."}% conditionally returns content depending on the active skin style (example usage: configure different sets of WEBCOLORS for each skin)
%SKINSTYLEBROWSER% displays a selection form to actiate a skin style attached to the NatSkin style; attach <name>Style.css to the NatSkin topic to make the style <name> available to the NatSkin style control
=%WIKIRELEASENAME% returns "beijing", "cairo" or "dakar" depending on the TWiki engine this plugin is installed on; shorthand for %IFRELEASE{beijing="beijing" cairo="cairo" dakar="dakar"}%
%IFRELEASE{beijing="..." notbejing="..." cairo="..." notcairo="..." dakar="..." notdakar="..."}% conditionally display content depending on the Twiki engine this plugin is installed on
%IFACCESS{"<topic>" action="" then="..." else="..." mode="" [then_]args="..." else_args="..."}% display content in then or else argument depending on the access rights of the current user to the topic <topic>;   =action can be view, change or rename specifying the requested access mode; mode can be text or include where text conditionally renders the text in the then and else arguments and text includes the topic in then or else; if then is not specified in include mode then <topic> is included if access is granted; example: %IFACCESS{"AdminSideBar" mode="include"}% includes the AdminSideBar if the current user has view access to this topic
%NATREVISIONS% substitute for the %REVISIONS% tag which only works on the PatternSkin (todo: fix REVISIONS)
%NATMAXREV% substitute for %MAXREV% which differes on beijing, cairo and dakar
%PREVREV% returns the previous topic revision taking NumberOfRevisions into account
%CURREV% returns the current topic revision (compatible among all TWiki engines)

About NatSearch

This is a cgi-script that is heavily based on the PhotonSearch of the TWiki:Plugins/PhotonSkin. So natsearch is basically a fork of that including fixes to similar security flaws that hit the WebSearch those days also. Here's the list of differences:

  • replaced the a flag with g to indicate global search
  • obey the NOSEARCHALL flag for global search
  • remember the original search string and insert it back into the input field
  • added perl's use strict and fixed all warnings
  • fixed several mod-perl issues
  • add friendly message when nothing's been found
  • use noSpamPadding to obfuscate email addresses
  • light weighted google-like hit colorization

Please see the TWiki:Plugins/PhotonSkin for an explanation of the possible search parameters (TODO: maby move that stuff in here).

About the WebSideBar

The WebSideBar is used to generate a navigation appearing left to the current topic. Each web in your NTP might optionaly have a separate WebSideBar. The default TWikiSideBar can be used to add a default section common to all WebSideBars. If the WebSideBar isn't defined the default WebSideBar in the TWiki web is used. Each user might define a WebSideBar called %WIKINAME%WebSideBar that is appended to the WebSideBar. The RedDotPlugin is used to make customizing the WebSideBar easier appended to the different parts that make up the complete sidebar. These are hidden if you don't have write access to the respective topic fragments.

About Logon & Logout

LOGONTOPIC

Plugin Settings

Below are the settings which affect the behavior of the NatSkin.

  • Set SHORTDESCRIPTION = Supplements the bare bones NatSkin theme for TWiki

  • Set DEBUG = 0

  • A configurable left hand navigation bar - the contents can be set in an editable WebSideBar topic - one for the NTP web and optionally one for other webs.

Plugin Installation Instructions

  • If you are installing on a beijing or cairo TWiki release then get the SessionPlugin and install it
  • Download the ZIP file from the Plugin web (see below)
  • Unzip NatSkinPlugin.zip in your twiki installation directory. Content:
    File: Description:
    bin/natlogon logon cgi script
    bin/natsearch search cgi script
    data/TWiki/NatSkinPlugin.txt plugin topic
    data/TWiki/MySideBar.txt plugin to customize a personalized sidebar
    data/TWiki/MySideBarTemplate.txt topic template for MySideBar
    lib/TWiki/Plugins/NatSkinPlugin.pm main module
    lib/TWiki/Plugins/NatSkinPlugin/Sandbox.pm security module
    lib/TWiki/Plugins/NatSkinPlugin/Search.pm NatSearch module
    lib/TWiki/Plugins/NatSkinPlugin/Auth.pm authentication module

Plugin Info

Plugin Author: TWiki:Main/MichaelDaum
Plugin Version: 2005-08-26
Change History:  
26 Aug 2005: new NatSkin-2.0 release
28 Apr 2005: pre-release to fix installation on TWiki/Cairo
16 Mar 2005: Initial version
TWiki Dependency: $TWiki::Plugins::VERSION 1.024
CPAN Dependencies: none
Other Dependencies: SessionPlugin, RedDotPlugin
Perl Version: >=5.6
License: GPL (GNU General Public License)
TWiki:Plugins/Benchmark: TWiki:TWiki/GoodStyle nn%, TWiki:TWiki/FormattedSearch nn%, NatSkinPlugin nn%
Plugin Home: http://nats-www.informatik.uni-hamburg.de/TWiki/NatSkinPlugin
Feedback: http://nats-www.informatik.uni-hamburg.de/TWiki/NatSkinDev
Appraisal: http://TWiki.org/cgi-bin/view/Plugins/NatSkinPluginAppraisal

Related Topics: TWiki:Plugins/NatSkinPlugin, TWiki:Plugins/NatSkin

-- TWiki:Main.MichaelDaum - 26 Aug 2005

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r3 < r2 < r1 | More topic actions
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding NTP? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.NatSkinPlugin