renamed plugin disable commands in trac.ini [components] silently fail, a security issue

[anonymous]

On upgrading to trac 0.11, I found I had to rename:

   webadmin.plugin.pluginadminpage=disabled

to

trac.admin.web_ui.PluginAdminPanel=disabled

The problem here is that I found this by noticing that trac 0.11 was allowing uploads.

There was no complaint about the old disabled line not being relevant any more, and no upgrade documentation to warn that if we locked things down in webadmin we now need to rename the lines in the config file.

I think the lack of warning (in code or in documentation) is a security risk to people upgrading.

[anonymous]

ccc

[cboos]

Well, hm, I think it's a bit late to bother with upgrades from WebAdmin, but if someone contributes a patch, why not.

[rblank]

I have been tempted several times to just close this as wontfix. It's the site admin's job to check the site thoroughly after an upgrade, after all. At most, add a warning to the upgrade instructions for 0.11.