2008-07-01 04:58:33 +02:00
|
|
|
[[template id=plugin name=conditional core=1 author="[[Joey]]"]]
|
|
|
|
|
[[tag type/useful]]
|
|
|
|
|
|
|
|
|
|
This plugin allows files to be uploaded to the wiki over the web.
|
|
|
|
|
|
|
|
|
|
For each page `foo`, files in the subdirectory `foo/` are treated as
|
|
|
|
|
attachments of that page. Attachments can be uploaded and managed as
|
|
|
|
|
part of the interface for editing a page.
|
|
|
|
|
|
|
|
|
|
Warning: Do not enable this plugin on publically editable wikis, unless you
|
|
|
|
|
take care to lock down the types and sizes of files that can be uploaded.
|
|
|
|
|
Bear in mind that if you let anyone upload a particular kind of file
|
|
|
|
|
("*.mp3" files, say), then someone can abuse your wiki in at least three ways:
|
|
|
|
|
|
|
|
|
|
1. By uploading many mp3 files, wasting your disk space.
|
|
|
|
|
2. By uploading mp3 files that attempt to exploit security holes
|
|
|
|
|
in web browsers or other players.
|
|
|
|
|
3. By uploading files that claim to be mp3 files, but are really some
|
|
|
|
|
other kind of file. Some web browsers may display a `foo.mp3` that
|
|
|
|
|
contains html as a web page; including running any malicious javascript
|
|
|
|
|
embedded in that page.
|
|
|
|
|
|
|
|
|
|
To provide a way to combat these abuses, the wiki admin can specify a
|
|
|
|
|
[[ikiwiki/PageSpec]] on their preferences page, to control what types of
|
2008-07-02 22:33:35 +02:00
|
|
|
attachments can be uploaded, and by whom. The regular [[ikiwiki/PageSpec]]
|
|
|
|
|
syntax is expanded with additional tests.
|
2008-07-01 04:58:33 +02:00
|
|
|
|
2008-07-02 22:33:35 +02:00
|
|
|
For example, to limit arbitrary files to 50 kilobytes, but allow
|
|
|
|
|
larger mp3 files to be uploaded by joey, a test like this could be
|
|
|
|
|
used:
|
2008-07-01 04:58:33 +02:00
|
|
|
|
2008-07-02 23:30:00 +02:00
|
|
|
(user(joey) and *.mp3 and mimetype(audio/mpeg) and maxsize(15mb)) or (!ispage() and maxsize(50kb))
|
2008-07-01 04:58:33 +02:00
|
|
|
|
|
|
|
|
The following additional tests are available:
|
|
|
|
|
|
|
|
|
|
* maxsize(size)
|
|
|
|
|
|
|
|
|
|
Tests whether the attachment is no larger than the specified size.
|
|
|
|
|
The size defaults to being in bytes, but "kb", "mb", "gb" etc can be
|
|
|
|
|
used to specify the units.
|
|
|
|
|
|
|
|
|
|
* minsize(size)
|
|
|
|
|
|
|
|
|
|
Tests whether the attachment is no smaller than the specified size.
|
2008-07-01 05:17:01 +02:00
|
|
|
|
|
|
|
|
* ispage()
|
|
|
|
|
|
|
|
|
|
Tests whether the attachment will be treated by ikiwiki as a wiki page.
|
|
|
|
|
(Ie, if it has an extension of ".mdwn", or of any other enabled page
|
|
|
|
|
format).
|
|
|
|
|
|
|
|
|
|
So, if you don't want to allow wiki pages to be uploaded as attachments,
|
|
|
|
|
use `!ispage()` ; if you only want to allow wiki pages to be uploaded
|
|
|
|
|
as attachments, use `ispage()`.
|
2008-07-02 22:33:35 +02:00
|
|
|
|
|
|
|
|
* user(username)
|
|
|
|
|
|
|
|
|
|
Tests whether the attachment is being uploaded by a user with the
|
|
|
|
|
specified username. If openid is enabled, an openid can also be put here.
|
|
|
|
|
|
|
|
|
|
* ip(address)
|
|
|
|
|
|
|
|
|
|
Tests whether the attacment is being uploaded from the specified IP
|
|
|
|
|
address.
|
2008-07-02 23:30:00 +02:00
|
|
|
|
|
|
|
|
* mimetype(foo/bar)
|
|
|
|
|
|
|
|
|
|
If the [[cpan File::MimeInfo::Magic]] perl module is installed, this
|
|
|
|
|
allows checking the mime type of the attachment. You can include a glob
|
|
|
|
|
in the type, for example `mimetype(image/*)`.
|
