urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add virus checking to attachments plugin

master
Joey Hess 2008-07-06 17:36:26 -04:00
parent 788c1e9eca
commit 2f3a279f68
6 changed files with 58 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
IkiWiki/Plugin/attachment.pm
View File

@ -333,6 +333,44 @@ sub match_mimetype ($$;@) { #{{{
} }
} #}}} } #}}}
sub match_virusfree ($$;@) { #{{{
shift;
my $wanted=shift;
my %params=@_;
if (! exists $params{file}) {
return IkiWiki::FailReason->new("no file specified");
}
if (! exists $IkiWiki::config{virus_checker} ||
! length $IkiWiki::config{virus_checker}) {
return IkiWiki::FailReason->new("no virus_checker configured");
}
# The file needs to be fed into the virus checker on stdin,
# because the file is not world-readable, and if clamdscan is
# used, clamd would fail to read it.
eval q{use IPC::Open2};
error($@) if $@;
open (IN, "<", $params{file}) || return IkiWiki::FailReason->new("failed to read file");
binmode(IN);
my $sigpipe=0;
$SIG{PIPE} = sub { $sigpipe=1 };
my $pid=open2(\*CHECKER_OUT, "<&IN", $IkiWiki::config{virus_checker});
my $reason=<CHECKER_OUT>;
chomp $reason;
1 while (<CHECKER_OUT>);
close(CHECKER_OUT);
waitpid $pid, 0;
$SIG{PIPE}="DEFAULT";
if ($sigpipe || $?) {
return IkiWiki::FailReason->new("file seems to contain a virus ($reason)");
}
else {
return IkiWiki::SuccessReason->new("file seems virusfree ($reason)");
}
} #}}}
sub match_ispage ($$;@) { #{{{ sub match_ispage ($$;@) { #{{{
my $filename=shift; my $filename=shift;

3
debian/changelog vendored
View File

@ -1,6 +1,9 @@
ikiwiki (2.52) UNRELEASED; urgency=low ikiwiki (2.52) UNRELEASED; urgency=low
* attachment: New plugin for uploading and managing attachments. * attachment: New plugin for uploading and managing attachments.
This includes a fairly powerful PageSpec based admin pref for deciding
whether to accept a given upload, and an attachment management interface
on the edit page.
(Sponsored by The TOVA Company.) (Sponsored by The TOVA Company.)
* If attachments are not enabled, configure CGI.pm to disable file * If attachments are not enabled, configure CGI.pm to disable file
uploads by default. (An anti-DOS measure.) uploads by default. (An anti-DOS measure.)

4
doc/ikiwiki.setup
View File

@ -195,4 +195,8 @@ use IkiWiki::Setup::Standard {
#amazon_s3_location => "EU", #amazon_s3_location => "EU",
# Uncomment if you need to store each index file twice. # Uncomment if you need to store each index file twice.
#amazon_s3_dupindex => 1, #amazon_s3_dupindex => 1,
# For use with the attachment plugin, a program that returns
# nonzero if its standard input contains an virus.
#virus_checker => "clamdscan -",
} }

10
doc/ikiwiki/pagespec/attachment.mdwn
View File

@ -8,10 +8,10 @@ attachments will be accepted, by entering a [[ikiwiki/PageSpec]] in the
"Allowed Attachments" field of their preferences page. "Allowed Attachments" field of their preferences page.
For example, to limit arbitrary files to 50 kilobytes, but allow For example, to limit arbitrary files to 50 kilobytes, but allow
larger mp3 files to be uploaded by joey, a something like this could be larger mp3 files to be uploaded by joey, and check all attachments for
used: virii, something like this could be used:
(user(joey) and *.mp3 and mimetype(audio/mpeg) and maxsize(15mb)) or (!ispage() and maxsize(50kb)) virusfree() and ((user(joey) and *.mp3 and mimetype(audio/mpeg) and maxsize(15mb)) or (!ispage() and maxsize(50kb)))
The regular [[ikiwiki/PageSpec]] syntax is expanded with thw following The regular [[ikiwiki/PageSpec]] syntax is expanded with thw following
additional tests: additional tests:
@ -50,3 +50,7 @@ additional tests:
This checks the MIME type of the attachment. You can include a glob This checks the MIME type of the attachment. You can include a glob
in the type, for example `mimetype(image/*)`. in the type, for example `mimetype(image/*)`.
* virusfree()
Checks the attachment with an antiviral program.

6
doc/plugins/attachment.mdwn
View File

@ -26,3 +26,9 @@ Attachments" field of the wiki admin's preferences page.
This plugin will use the [[cpan File::MimeInfo::Magic]] perl module, if This plugin will use the [[cpan File::MimeInfo::Magic]] perl module, if
available, for mimetype checking. available, for mimetype checking.
The `virusfree` [[PageSpec|ikiwiki/pagespec/attachment]] requires that
ikiwiki be configured with a virus scanner program via the `virus_checker`
option in the setup file. If using `clamav`, with `clamd`, set it to
"clamdscan -". Or to use clamav without the `clamd` daemon, you
could set it to "clamscan -".

6
doc/todo/attachments.mdwn
View File

@ -1,15 +1,9 @@
Stuff the [[plugins/attachment]] plugin is currently missing, that might be Stuff the [[plugins/attachment]] plugin is currently missing, that might be
nice to add: nice to add:
* Virus scanning.
* Add a progress bar for attachment uploads (needs AJAX stuff..) * Add a progress bar for attachment uploads (needs AJAX stuff..)
* Maybe optimise the "Insert Links" button with javascript, so, if * Maybe optimise the "Insert Links" button with javascript, so, if
javascript is available, the link is inserted at the current cursor javascript is available, the link is inserted at the current cursor
position in the page edit form, without actually reposting the form. position in the page edit form, without actually reposting the form.
(Falling back to the current reposting of the form if javascript is not (Falling back to the current reposting of the form if javascript is not
available of course.) available of course.)
* Set `$CGI::POST_MAX` to some sane value (ie, larger than the largest
configured `maxsize()` in the pagespec, or if none is configured,
something reasonable. Just as a belt-and-suspenders DOS prevention.
* Only allow attachments to be added to a given list of pages.
Maybe a pagespec like `parent(patches/*)`