35 lines
1.6 KiB
Markdown
35 lines
1.6 KiB
Markdown
[[!template id=plugin name=attachment core=0 author="[[Joey]]"]]
|
|
[[!tag type/useful]]
|
|
|
|
This plugin allows files to be uploaded to the wiki over the web.
|
|
|
|
For each page `foo`, files in the subdirectory `foo/` are treated as
|
|
attachments of that page. Attachments can be uploaded and managed as
|
|
part of the interface for editing a page.
|
|
|
|
Warning: Do not enable this plugin on publically editable wikis, unless you
|
|
take care to lock down the types and sizes of files that can be uploaded.
|
|
Bear in mind that if you let anyone upload a particular kind of file
|
|
("*.mp3" files, say), then someone can abuse your wiki in at least three ways:
|
|
|
|
1. By uploading many mp3 files, wasting your disk space.
|
|
2. By uploading mp3 files that attempt to exploit security holes
|
|
in web browsers or other players.
|
|
3. By uploading files that claim to be mp3 files, but are really some
|
|
other kind of file. Some web browsers may display a `foo.mp3` that
|
|
contains html as a web page; including running any malicious javascript
|
|
embedded in that page.
|
|
|
|
If you enable this plugin, be sure to lock it down, via the
|
|
`allowed_attachments` setup file option. This is a special
|
|
[[enhanced_PageSpec|ikiwiki/pagespec/attachment]].
|
|
|
|
This plugin will use the [[!cpan File::MimeInfo::Magic]] perl module, if
|
|
available, for mimetype checking.
|
|
|
|
The `virusfree` [[PageSpec|ikiwiki/pagespec/attachment]] requires that
|
|
ikiwiki be configured with a virus scanner program via the `virus_checker`
|
|
option in the setup file. If using `clamav`, with `clamd`, set it to
|
|
"clamdscan -". Or to use clamav without the `clamd` daemon, you
|
|
could set it to "clamscan -".
|