Merge branch 'tova'

3 files changed, 85 insertions, 0 deletions

diff --git a/doc/plugins/attachment.mdwn b/doc/plugins/attachment.mdwn
new file mode 100644
index 000000000..184f5b5df
--- /dev/null
+++ b/doc/plugins/attachment.mdwn
@@ -0,0 +1,64 @@
+[[template id=plugin name=conditional core=1 author="[[Joey]]"]]
+[[tag type/useful]]
+
+This plugin allows files to be uploaded to the wiki over the web.
+
+For each page `foo`, files in the subdirectory `foo/` are treated as
+attachments of that page. Attachments can be uploaded and managed as
+part of the interface for editing a page.
+
+Warning: Do not enable this plugin on publically editable wikis, unless you
+take care to lock down the types and sizes of files that can be uploaded.
+Bear in mind that if you let anyone upload a particular kind of file
+("*.mp3" files, say), then someone can abuse your wiki in at least three ways:
+
+1. By uploading many mp3 files, wasting your disk space.
+2. By uploading mp3 files that attempt to exploit security holes
+   in web browsers or other players.
+3. By uploading files that claim to be mp3 files, but are really some 
+   other kind of file. Some web browsers may display a `foo.mp3` that
+   contains html as a web page; including running any malicious javascript
+   embedded in that page.
+
+To provide a way to combat these abuses, the wiki admin can specify a
+[[ikiwiki/PageSpec]] on their preferences page, to control what types of
+attachments can be uploaded, and by whom. The regular [[ikiwiki/PageSpec]]
+syntax is expanded with additional tests.
+
+For example, to limit arbitrary files to 50 kilobytes, but allow
+larger mp3 files to be uploaded by joey, a test like this could be
+used:
+  
+	(user(joey) and *.mp3 and maxsize(15mb)) or (!ispage() and maxsize(50kb))
+
+The following additional tests are available:
+
+* maxsize(size)
+
+  Tests whether the attachment is no larger than the specified size.
+  The size defaults to being in bytes, but "kb", "mb", "gb" etc can be
+  used to specify the units.
+  
+* minsize(size)
+
+  Tests whether the attachment is no smaller than the specified size.
+
+* ispage()
+
+  Tests whether the attachment will be treated by ikiwiki as a wiki page.
+  (Ie, if it has an extension of ".mdwn", or of any other enabled page
+  format).
+
+  So, if you don't want to allow wiki pages to be uploaded as attachments,
+  use `!ispage()` ; if you only want to allow wiki pages to be uploaded
+  as attachments, use `ispage()`.
+
+* user(username)
+
+  Tests whether the attachment is being uploaded by a user with the
+  specified username. If openid is enabled, an openid can also be put here.
+
+* ip(address)
+
+  Tests whether the attacment is being uploaded from the specified IP
+  address.
diff --git a/doc/plugins/contrib/attach/discussion.mdwn b/doc/plugins/contrib/attach/discussion.mdwn
new file mode 100644
index 000000000..803b7dcdb
--- /dev/null
+++ b/doc/plugins/contrib/attach/discussion.mdwn
@@ -0,0 +1,18 @@
+I found this posted to todo list, moved here: --[[Joey]]
+
+> First pass at an attachments plugin. See [[plugins/contrib/attach]] for
+> details/docs. Here's the [diff](http://pastebin.com/f4d889b65), and
+> here's some [technical notes](http://pastebin.com/f584b9d9d). There are
+> still various things I want to fix and tweak, but it works reasonably for
+> me as is.
+
+I guess I missed this when the plugin page was posted last September, and
+since the [[soc]] stuff wasn't updated, I didn't realize this was Ben's soc
+work. Which is more or less why I didn't look at it.
+
+This plugin would need quite a lot of work to finish up, I do think it was
+taking the right approach, sorry I never followed up on it.
+
+In the meantime, I've written an attachment plugin that does most of the
+same stuff, and behaves closer to how I originally sketched [[todo/fileupload]]
+as working.
diff --git a/doc/plugins/toggle.mdwn b/doc/plugins/toggle.mdwn
index cb76d0b7b..b33575824 100644
--- a/doc/plugins/toggle.mdwn
+++ b/doc/plugins/toggle.mdwn
@@ -28,3 +28,6 @@ each other, but can be located anywhere on the page. There can also be
 mutiple toggles that all toggle a single togglable.
 
 The id has a default value of "default", so can be omitted in simple cases.
+
+If you'd like a toggleable to be displayed by default, and toggle to
+hidden, then pass a parameter "open=true" when setting up the toggleable.