Merge branch 'tova'

8 files changed, 105 insertions, 3 deletions

diff --git a/doc/plugins/attachment.mdwn b/doc/plugins/attachment.mdwn
new file mode 100644
index 000000000..184f5b5df
--- /dev/null
+++ b/doc/plugins/attachment.mdwn
@@ -0,0 +1,64 @@
+[[template id=plugin name=conditional core=1 author="[[Joey]]"]]
+[[tag type/useful]]
+
+This plugin allows files to be uploaded to the wiki over the web.
+
+For each page `foo`, files in the subdirectory `foo/` are treated as
+attachments of that page. Attachments can be uploaded and managed as
+part of the interface for editing a page.
+
+Warning: Do not enable this plugin on publically editable wikis, unless you
+take care to lock down the types and sizes of files that can be uploaded.
+Bear in mind that if you let anyone upload a particular kind of file
+("*.mp3" files, say), then someone can abuse your wiki in at least three ways:
+
+1. By uploading many mp3 files, wasting your disk space.
+2. By uploading mp3 files that attempt to exploit security holes
+   in web browsers or other players.
+3. By uploading files that claim to be mp3 files, but are really some 
+   other kind of file. Some web browsers may display a `foo.mp3` that
+   contains html as a web page; including running any malicious javascript
+   embedded in that page.
+
+To provide a way to combat these abuses, the wiki admin can specify a
+[[ikiwiki/PageSpec]] on their preferences page, to control what types of
+attachments can be uploaded, and by whom. The regular [[ikiwiki/PageSpec]]
+syntax is expanded with additional tests.
+
+For example, to limit arbitrary files to 50 kilobytes, but allow
+larger mp3 files to be uploaded by joey, a test like this could be
+used:
+  
+	(user(joey) and *.mp3 and maxsize(15mb)) or (!ispage() and maxsize(50kb))
+
+The following additional tests are available:
+
+* maxsize(size)
+
+  Tests whether the attachment is no larger than the specified size.
+  The size defaults to being in bytes, but "kb", "mb", "gb" etc can be
+  used to specify the units.
+  
+* minsize(size)
+
+  Tests whether the attachment is no smaller than the specified size.
+
+* ispage()
+
+  Tests whether the attachment will be treated by ikiwiki as a wiki page.
+  (Ie, if it has an extension of ".mdwn", or of any other enabled page
+  format).
+
+  So, if you don't want to allow wiki pages to be uploaded as attachments,
+  use `!ispage()` ; if you only want to allow wiki pages to be uploaded
+  as attachments, use `ispage()`.
+
+* user(username)
+
+  Tests whether the attachment is being uploaded by a user with the
+  specified username. If openid is enabled, an openid can also be put here.
+
+* ip(address)
+
+  Tests whether the attacment is being uploaded from the specified IP
+  address.
diff --git a/doc/plugins/contrib/attach/discussion.mdwn b/doc/plugins/contrib/attach/discussion.mdwn
new file mode 100644
index 000000000..803b7dcdb
--- /dev/null
+++ b/doc/plugins/contrib/attach/discussion.mdwn
@@ -0,0 +1,18 @@
+I found this posted to todo list, moved here: --[[Joey]]
+
+> First pass at an attachments plugin. See [[plugins/contrib/attach]] for
+> details/docs. Here's the [diff](http://pastebin.com/f4d889b65), and
+> here's some [technical notes](http://pastebin.com/f584b9d9d). There are
+> still various things I want to fix and tweak, but it works reasonably for
+> me as is.
+
+I guess I missed this when the plugin page was posted last September, and
+since the [[soc]] stuff wasn't updated, I didn't realize this was Ben's soc
+work. Which is more or less why I didn't look at it.
+
+This plugin would need quite a lot of work to finish up, I do think it was
+taking the right approach, sorry I never followed up on it.
+
+In the meantime, I've written an attachment plugin that does most of the
+same stuff, and behaves closer to how I originally sketched [[todo/fileupload]]
+as working.
diff --git a/doc/plugins/toggle.mdwn b/doc/plugins/toggle.mdwn
index cb76d0b7b..b33575824 100644
--- a/doc/plugins/toggle.mdwn
+++ b/doc/plugins/toggle.mdwn
@@ -28,3 +28,6 @@ each other, but can be located anywhere on the page. There can also be
 mutiple toggles that all toggle a single togglable.
 
 The id has a default value of "default", so can be omitted in simple cases.
+
+If you'd like a toggleable to be displayed by default, and toggle to
+hidden, then pass a parameter "open=true" when setting up the toggleable.
diff --git a/doc/soc.mdwn b/doc/soc.mdwn
index c762d2e43..fffb5bed4 100644
--- a/doc/soc.mdwn
+++ b/doc/soc.mdwn
@@ -11,7 +11,7 @@ accepted, and the following projects were worked on:
   (See [[todo/latex]])
 * Implement File Upload Functionality and Image Gallery Creation  
   by Ben Coffey  
-  (See [[todo/fileupload/soc-proposal]])
+  (See [[todo/fileupload/soc-proposal]] and [[plugins/contrib/attach]])
 * Wiki WYSIWYG Editor  
   by [[TaylorKillian]]  
   (See [[todo/wikiwyg]])
diff --git a/doc/todo/attachments.mdwn b/doc/todo/attachments.mdwn
new file mode 100644
index 000000000..08052f368
--- /dev/null
+++ b/doc/todo/attachments.mdwn
@@ -0,0 +1,16 @@
+Stuff the [[plugins/attachment]] plugin is currently missing, that might be
+nice to add:
+
+* `mimetype()` pagespecs. (Using a mime type sniffer.)
+* Virus scanning.
+* Add a progress bar for attachment uploads (needs AJAX stuff..)
+* Maybe optimise the "Insert Links" button with javascript, so, if
+  javascript is available, the link is inserted at the current cursor
+  position in the page edit form, without actually reposting the form.
+  (Falling back to the current reposting of the form if javascript is not
+  available of course.)
+* Set `$CGI::POST_MAX` to some sane value (ie, larger than the largest
+  configured `maxsize()` in the pagespec, or if none is configured,
+  something reasonable. Just as a belt-and-suspenders DOS prevention.
+* Only allow attachments to be added to a given list of pages.
+  Maybe a pagespec like `parent(patches/*)`
diff --git a/doc/todo/attachments_plugin.mdwn b/doc/todo/attachments_plugin.mdwn
deleted file mode 100644
index 3b050b43e..000000000
--- a/doc/todo/attachments_plugin.mdwn
+++ /dev/null
@@ -1 +0,0 @@
-First pass at an attachments plugin. See [[plugins/contrib/attach]] for details/docs. Here's the [diff](http://pastebin.com/f4d889b65), and here's some [technical notes](http://pastebin.com/f584b9d9d). There are still various things I want to fix and tweak, but it works reasonably for me as is.
\ No newline at end of file
diff --git a/doc/todo/fileupload.mdwn b/doc/todo/fileupload.mdwn
index 1962d6b40..9a9106229 100644
--- a/doc/todo/fileupload.mdwn
+++ b/doc/todo/fileupload.mdwn
@@ -60,4 +60,4 @@ pagespec lock like the above prevents an edit or upload from happening,
 ikiwiki could display a reasonable message to the user, indicating what
 they've done wrong.)
 
-[[tag soc]]
+[[tag soc done]]
diff --git a/doc/todo/toggle_initial_state.mdwn b/doc/todo/toggle_initial_state.mdwn
index f54d33c04..cbbf7e6fd 100644
--- a/doc/todo/toggle_initial_state.mdwn
+++ b/doc/todo/toggle_initial_state.mdwn
@@ -2,3 +2,5 @@ It would be nice if one could set the initial state of the toggleable area.
 --[[[rdennis]]
 
 [[tag plugins/toggle]]
+
+[[done]]