diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/plugins/attachment.mdwn | 53 | ||||
-rw-r--r-- | doc/plugins/contrib/attach/discussion.mdwn | 18 | ||||
-rw-r--r-- | doc/soc.mdwn | 2 | ||||
-rw-r--r-- | doc/todo/attachments.mdwn | 20 | ||||
-rw-r--r-- | doc/todo/attachments_plugin.mdwn | 1 | ||||
-rw-r--r-- | doc/todo/fileupload.mdwn | 2 |
6 files changed, 93 insertions, 3 deletions
diff --git a/doc/plugins/attachment.mdwn b/doc/plugins/attachment.mdwn new file mode 100644 index 000000000..019d1c9e4 --- /dev/null +++ b/doc/plugins/attachment.mdwn @@ -0,0 +1,53 @@ +[[template id=plugin name=conditional core=1 author="[[Joey]]"]] +[[tag type/useful]] + +This plugin allows files to be uploaded to the wiki over the web. + +For each page `foo`, files in the subdirectory `foo/` are treated as +attachments of that page. Attachments can be uploaded and managed as +part of the interface for editing a page. + +Warning: Do not enable this plugin on publically editable wikis, unless you +take care to lock down the types and sizes of files that can be uploaded. +Bear in mind that if you let anyone upload a particular kind of file +("*.mp3" files, say), then someone can abuse your wiki in at least three ways: + +1. By uploading many mp3 files, wasting your disk space. +2. By uploading mp3 files that attempt to exploit security holes + in web browsers or other players. +3. By uploading files that claim to be mp3 files, but are really some + other kind of file. Some web browsers may display a `foo.mp3` that + contains html as a web page; including running any malicious javascript + embedded in that page. + +To provide a way to combat these abuses, the wiki admin can specify a +[[ikiwiki/PageSpec]] on their preferences page, to control what types of +attachments can be uploaded. The regular [[ikiwiki/PageSpec]] syntax is +expanded with additional tests. + +For example, to limit arbitrary files to 50 kilobtes, but allow +larger mp3 files to be uploaded, a test like this could be used: + + (*.mp3 and maxsize(15mb)) or (!ispage() and maxsize(50kb)) + +The following additional tests are available: + +* maxsize(size) + + Tests whether the attachment is no larger than the specified size. + The size defaults to being in bytes, but "kb", "mb", "gb" etc can be + used to specify the units. + +* minsize(size) + + Tests whether the attachment is no smaller than the specified size. + +* ispage() + + Tests whether the attachment will be treated by ikiwiki as a wiki page. + (Ie, if it has an extension of ".mdwn", or of any other enabled page + format). + + So, if you don't want to allow wiki pages to be uploaded as attachments, + use `!ispage()` ; if you only want to allow wiki pages to be uploaded + as attachments, use `ispage()`. diff --git a/doc/plugins/contrib/attach/discussion.mdwn b/doc/plugins/contrib/attach/discussion.mdwn new file mode 100644 index 000000000..803b7dcdb --- /dev/null +++ b/doc/plugins/contrib/attach/discussion.mdwn @@ -0,0 +1,18 @@ +I found this posted to todo list, moved here: --[[Joey]] + +> First pass at an attachments plugin. See [[plugins/contrib/attach]] for +> details/docs. Here's the [diff](http://pastebin.com/f4d889b65), and +> here's some [technical notes](http://pastebin.com/f584b9d9d). There are +> still various things I want to fix and tweak, but it works reasonably for +> me as is. + +I guess I missed this when the plugin page was posted last September, and +since the [[soc]] stuff wasn't updated, I didn't realize this was Ben's soc +work. Which is more or less why I didn't look at it. + +This plugin would need quite a lot of work to finish up, I do think it was +taking the right approach, sorry I never followed up on it. + +In the meantime, I've written an attachment plugin that does most of the +same stuff, and behaves closer to how I originally sketched [[todo/fileupload]] +as working. diff --git a/doc/soc.mdwn b/doc/soc.mdwn index c762d2e43..fffb5bed4 100644 --- a/doc/soc.mdwn +++ b/doc/soc.mdwn @@ -11,7 +11,7 @@ accepted, and the following projects were worked on: (See [[todo/latex]]) * Implement File Upload Functionality and Image Gallery Creation by Ben Coffey - (See [[todo/fileupload/soc-proposal]]) + (See [[todo/fileupload/soc-proposal]] and [[plugins/contrib/attach]]) * Wiki WYSIWYG Editor by [[TaylorKillian]] (See [[todo/wikiwyg]]) diff --git a/doc/todo/attachments.mdwn b/doc/todo/attachments.mdwn new file mode 100644 index 000000000..de7d81400 --- /dev/null +++ b/doc/todo/attachments.mdwn @@ -0,0 +1,20 @@ +Stuff the [[plugins/attachment]] plugin is currently missing, that might be +nice to add: + +* `user()` pagespecs, to limit what individual users can do. (See examples + in [[fileupload]]. +* `mimetype()` pagespecs. (Using a mime type sniffer.)a +* Virus scanning. +* Make the attachments part of the Edit page hidden unless something is + clicked on to display it. To avoid clutter. +* Add a progress bar for attachment uploads (needs AJAX stuff..) +* Maybe optimise the "Insert Links" button with javascript, so, if + javascript is available, the link is inserted at the current cursor + position in the page edit form, without actually reposting the form. + (Falling back to the current reposting of the form if javascript is not + available of course.) +* Set `$CGI::POST_MAX` to some sane value (ie, larger than the largest + configured `maxsize()` in the pagespec, or if none is configured, + something reasonable. Just as a belt-and-suspenders DOS prevention. +* Only allow attachments to be added to a given list of pages. + Maybe a pagespec like `parent(patches/*)` diff --git a/doc/todo/attachments_plugin.mdwn b/doc/todo/attachments_plugin.mdwn deleted file mode 100644 index 3b050b43e..000000000 --- a/doc/todo/attachments_plugin.mdwn +++ /dev/null @@ -1 +0,0 @@ -First pass at an attachments plugin. See [[plugins/contrib/attach]] for details/docs. Here's the [diff](http://pastebin.com/f4d889b65), and here's some [technical notes](http://pastebin.com/f584b9d9d). There are still various things I want to fix and tweak, but it works reasonably for me as is.
\ No newline at end of file diff --git a/doc/todo/fileupload.mdwn b/doc/todo/fileupload.mdwn index 1962d6b40..9a9106229 100644 --- a/doc/todo/fileupload.mdwn +++ b/doc/todo/fileupload.mdwn @@ -60,4 +60,4 @@ pagespec lock like the above prevents an edit or upload from happening, ikiwiki could display a reasonable message to the user, indicating what they've done wrong.) -[[tag soc]] +[[tag soc done]] |