summaryrefslogtreecommitdiff
path: root/doc/plugins/attachment.mdwn
blob: dedc4162e050d87c1e4d4e39c809e9bc511258b6 (plain)

[[template id=plugin name=conditional core=1 author="[[Joey]]"]] [[tag type/useful]]

This plugin allows files to be uploaded to the wiki over the web.

For each page foo, files in the subdirectory foo/ are treated as attachments of that page. Attachments can be uploaded and managed as part of the interface for editing a page.

Warning: Do not enable this plugin on publically editable wikis, unless you take care to lock down the types and sizes of files that can be uploaded. Bear in mind that if you let anyone upload a particular kind of file ("*.mp3" files, say), then someone can abuse your wiki in at least three ways:

  1. By uploading many mp3 files, wasting your disk space.
  2. By uploading mp3 files that attempt to exploit security holes in web browsers or other players.
  3. By uploading files that claim to be mp3 files, but are really some other kind of file. Some web browsers may display a foo.mp3 that contains html as a web page; including running any malicious javascript embedded in that page.

If you enable this plugin, be sure to lock that down, by entering an [[enhanced_PageSpec|ikiwiki/pagespec/attachment]] in the "Allowed Attachments" field of the wiki admin's preferences page.

This plugin will use the [[cpan File::MimeInfo::Magic]] perl module, if available, for mimetype checking.

The virusfree [[PageSpec|ikiwiki/pagespec/attachment]] requires that ikiwiki be configured with a virus scanner program via the virus_checker option in the setup file. If using clamav, with clamd, set it to "clamdscan -". Or to use clamav without the clamd daemon, you could set it to "clamscan -".