break out deletion and upload

some thoughts on upload limits

1 files changed, 35 insertions, 0 deletions

diff --git a/doc/todo/fileupload.mdwn b/doc/todo/fileupload.mdwn
new file mode 100644
index 000000000..db5932de8
--- /dev/null
+++ b/doc/todo/fileupload.mdwn
@@ -0,0 +1,35 @@
+Support for uploading files is useful for many circumstances:
+
+* Uploading images.
+* Uploading local.css files (admin only).
+* Uploading mp3s for podcasts.
+* Etc.
+
+ikiwiki should have an easy to use interface for this, but the real meat of
+the work is in securing it. Several classes of controls seem appropriate:
+
+* Limits to size of files that can be uploaded. Prevent someone spamming
+  the wiki with CD isos..
+* Limits to the type of files that can be uploaded. To prevent uploads of
+  virii, css, raw html etc, and avoid file types that are not safe.
+  Should default to excluding all files types, or at least all
+  except a very limited set, and should be able to open it up to more
+  types.
+
+  Would checking for file extensions (.gif, .jpg) etc be enough? Some
+  browsers are probably too smart for their own good and may ignore the
+  extension / mime info and process as the actual detected file type. It
+  may be necessary to use `file` to determine a file's true type.
+* Limits to who can upload what type of files.
+* Limits to what files can be uploaded where.
+
+It seems that for max flexability, rules should be configurable by the admin
+to combine these limits in different ways. If we again extend the pagespec
+for this, as was done for [[conditional_text_based_on_ikiwiki_features]],
+the rules might look something like this:
+
+	( maxsize(30kb) and type(webimage) ) or
+	( user(joey) and maxsize(1mb) and (type(webimage) or *.mp3) ) or
+	( user(joey) and maxsize(200mb) and (*.mov or *.avi) and videos/*)
+
+[[tag soc]]