aboutsummaryrefslogtreecommitdiff
path: root/doc/plugins/attachment.mdwn
blob: bb28755bb85cf0fe40246d40f1c47bafc732d594 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
[[template id=plugin name=attachment core=1 author="[[Joey]]"]]
[[tag type/useful]]

This plugin allows files to be uploaded to the wiki over the web.

For each page `foo`, files in the subdirectory `foo/` are treated as
attachments of that page. Attachments can be uploaded and managed as
part of the interface for editing a page.

Warning: Do not enable this plugin on publically editable wikis, unless you
take care to lock down the types and sizes of files that can be uploaded.
Bear in mind that if you let anyone upload a particular kind of file
("*.mp3" files, say), then someone can abuse your wiki in at least three ways:

1. By uploading many mp3 files, wasting your disk space.
2. By uploading mp3 files that attempt to exploit security holes
   in web browsers or other players.
3. By uploading files that claim to be mp3 files, but are really some 
   other kind of file. Some web browsers may display a `foo.mp3` that
   contains html as a web page; including running any malicious javascript
   embedded in that page.

If you enable this plugin, be sure to lock that down, by entering an
[[enhanced_PageSpec|ikiwiki/pagespec/attachment]] in the "Allowed
Attachments" field of the wiki admin's preferences page.

This plugin will use the [[cpan File::MimeInfo::Magic]] perl module, if
available, for mimetype checking.

The `virusfree` [[PageSpec|ikiwiki/pagespec/attachment]] requires that
ikiwiki be configured with a virus scanner program via the `virus_checker`
option in the setup file. If using `clamav`, with `clamd`, set it to
"clamdscan -". Or to use clamav without the `clamd` daemon, you
could set it to "clamscan -".