[Pmwiki-users] Uploading and password proctecting
Tue Jun 15 17:54:48 CDT 2004
> No it won't. For example, my wiki is on /wiki and uploads go
> to /wikifiles/GroupName ... anyone knowing the path can just type the URL in,
> and as it doesn't touch PmWiki at all, it will be downloaded then and their.
> The best bet would probably be to either have the files set so that the
> downloads go through PmWiki (so that it's authentication can be applied) or
> to drop a .htaccess file in the downloads directory.
I would like to see PmWiki control access to uploaded files at some
point. In the meantime, here is something else that I've been meaning to
add to the cookbook. It checks to make sure that you have read (or
whatever action specified by $AuthDownloadType) access to the page
containing the link to the download.
Hope this helps.
global $AuthDownloadType, $UploadDir;
$filename = $UploadDir.$_GET['file'];
$filegroup = basename(dirname($filename));
$pagegroup = FmtPageName('$Group', $pagename);
if ($filegroup != $pagegroup) Abort('?access denied');
$page = RetrieveAuthPage($pagename, $AuthDownloadType);
if (!$page) Abort('?access denied');
$fp = fopen($filename, 'rb');
if (!$fp) Abort('?no such filename $filename');
header('Content-Disposition: attachment; filename=".
.htaccess - put in your uploads directory
Deny from all
More information about the pmwiki-users