[pmwiki-users] problem with uploads changing file names
Patrick R. Michaud
pmichaud at pobox.com
Tue Mar 21 11:04:40 CST 2006
On Tue, Mar 21, 2006 at 11:49:32AM -0500, Neil Herber wrote:
> At 2006-03-21 10:24 AM -0600, Patrick R. Michaud is rumored to have said:
> >For security reasons, PmWiki restricts the characters that may appear
> >in upload filenames to (default) alphanumerics, hyphen, underscore,
> >dot, and space.
> >
> >If you want to allow commas, set:
> >
> > $UploadNameChars = "-\\w. ,";
>
> I will begin editing farmconfig next. Is there any reason not to
> allow commas by default since they are legal Windoze filename
> characters and my authors are all on Windoze boxes (well, a few Mac users).
Off the top of my head I can't think of any reason why commas would
pose a problem, for either Windows or Unix environments. (VMS
would have trouble.)
The reason why comma (and other characters) aren't allowed by default
is that philosophically PmWiki takes a somewhat paranoid stance
when it comes to the uploads feature. Thus, the default settings for
uploads tend to try to restrict the feature as much as possible:
- uploads are disabled by default
- even if you enable them, they're password locked by default
- even if you remove the password, you're restricted to uploading
files with certain names and extensions
- the maximum upload size is small (50K by default)
This way the potential damage is limited until/unless the wiki
administrator explicitly relaxes the restrictions.
Pm
More information about the pmwiki-users
mailing list