[pmwiki-users] Fwd: uploads security vs PmWikiDraw

Ciaran ciaranj at gmail.com
Wed May 2 02:35:00 CDT 2007


Eek! do you know if this directdownload option is newish, as I wasn't aware
of it when I wrote the pmwikidraw scripts originally.  FWIW we're currently
in the process of re-writing PmWikiDraw as a far more advanced AnyWikiDraw
tool, with an intended PmWiki variant so it has to an extent been forgotten
about [we intend to support the original format at least for initial loading
of drawings!]
- ciaran

On 4/30/07, Tegan Dowling <tmdowling at gmail.com> wrote:
>
> Bump ... PM?  Anyone?
>
> ---------- Forwarded message ----------
> From: Tegan Dowling <tmdowling at gmail.com>
> Date: Apr 28, 2007 4:05 PM
> Subject: uploads security vs PmWikiDraw
> To: PmWiki Users <pmwiki-users at pmichaud.com>
>
> I typically secure uploads to my wikis by using the method, described on
> the page http://www.pmwiki.org/wiki/Cookbook/SecureAttachments, which uses
> an .htaccess file in the uploads/ directory, with the following two lines:
>       Order Deny,Allow
>       Deny from all
>
> and then the following in local/config.php:
>         $EnableDirectDownload = 0;
>
>
> I find this conflicts with the use of the (wonderful!) PmWikiDraw recipe.
> http://www.pmwiki.org/wiki/Cookbook/PmWikiDraw.
>
> When I create a drawing
> (named "drawingname" on a page in the wikigroup
> http://www.myaddress.com/uploads/ExampleGroupname),
> the java drawing applet displays a warning:
> Error:java.io.IOException:Server returned HTTP response code: 403 for URL:
> http://www.myaddress.com/uploads/ExampleGroupname/drawingname.draw
>
> And although I can create the drawing, and it does save and upload
> successfully, it won't display the image -- I guess because the recipe
> doesn't use the display syntax ?action=download&upname= file.ext ?
>
> If I change local/config.php: to
>         $EnableDirectDownload = 1;
>
> and I remove the .htaccess file from the uploads/ directory, then the
> PmWikiDraw works ok.
>
> SO is there some way that I can have both?  Could I make
> $EnableDirectDownload = 1; conditional on the wikigroup I'm working in, AND
> somehow get the .htaccess file to be ignored there as well?
>
> Ideas?
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
>


-- 
- Ciaran
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20070502/fecbb79c/attachment-0001.html 


More information about the pmwiki-users mailing list