[Pmwiki-users] Using subdirectories for uploaded files

Christian Ridderström chr
Sat Nov 22 13:01:59 CST 2003


Hi

I've been having a problem with name collisions when uploading files. In 
order to handle this, I used to create lots of small groups. 
Unfortunately, using lots of small groups causes other problems.

Therefore, I tested changing the pattern for files names into this:

  $UploadNamePattern='([A-Za-z0-9_-]+\/)*[A-Za-z0-9][-\w.]*[A-Za-z0-9]';

This allows you to specify an attachment like this:

	Attach:dir/filename

To my surprise, pmwiki even creates the directory for you.

A minor problem here is that if you specify dir1/dir2/filname, and 
'dir1' doesn't exist, you get an error. The workaround is to first upload 
anything using Attach:dir1/dummy. Then pmwiki creates 'dir2' for you.

Questions:

 * Is there a problem with this approach?
   * Security risks?
   * Does it break other stuff?

 * If '..' was allowed, would that break security?
   (e.g. Attach:dir/../../../../some-secret-file)
  
For completeness, I should modify the reg-exp so that '.' are allowed in 
the names of the directories.

The 'big' problem that remains is the listing of attached files.
Let's say that I've got this code:

        Attach:aFile.txt
        Attach:test/anotherFile.txt

then the result of [[$Attachlist]] looks like this:

        * aFile.txt ... 10 bytes ... 2003-11-22 at 01:02 AM
        * test ... 4096 bytes ... 2003-11-22 at 05:56 PM

where 'test' is actually a directory.

I can think of different solutions here... one is to let 'test' become a 
link to a directory listing of that directory. Another is to change the 
listing so that it looks like this:

 	* aFile.txt ... 10 bytes ... 2003-11-22 at 01:02 AM
        * test/ ... 2003-11-22 at 05:56 AM
	  * anotherFile.txt ... 10 bytes ... 2003-11-22 at 05:56 AM

What do you think? 

/Christian




More information about the pmwiki-users mailing list