[pmwiki-users] Fwd: uploads security vs PmWikiDraw
Tegan Dowling
tmdowling at gmail.com
Mon Apr 30 13:09:16 CDT 2007
Bump ... PM? Anyone?
---------- Forwarded message ----------
From: Tegan Dowling <tmdowling at gmail.com>
Date: Apr 28, 2007 4:05 PM
Subject: uploads security vs PmWikiDraw
To: PmWiki Users <pmwiki-users at pmichaud.com>
I typically secure uploads to my wikis by using the method, described on the
page http://www.pmwiki.org/wiki/Cookbook/SecureAttachments, which uses an
.htaccess file in the uploads/ directory, with the following two lines:
Order Deny,Allow
Deny from all
and then the following in local/config.php:
$EnableDirectDownload = 0;
I find this conflicts with the use of the (wonderful!) PmWikiDraw recipe.
http://www.pmwiki.org/wiki/Cookbook/PmWikiDraw.
When I create a drawing
(named "drawingname" on a page in the wikigroup
http://www.myaddress.com/uploads/ExampleGroupname),
the java drawing applet displays a warning:
Error:java.io.IOException:Server returned HTTP response code: 403 for URL:
http://www.myaddress.com/uploads/ExampleGroupname/drawingname.draw
And although I can create the drawing, and it does save and upload
successfully, it won't display the image -- I guess because the recipe
doesn't use the display syntax ?action=download&upname= file.ext ?
If I change local/config.php: to
$EnableDirectDownload = 1;
and I remove the .htaccess file from the uploads/ directory, then the
PmWikiDraw works ok.
SO is there some way that I can have both? Could I make
$EnableDirectDownload = 1; conditional on the wikigroup I'm working in, AND
somehow get the .htaccess file to be ignored there as well?
Ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20070430/41458516/attachment.html
More information about the pmwiki-users
mailing list