[pmwiki-users] HTML to pmWiki

Kathryn Andersen kat_lists at katspace.homelinux.org
Mon Aug 27 20:36:29 CDT 2007


On Mon, Aug 27, 2007 at 08:03:54PM -0400, Sandy wrote:
> http://pmwiki.org/wiki/Cookbook/IncludeUpload
> and
> http://pmwiki.org/wiki/Cookbook/EnableHTML
> 
> The second one is more limited, but also safer. You give it a list of 
> HTML codes to pass through. The first one, I'm not sure if it'll pass 
> through something dangerous or not (I trust the programmer, but I don't 
> see anywhere if this was a quickie utility for her own site, or 
> something more robust.)

Well, it was initially a quickie utility for my own site, but it has
become more robust since. 8-)

However, the level of security is along the lines of whether a given
file is allowed to be included, there is no checking of the HTML content
of it.  So it's an all-or-nothing thing in that regard.

There are two ways of including a HTML file with IncludeUpload:
A) it's an uploaded (attached) file.  In this case, the file is only
included if the viewer has 'includeupload' authorization (which defaults
to the same as 'read') for the page associated with the uploaded file.
In this case, the security of the content of the file depends on how
trustworthy the people who have *upload* authorization; those who upload
the files determine what their content is.

B) It's a file from elsewhere on the website.  This goes through
the webserver to ensure that only files which are allowed to be
displayed (given the webserver's permissions) are included.
The assumption here is that non-PmWiki content is under the control
of the website admin, and therefore would be safe.

Basically the purpose of IncludeUpload is to save effort for content
that you already have that you don't want to have to convert into PmWiki
format.

Another purpose that I use it for is to make files available in both
text and HTML format; the text file is attached to the page, and then I
tell IncludeUpload to use a text-to-html converter on it when it
includes that file.  That's only useful for text files that aren't too
large, since otherwise too much time is spent in doing the conversion.

Kathryn Andersen
-- 
 _--_|\     | Kathryn Andersen	<http://www.katspace.com>
/      \    | 
\_.--.*/    | GenFicCrit mailing list <http://www.katspace.com/gen_fic_crit/>
      v     | 
------------| Melbourne -> Victoria -> Australia -> Southern Hemisphere
Maranatha!  |	-> Earth -> Sol -> Milky Way Galaxy -> Universe



More information about the pmwiki-users mailing list