On 5/2/07, Ciaran <[EMAIL PROTECTED]> wrote: > > On 4/30/07, Tegan Dowling <[EMAIL PROTECTED]> wrote: > > > > Bump ... PM? Anyone? > > > > > > ---------- Forwarded message ---------- > > From: Tegan Dowling < [EMAIL PROTECTED]> > > Date: Apr 28, 2007 4:05 PM > > Subject: uploads security vs PmWikiDraw > > To: PmWiki Users <[email protected] > > > > > I typically secure uploads to my wikis by using the method, described on > > the page http://www.pmwiki.org/wiki/Cookbook/SecureAttachments, which uses > > an .htaccess file in the uploads/ directory, with the following two lines: > > Order Deny,Allow > > Deny from all > > > > and then the following in local/config.php: > > $EnableDirectDownload = 0; > > > > > > I find this conflicts with the use of the (wonderful!) PmWikiDraw recipe. > > http://www.pmwiki.org/wiki/Cookbook/PmWikiDraw. > > > > When I create a drawing > > (named "drawingname" on a page in the wikigroup > > http://www.myaddress.com/uploads/ExampleGroupname), > > the java drawing applet displays a warning: > > Error:java.io.IOException:Server returned HTTP response code: 403 for URL: > > http://www.myaddress.com/uploads/ExampleGroupname/drawingname.draw > > > > And although I can create the drawing, and it does save and upload > > successfully, it won't display the image -- I guess because the recipe > > doesn't use the display syntax ?action=download&upname= file.ext ? > > > > If I change local/config.php: to > > $EnableDirectDownload = 1; > > > > and I remove the .htaccess file from the uploads/ directory, then the > > PmWikiDraw works ok. > > > > SO is there some way that I can have both? Could I make > > $EnableDirectDownload = 1; conditional on the wikigroup I'm working in, AND > > somehow get the .htaccess file to be ignored there as well? > > > > Ideas? > > Eek! do you know if this directdownload option is newish, as I wasn't aware > of it when I > wrote the pmwikidraw scripts originally. FWIW we're currently in the process > of re-writing > PmWikiDraw as a far more advanced AnyWikiDraw tool, with an intended PmWiki > variant > so it has to an extent been forgotten about [we intend to support the > original format at > least for initial loading of drawings!] > - ciaran
Hi! The PmWikiDraw tool is so terrific, I would love to be able to enable it on all my wikis! The "$EnableDirectDownload = 0;" security option is not new, but it's not the default configuration, either (although it is for my wikis). If you look into how the option works, it seems to me that you may be able to adjust your PmWikiDraw code so that it works in this environment. On these sites, attachments are displayed with "http://address.com/Group/Page?action=download&upname=file.ext"; (as opposed to other configurations that display "http://address.com/uploads/Group/file.ext"; I've just been hoping to find a work-around that would let me revert to the regular configuration on pages/groups where the PmWikiDraw is either in use or enabled, and I'm sure I could switch to a setting of $EnableDirectDownload = 1; for such pages/groups, but I don't know of any way to get the wiki to disregard the .htaccess file in the uploads directory when rendering attachments to those pages/groups. Does anyone know of anything I could put in the .htaccess file itself, that would get it ignored for certain pages or groups? _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
