[pmwiki-users] uploads security vs PmWikiDraw

Tegan Dowling tmdowling at gmail.com
Sat Apr 28 16:05:16 CDT 2007


I typically secure uploads to my wikis by using the method, described on the
page http://www.pmwiki.org/wiki/Cookbook/SecureAttachments, which uses an
.htaccess file in the uploads/ directory, with the following two lines:
      Order Deny,Allow
      Deny from all

and then the following in local/config.php:
        $EnableDirectDownload = 0;


I find this conflicts with the use of the (wonderful!) PmWikiDraw recipe.
http://www.pmwiki.org/wiki/Cookbook/PmWikiDraw.

When I create a drawing
(named "drawingname" on a page in the wikigroup
http://www.myaddress.com/uploads/ExampleGroupname),
the java drawing applet displays a warning:
Error:java.io.IOException:Server returned HTTP response code: 403 for URL:
http://www.myaddress.com/uploads/ExampleGroupname/drawingname.draw

And although I can create the drawing, and it does save and upload
successfully, it won't display the image -- I guess because the recipe
doesn't use the display syntax ?action=download&upname=file.ext ?

If I change local/config.php: to
        $EnableDirectDownload = 1;

and I remove the .htaccess file from the uploads/ directory, then the
PmWikiDraw works ok.

SO is there some way that I can have both?  Could I make
$EnableDirectDownload = 1; conditional on the wikigroup I'm working in, AND
somehow get the .htaccess file to be ignored there as well?

Ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20070428/e290dea9/attachment.html 


More information about the pmwiki-users mailing list