On 5/2/07, <b class="gmail_sendername">Tegan Dowling</b> <<a href="mailto:tmdowling@gmail.com">tmdowling@gmail.com</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On 5/2/07, Ciaran <<a href="mailto:ciaranj@gmail.com">ciaranj@gmail.com</a>> wrote:<br>><br>> On 4/30/07, Tegan Dowling <<a href="mailto:tmdowling@gmail.com">tmdowling@gmail.com</a>> wrote:<br>> ><br>
> > Bump ... PM? Anyone?<br>> ><br>> ><br>> > ---------- Forwarded message ----------<br>> > From: Tegan Dowling < <a href="mailto:tmdowling@gmail.com">tmdowling@gmail.com</a>><br>> > Date: Apr 28, 2007 4:05 PM
<br>> > Subject: uploads security vs PmWikiDraw<br>> > To: PmWiki Users <<a href="mailto:pmwiki-users@pmichaud.com">pmwiki-users@pmichaud.com</a> ><br>> ><br>> > I typically secure uploads to my wikis by using the method, described on the page
<a href="http://www.pmwiki.org/wiki/Cookbook/SecureAttachments">http://www.pmwiki.org/wiki/Cookbook/SecureAttachments</a>, which uses an .htaccess file in the uploads/ directory, with the following two lines:<br>> > Order Deny,Allow
<br>> > Deny from all<br>> ><br>> > and then the following in local/config.php:<br>> > $EnableDirectDownload = 0;<br>> ><br>> ><br>> > I find this conflicts with the use of the (wonderful!) PmWikiDraw recipe.
<a href="http://www.pmwiki.org/wiki/Cookbook/PmWikiDraw">http://www.pmwiki.org/wiki/Cookbook/PmWikiDraw</a>.<br>> ><br>> > When I create a drawing<br>> > (named "drawingname" on a page in the wikigroup
<a href="http://www.myaddress.com/uploads/ExampleGroupname">http://www.myaddress.com/uploads/ExampleGroupname</a>),<br>> > the java drawing applet displays a warning:<br>> > Error:java.io.IOException:Server returned HTTP response code: 403 for URL:
<a href="http://www.myaddress.com/uploads/ExampleGroupname/drawingname.draw">http://www.myaddress.com/uploads/ExampleGroupname/drawingname.draw</a><br>> ><br>> > And although I can create the drawing, and it does save and upload successfully, it won't display the image -- I guess because the recipe doesn't use the display syntax ?action=download&upname=
file.ext ?<br>> ><br>> > If I change local/config.php: to<br>> > $EnableDirectDownload = 1;<br>> ><br>> > and I remove the .htaccess file from the uploads/ directory, then the PmWikiDraw works ok.
<br>> ><br>> > SO is there some way that I can have both? Could I make $EnableDirectDownload = 1; conditional on the wikigroup I'm working in, AND somehow get the .htaccess file to be ignored there as well?
<br>> ><br>> > Ideas?<br>><br>> Eek! do you know if this directdownload option is newish, as I wasn't aware of it when I<br>> wrote the pmwikidraw scripts originally. FWIW we're currently in the process of re-writing
<br>> PmWikiDraw as a far more advanced AnyWikiDraw tool, with an intended PmWiki variant<br>> so it has to an extent been forgotten about [we intend to support the original format at<br>> least for initial loading of drawings!]
<br>> - ciaran<br><br>Hi! The PmWikiDraw tool is so terrific, I would love to be able to<br>enable it on all my wikis!</blockquote><div><br>Well soon you should be able, to, plus with versioning, svg support, and much much more ;)
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">The "$EnableDirectDownload = 0;" security option is not new, but it's
<br>not the default configuration, either (although it is for my wikis).</blockquote><div><br>I'd not come across it before ! <br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
If you look into how the option works, it seems to me that you may be<br>able to adjust your PmWikiDraw code so that it works in this<br>environment. On these sites, attachments are displayed with<br>"<a href="http://address.com/Group/Page?action=download&upname=file.ext">
http://address.com/Group/Page?action=download&upname=file.ext</a>" (as<br>opposed to other configurations that display<br>"<a href="http://address.com/uploads/Group/file.ext">http://address.com/uploads/Group/file.ext
</a>"</blockquote><div><br>Right, I've enabled a work-around I think, please try the new version I've put up on PmWiki.org for you ! <br>Let me know how it goes :)<br><br>I also made a change to make it work in Java 6 runtimes, which was a little random, but sorted now :)
<br>Take care<br>- Ciaran<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I've just been hoping to find a work-around that would let me revert
<br>to the regular configuration on pages/groups where the PmWikiDraw is<br>either in use or enabled, and I'm sure I could switch to a setting of<br>$EnableDirectDownload = 1; for such pages/groups, but I don't know of
<br>any way to get the wiki to disregard the .htaccess file in the uploads<br>directory when rendering attachments to those pages/groups.<br><br>Does anyone know of anything I could put in the .htaccess file itself,<br>that would get it ignored for certain pages or groups?
<br></blockquote></div><br><br clear="all"><br>-- <br>- Ciaran