[pmwiki-users] pmwiki-2.0.beta31 released
Hans
design at flutesong.net
Fri Apr 15 15:19:59 CDT 2005
Friday, April 15, 2005, 8:56:21 PM, Patrick wrote:
> However, a big disadvantage is that all attachments are publicly
> accessible as long as someone knows the URL.
Do I understand this right that default attachments are publicly
accessible even though the page or group is read-password protected?
> As a result, beta31 now offers an ?action=download option, which can be used
> to retrieve a page's attachment. For example, with $EnableDirectDownload
> set to zero, PmWiki will convert the "Attach:gemini.zip" markup into
> http://www.pmwiki.org/wiki/Cookbook/GeminiSkin?action=download&upname=gemini.zip
So ?action=download gets used automatically if
$EnableDirectDownload=0, and there is no need to use it manually in
links inside pages? Just use normal Attach:filename markup syntax?
> This provides some important features:
> - it allows PmWiki to use site/group/page permissions to control
> access to attachments
So now a page or group read-password will protect the attachments of
the page and group?
> - it means the uploads/ directory no longer needs to be web accessible
> and can be anywhere in the filesystem
How does this work? How does the Attach:filename markup work?
$UploadUrlFmt could have been pointing anywhere in the filesystem, so
what is the difference?
> - the file's Content-Type and semantics can be controlled by PmWiki
> which may be easier to configure (e.g., it makes it easier for .php
> attachments to be downloaded instead of executed on the server)
And how does that work?
Forgive me all these questions, I do wish to understand, it seems
quite important.
~Hans
More information about the pmwiki-users
mailing list