[pmwiki-users] problem with uploads changing file names

Patrick R. Michaud pmichaud at pobox.com
Tue Mar 21 11:04:40 CST 2006


On Tue, Mar 21, 2006 at 11:49:32AM -0500, Neil Herber wrote:
> At 2006-03-21  10:24 AM -0600, Patrick R. Michaud is rumored to have said:
> >For security reasons, PmWiki restricts the characters that may appear
> >in upload filenames to (default) alphanumerics, hyphen, underscore,
> >dot, and space.
> >
> >If you want to allow commas, set:
> >
> >    $UploadNameChars = "-\\w. ,";
> 
> I will begin editing farmconfig next. Is there any reason not  to 
> allow commas by default since they are legal Windoze filename 
> characters and my authors are all on Windoze boxes (well, a few Mac users).

Off the top of my head I can't think of any reason why commas would
pose a problem, for either Windows or Unix environments.  (VMS
would have trouble.)

The reason why comma (and other characters) aren't allowed by default
is that philosophically PmWiki takes a somewhat paranoid stance
when it comes to the uploads feature.  Thus, the default settings for
uploads tend to try to restrict the feature as much as possible:

   - uploads are disabled by default
   - even if you enable them, they're password locked by default
   - even if you remove the password, you're restricted to uploading
     files with certain names and extensions
   - the maximum upload size is small (50K by default)

This way the potential damage is limited until/unless the wiki
administrator explicitly relaxes the restrictions.

Pm




More information about the pmwiki-users mailing list