On 5/2/07, Tegan Dowling <[EMAIL PROTECTED]> wrote:
On 5/2/07, Ciaran <[EMAIL PROTECTED]> wrote: > > On 4/30/07, Tegan Dowling <[EMAIL PROTECTED]> wrote: > > > > Bump ... PM? Anyone? > > > > > > ---------- Forwarded message ---------- > > From: Tegan Dowling < [EMAIL PROTECTED]> > > Date: Apr 28, 2007 4:05 PM > > Subject: uploads security vs PmWikiDraw > > To: PmWiki Users <pmwiki-users@pmichaud.com > > > > > I typically secure uploads to my wikis by using the method, described on the page http://www.pmwiki.org/wiki/Cookbook/SecureAttachments, which uses an .htaccess file in the uploads/ directory, with the following two lines: > > Order Deny,Allow > > Deny from all > > > > and then the following in local/config.php: > > $EnableDirectDownload = 0; > > > > > > I find this conflicts with the use of the (wonderful!) PmWikiDraw recipe. http://www.pmwiki.org/wiki/Cookbook/PmWikiDraw. > > > > When I create a drawing > > (named "drawingname" on a page in the wikigroup http://www.myaddress.com/uploads/ExampleGroupname), > > the java drawing applet displays a warning: > > Error:java.io.IOException:Server returned HTTP response code: 403 for URL: http://www.myaddress.com/uploads/ExampleGroupname/drawingname.draw > > > > And although I can create the drawing, and it does save and upload successfully, it won't display the image -- I guess because the recipe doesn't use the display syntax ?action=download&upname= file.ext ? > > > > If I change local/config.php: to > > $EnableDirectDownload = 1; > > > > and I remove the .htaccess file from the uploads/ directory, then the PmWikiDraw works ok. > > > > SO is there some way that I can have both? Could I make $EnableDirectDownload = 1; conditional on the wikigroup I'm working in, AND somehow get the .htaccess file to be ignored there as well? > > > > Ideas? > > Eek! do you know if this directdownload option is newish, as I wasn't aware of it when I > wrote the pmwikidraw scripts originally. FWIW we're currently in the process of re-writing > PmWikiDraw as a far more advanced AnyWikiDraw tool, with an intended PmWiki variant > so it has to an extent been forgotten about [we intend to support the original format at > least for initial loading of drawings!] > - ciaran Hi! The PmWikiDraw tool is so terrific, I would love to be able to enable it on all my wikis!
Well soon you should be able, to, plus with versioning, svg support, and much much more ;) The "$EnableDirectDownload = 0;" security option is not new, but it's
not the default configuration, either (although it is for my wikis).
I'd not come across it before ! If you look into how the option works, it seems to me that you may be
able to adjust your PmWikiDraw code so that it works in this environment. On these sites, attachments are displayed with "http://address.com/Group/Page?action=download&upname=file.ext" (as opposed to other configurations that display "http://address.com/uploads/Group/file.ext"
Right, I've enabled a work-around I think, please try the new version I've put up on PmWiki.org for you ! Let me know how it goes :) I also made a change to make it work in Java 6 runtimes, which was a little random, but sorted now :) Take care - Ciaran I've just been hoping to find a work-around that would let me revert
to the regular configuration on pages/groups where the PmWikiDraw is either in use or enabled, and I'm sure I could switch to a setting of $EnableDirectDownload = 1; for such pages/groups, but I don't know of any way to get the wiki to disregard the .htaccess file in the uploads directory when rendering attachments to those pages/groups. Does anyone know of anything I could put in the .htaccess file itself, that would get it ignored for certain pages or groups?
-- - Ciaran
_______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users