Thanks to suggestions of various folks on pmwiki-devel (and looking at the code in ThomasP's "IncludeFile" recipe) I've now plugged various security holes in the IncludeUpload recipe. http://www.pmwiki.org/wiki/Cookbook/IncludeUpload
1) replaced txt2html= option with type= option This means that the user can no longer pass in arbitrary arguments which could be used to do Bad Things on your server. Now the conversion commands, including *all* their arguments, must be defined by the admin, and one picks which version of the comand by setting the "type" option (or the file extension). This is also cool because it means that one can define one's own "types" of file to include, so long as you can construct a command which will generate HTML from the file. 2) use url_fopen to conform to Apache permissions for files on the website Since the file is opened through the webserver, it obeys the webserver permissions. However, since not all sites allow url_fopen, one can set $IncludeUploadUrlFopenEnabled = 0; to fall back to the original read-from-the-filesystem behaviour. 3) added 'includeupload' authorization level This checks to see whether the user is allowed to access the page associated with the Attached file (which will either be the current page, or the other-group page associated with the uploaded file). So I think that all justifies taking off the "WARNING DANGER" from the recipe. 8-) Please let me know if I'm mistaken! Kathryn Andersen -- _--_|\ | Kathryn Andersen <http://www.katspace.com> / \ | \_.--.*/ | GenFicCrit mailing list <http://www.katspace.com/gen_fic_crit/> v | ------------| Melbourne -> Victoria -> Australia -> Southern Hemisphere Maranatha! | -> Earth -> Sol -> Milky Way Galaxy -> Universe _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users