1 [[!template id=plugin name=attachment core=0 author="[[Joey]]"]]
4 This plugin allows files to be uploaded to the wiki over the web.
6 For each page `foo`, files in the subdirectory `foo/` are treated as
7 attachments of that page. Attachments can be uploaded and managed as
8 part of the interface for editing a page.
10 Warning: Do not enable this plugin on publically editable wikis, unless you
11 take care to lock down the types and sizes of files that can be uploaded.
12 Bear in mind that if you let anyone upload a particular kind of file
13 ("*.mp3" files, say), then someone can abuse your wiki in at least three ways:
15 1. By uploading many mp3 files, wasting your disk space.
16 2. By uploading mp3 files that attempt to exploit security holes
17 in web browsers or other players.
18 3. By uploading files that claim to be mp3 files, but are really some
19 other kind of file. Some web browsers may display a `foo.mp3` that
20 contains html as a web page; including running any malicious javascript
21 embedded in that page.
23 If you enable this plugin, be sure to lock that down, by entering an
24 [[enhanced_PageSpec|ikiwiki/pagespec/attachment]] in the "Allowed
25 Attachments" field of the wiki admin's preferences page.
27 This plugin will use the [[!cpan File::MimeInfo::Magic]] perl module, if
28 available, for mimetype checking.
30 The `virusfree` [[PageSpec|ikiwiki/pagespec/attachment]] requires that
31 ikiwiki be configured with a virus scanner program via the `virus_checker`
32 option in the setup file. If using `clamav`, with `clamd`, set it to
33 "clamdscan -". Or to use clamav without the `clamd` daemon, you
34 could set it to "clamscan -".