< Security Variables | Variables | Blocklist >
See also: Uploads, Uploads admin.
$EnableUpload
$EnableUpload
variable is true in config.php. Note that one may still need to set an upload password before users can upload (see UploadsAdmin).
$UploadBlacklist
$UploadBlacklist = array('.php', '.pl', '.cgi', '.py'); # disallow common script files
$UploadPermAdd
$UploadPermAdd = 0; # recommended
$UploadPermSet
0604
. Danger! Do not use this variable unless you know what you're doing! If you make a mistake, uploaded files may be impossible to edit or delete via the FTP/SSH account (in that case, Cookbook:Attachtable may be used) or to be downloaded and displayed on the website. Note that file permissions may differ on different systems - if you copy or move your PmWiki installation, you may have to change it.
$UploadDir
$UploadUrlFmt
$UploadDir
. By default, $UploadUrlFmt
is derived from $PubDirUrl
and $UploadDir
.
$IMapLinkFmt
['Attach:']$IMapLinkFmt['Attach:'] = "<a class='attachlink' href='\$LinkUrl'>\$LinkText</a>";
$LinkUploadCreateFmt
$LinkUploadCreateFmt = "<a class='createlinktext' href='\$LinkUpload'>\$LinkText</a> <a class='createlink' href='\$LinkUpload'> Δ</a>";
$UploadPrefixFmt
'/$Group'
(uploads are organized per-group), but can be set to other values for sitewide or per-page attachments.
$UploadPrefixFmt
= '/$Group/$Name'; # per-page attachments$UploadPrefixFmt
= ''; # sitewide attachments
$UploadPrefixFmt
variable defined in config.php, the same for all pages in the wiki, and not in group/page local configuration files. Otherwise you will be unable to link to attachments in other wikigroups.
$EnableDirectDownload
$EnableDirectDownload
=0; causes requests for attachments to be obtained via ?action=download
. This allows PmWiki to protect attachments using a page's read permissions, but also increases the load on the server. Don't forget to protect your directory /uploads/ with a .htaccess file (Order Deny,Allow / Deny from all).
$EnableUploadGroupAuth
$EnableUploadGroupAuth
= 1;
to authenticate downloads with the group password. This could be used together with $EnableDirectDownload
= 0;
. Note: $EnableUploadGroupAuth
should not be enabled if your wiki uses per-page attachments.
$EnableUploadVersions
file.ext,timestamp
(instead of being overwritten). timestamp
is a Unix-style timestamp.
$EnableUploadOverwrite
$UploadNameChars
"-\w. "
, which means alphanumerics, hyphens, underscores, dots, and spaces can be used in upload names, and everything else will be stripped.
$UploadNameChars
= "-\\w. !"; # allow dash, letters, digits, dots, spaces and exclamations
$UploadNameChars
= "-\\w. \\x80-\\xff"; # allow Unicode
+?:@#%!=/
have special meanings in URL addresses,
|\^`[]?:@#%/
may be impossible to save on some systems,
<>"|\^`(){}[]#%
may conflict with PmWiki markups,
$MakeUploadNamePatterns
$UploadNameChars
will be stripped, then the file extension will be converted to lowercase. Administrators can override these replacements with a custom definition (the full array needs to be defined). Currently the default sequence is: $MakeUploadNamePatterns = array( "/[^$UploadNameChars]/" => '', # strip all not-allowed characters '/\\.[^.]*$/' => 'cb_tolower', # convert extension to lowercase (callback function) '/^[^[:alnum:]_]+/' => '', # strip initial spaces, dashes, dots '/[^[:alnum:]_]+$/' => '')) # strip trailing spaces, dashes, dots
$UploadDirQuota
$UploadDirQuota = 100*1024; # limit uploads to 100KiB $UploadDirQuota = 1000*1024; # limit uploads to 1000KiB $UploadDirQuota = 1024*1024; # limit uploads to 1MiB $UploadDirQuota = 25*1024*1024; # limit uploads to 25MiB $UploadDirQuota = 2*1024*1024*1024; # limit uploads to 2GiB
$UploadPrefixQuota
uploads/GroupName
(one for every WikiGroup), or uploads/Group/PageName
(one for every page), depending on the variable $UploadPrefixFmt
.
$UploadMaxSize
$UploadExtSize
$UploadMaxSize
.
$UploadExtSize['zip'] = 2*1024*1024; # allow up to 2MiB for zip files
$UploadRedirectFunction
$pagename
and the URL of the ?action=upload page (with additional information if the upload was successful or why it wasn't, and if the file was renamed). An add-on may define its own function, for example an AJAX upload may only return some variable back to the browser.
< Security Variables | Variables | Blocklist >
This page may have a more recent version on pmwiki.org: PmWiki:UploadVariables, and a talk page: PmWiki:UploadVariables-Talk.