< Security Variables | Variables | Blocklist >
See also: Uploads, Uploads admin.
$EnableUpload
$EnableUpload
variable is true in config.php. Note that one may still need to set an upload password before users can upload (see UploadsAdmin).
$UploadBlacklist
$UploadBlacklist = array('.php', '.pl', '.cgi', '.py'); # disallow common script files
$UploadPermAdd
$UploadPermAdd = 0; # recommended
$UploadPermSet
0604
. Danger! Do not use this variable unless you know what you're doing! If you make a mistake, uploaded files may be impossible to edit or delete via the FTP/SSH account (in that case, Cookbook:Attachtable may be used) or to be downloaded and displayed on the website. Note that file permissions may differ on different systems - if you copy or move your PmWiki installation, you may have to change it.
$UploadDir
$UploadUrlFmt
$UploadDir
. By default, $UploadUrlFmt
is derived from $PubDirUrl
and $UploadDir
.
$IMapLinkFmt['Attach:']
config.php
:$IMapLinkFmt['Attach:'] = "<a class='attachlink' href='\$LinkUrl'>\$LinkText</a>";
$LinkUploadCreateFmt
config.php
:$LinkUploadCreateFmt = "<a class='createlinktext' href='\$LinkUpload'>\$LinkText</a> <a class='createlink' href='\$LinkUpload'> Δ</a>";
$UploadPrefixFmt
'/$Group'
(uploads are organized per-group), but can be set to other values for sitewide or per-page attachments.
$UploadPrefixFmt
= '/$Group/$Name'; # per-page attachments
$UploadPrefixFmt
= ''; # sitewide attachments
$UploadPrefixFmt
variable defined in config.php
, the same for all pages in the wiki, and not in group/page local configuration files. Otherwise you will be unable to link to attachments in other wikigroups.
$EnableDirectDownload
$EnableDirectDownload
=0; causes requests for attachments to be obtained via ?action=download
. This allows PmWiki to protect attachments using a page's read permissions, but also increases the load on the server. Don't forget to protect your directory /uploads/ with a .htaccess
file (Order Deny,Allow / Deny from all).
$EnableUploadGroupAuth
$EnableUploadGroupAuth
= 1;
to authenticate downloads with the group password. This could be used together with $EnableDirectDownload
= 0;
. Note: $EnableUploadGroupAuth
should not be enabled if your wiki uses per-page attachments.
$EnableUploadVersions
file.ext,timestamp
(instead of being overwritten). timestamp
is a Unix-style timestamp.
$EnableUploadOverwrite
$UploadNameChars
"-\w. "
, which means alphanumerics, hyphens, underscores, dots, and spaces can be used in upload names, and everything else will be stripped. It is only possible to enable characters that exist in the code page (charater set) of the wiki, see Wikipedia:Code page.
$UploadNameChars
= "-\\w."; # allow dash, letters, digits, underscore, and dots (no spaces)
$UploadNameChars
= "-\\w. \\x80-\\xff"; # allow Unicode
+?:@#%!=/
have special meanings in URL addresses,
|\^`[]?:@#%/
may be impossible to save on some systems,
<>"|\^`(){}[]#%
may conflict with PmWiki markups,
$MakeUploadNamePatterns
$UploadNameChars
will be stripped, then the file extension will be converted to lowercase. Administrators can override these replacements with a custom definition (the full array needs to be defined). Currently the default sequence is: $MakeUploadNamePatterns = array( "/[^$UploadNameChars]/" => '', # strip all not-allowed characters '/\\.[^.]*$/' => 'cb_tolower', # convert extension to lowercase (callback function) '/^[^[:alnum:]_]+/' => '', # strip initial spaces, dashes, dots '/[^[:alnum:]_]+$/' => '')) # strip trailing spaces, dashes, dots
$UploadDirQuota
$UploadDirQuota = 100*1024; # limit uploads to 100KiB $UploadDirQuota = 1000*1024; # limit uploads to 1000KiB $UploadDirQuota = 1024*1024; # limit uploads to 1MiB $UploadDirQuota = 25*1024*1024; # limit uploads to 25MiB $UploadDirQuota = 2*1024*1024*1024; # limit uploads to 2GiB
$UploadPrefixQuota
uploads/GroupName
(one for every WikiGroup), or uploads/Group/PageName
(one for every page), depending on the variable $UploadPrefixFmt
.
$UploadMaxSize
$UploadExtSize
$UploadMaxSize
.
$UploadExtSize['zip'] = 2*1024*1024; # allow up to 2MiB for zip files
$UploadRedirectFunction
$pagename
and the URL of the ?action=upload page (with additional information if the upload was successful or why it wasn't, and if the file was renamed). An add-on may define its own function, for example an AJAX upload may only return some variable back to the browser.
< Security Variables | Variables | Blocklist >
This page may have a more recent version on pmwiki.org: PmWiki:UploadVariables, and a talk page: PmWiki:UploadVariables-Talk.