< Security Variables | Variables | Blocklist >
See also: Uploads, Uploads admin.
:$EnableUpload:The upload.php script is automatically included from stdconfig.php if the $EnableUpload variable is true in config.php. Note that one may still need to set an upload password before users can upload (see UploadsAdmin).
$UploadExts
:$EnableUploadMimeMatch:By default, PmWiki only checks file extensions, and users could upload files with wrong extensions (say, a PDF file with a DOC extension, or a file with a disallowed extension renamed to an allowed one). Setting this variable to ''true'' will check the [[https://php.net/mime-content-type|MIME content type]] of the uploaded file, and if it doesn't match the one defined in $UploadExts, the upload will be refused.
: : $EnableUploadMimeMatch = true;
: : Note that occasionally this may block valid files, for example a CSV file may be detected as "text/plain" or "application/csv", or a password-protected office file may appear as "application/encrypted". To allow such files, configure the allowed content-types for the extension as regular expressions:
: :$EnableUploadMimeMatch = array( 'csv'=>'!^(text/plain|application/csv)$!', 'docx'=>'!^(application/encrypted)$!', 'gpx'=>'!^(text/xml)$!', # fix mime type for uploaded gpx files );
: : Also note that this requires the PHP Fileinfo functions to be enabled - on most systems they are, except on Windows where a php.ini configuration and a server restart may be needed.
$UploadBlacklist
: : $UploadBlacklist = array('.php', '.pl', '.cgi', '.py'); # disallow common script files
$UploadPermAdd
: : $UploadPermAdd = 0; # recommended
$UploadPermSet
0604
. Danger! Do not use this variable unless you know what you're doing! If you make a mistake, uploaded files may be impossible to edit or delete via the FTP/SSH account (in that case, Cookbook:Attachtable may be used) or to be downloaded and displayed on the website. Note that file permissions may differ on different systems - if you copy or move your PmWiki installation, you may have to change it.
$UploadDir
:$UploadUrlFmt:The url of the directory given by $UploadDir. By default, $UploadUrlFmt is derived from $PubDirUrl and $UploadDir
.
$IMapLinkFmt
['Attach:']
config.php
:$IMapLinkFmt['Attach:'] = "<a class='attachlink' href='\$LinkUrl'>\$LinkText</a>";
$LinkUploadCreateFmt
config.php
:$LinkUploadCreateFmt = "<a class='createlinktext' href='\$LinkUpload'>\$LinkText</a> <a class='createlink' href='\$LinkUpload'> Δ</a>";
:$UploadPrefixFmt:Sets the prefix for uploaded files to allow attachments to be organized other than by groups. Defaults to '/$Group'
(uploads are organized per-group), but can be set to other values for sitewide or per-page attachments.
%hlt php%@@$UploadPrefixFmt = '/$Group/$Name'; # per-page attachments
$UploadPrefixFmt
= ''; # sitewide attachments@@
: : It is recommended to have the $UploadPrefixFmt
variable defined in config.php
, the same for all pages in the wiki, and not in group/page local configuration files. Otherwise you will be unable to link to attachments in other wikigroups.
:$EnableDirectDownload:When set to 1 (the default), links to attachments bypass PmWiki and come directly from the webserver. Setting $EnableDirectDownload=0; causes requests for attachments to be obtained via ?action=download
. This allows PmWiki to protect attachments using a page's read permissions, but also increases the load on the server. Don't forget to protect your directory /uploads/ with a .htaccess
file (Order Deny,Allow / Deny from all).
:$EnableDownloadRanges: When the wiki has protected downloads (see $EnableDirectDownload), it sends a HTTP header "Accept-Ranges" and can serve partial content if the browser requests it. This can be useful for large files such as videos, and is enabled by default. Set this variable to 0 to disable this feature and serve whole files only.
:$EnableUploadGroupAuth:Set @@$EnableUploadGroupAuth = 1; to authenticate downloads with the group password. This could be used together with
$EnableDirectDownload = 0;@@. %note% Note: $EnableUploadGroupAuth should not be enabled if your wiki uses per-page attachments.
$EnableUploadVersions
file.ext,timestamp
(instead of being overwritten). timestamp
is a Unix-style timestamp.
: : When set to 2, and if a file with the same name already exists, it will rename the new file adding a unique suffix, for example existing-file-s99hup.jpg
. The suffix is a base-36 representation of the current Unix timestamp.
$EnableUploadOverwrite
$UploadNameChars
"-\w. "
, which means alphanumerics, hyphens, underscores, dots, and spaces can be used in upload names, and everything else will be stripped. It is only possible to enable characters that exist in the code page (charater set) of the wiki, see Wikipedia:Code page.
: :
: :$UploadNameChars
= "-\\w."; # default: allow dash, letters, digits, underscore, and dots (no spaces)
: : Note: Not all characters can be used in file names, because of various limitations in protocols or operating systems, file systems and server software, or conflict with PmWiki markup:
$UploadNameChars
= "-\\w. \\x80-\\xff"; # allow Unicode
+?:@#%!=/
have special meanings in URL addresses,
|\^`[]?:@#%/
may be impossible to save on some systems,
<>"|\^`(){}[]#%
may conflict with PmWiki markups,
: : so it is strongly recommended to only enable those if you know what you're doing.
$MakeUploadNamePatterns = array( "/[^$UploadNameChars]/" => '', # strip all not-allowed characters '/\\.[^.]*$/' => 'cb_tolower', # convert extension to lowercase (callback function) '/^[^[:alnum:]_]+/' => '', # strip initial spaces, dashes, dots '/[^[:alnum:]_]+$/' => '')) # strip trailing spaces, dashes, dots
$UploadDirQuota
$UploadDirQuota = 100*1024; # limit uploads to 100KiB $UploadDirQuota = 1000*1024; # limit uploads to 1000KiB $UploadDirQuota = 1024*1024; # limit uploads to 1MiB $UploadDirQuota = 25*1024*1024; # limit uploads to 25MiB $UploadDirQuota = 2*1024*1024*1024; # limit uploads to 2GiB
:$UploadPrefixQuota:Overall size limit for one directory containing uploads. This directory is usually @@uploads/GroupName@@ (one for every WikiGroup), or @@uploads/Group/PageName@@ (one for every page), depending on the variable $UploadPrefixFmt.
$UploadMaxSize
:$UploadExtSize:Maximum size per extension, overriding the default in $UploadMaxSize.
$UploadExtSize['zip'] = 2*1024*1024; # allow up to 2MiB for zip files
:$ImgDarkSuffix: A suffix for uploaded images adapted for a dark color theme. Enable with:
%hlt php%$ImgDarkSuffix = '-dark';
%%
If your skin supports toggling between light and dark color themes, a picture with a white or very light background may appear too bright on a dark theme. You can upload a separate picture adapted for the dark theme, with the same filename, and added a suffix, say "@@-dark@@". Your pictures could be "@@company-logo.png@@" and "@@company-logo%red%-dark%%.png@@", and to embed them, use the markup "@@Attach:company-logo.png@@". PmWiki will use the dark picture when the dark theme is active. See also $EnableDarkThemeToggle and Cookbook:DarkColorScheme. Only embedded pictures attached to the page are toggled. A link to such a picture will open the base (light) file even when the dark theme is enabled.
:$UploadRedirectFunction:The function to be called after a file was posted. By default the "Redirect" function is called with arguments $pagename and the URL of the ?action=upload page (with additional information if the upload was successful or why it wasn't, and if the file was renamed). An add-on may define its own function, for example an AJAX upload may only return some variable back to the browser.
< Security Variables | Variables | Blocklist >