上傳管理PmWiki 包括一個 upload.php腳本允許用戶使用Web瀏覽器 upload 文件到wiki服務器。上傳文件(也稱為 附件)可以很容易地訪問wiki頁面內使用的標記。本頁面描述了如何安裝和配置上傳功能。 關於 security?的注意事項:PmWiki takes a somewhat, but justifiable, paranoid stance when it comes to the uploads feature. Thus, the default settings for uploads tend to try to restrict the feature as much as possible:
以上情況的潛在危險是有限的 除非維基管理員明確放寬了限制 請記住,讓用戶(匿名!)上傳文件到你的Web服務器會存在一些額外的風險。 upload.php 腳本設計,是減少危害, wiki administrators 應該知道潛在的安全漏洞會存在, 上傳工具設置錯誤可能導致不必要的後果。 預設情況下,被授權用戶可以覆寫已經上傳的文件,但不可以恢復以前的文件, 如果你想禁止用戶覆寫已經存在的文件,可在config.php添加以下行 : $EnableUploadOverwrite = 0;
另外,管理員可以 keep older versions 的上傳 管理員還可以 configure PmWiki密碼機制,控制上傳文件的權限 基本安裝upload.php 腳本已經自動包含在 stdconfig.php ,真正的 因此,一個基本設置上傳的config.php如下所示: <?php if (!defined('PmWiki')) exit(); ## Enable uploads and set a site-wide default upload password. $EnableUpload = 1; $DefaultPasswords['upload'] = crypt('secret'); 如果你有修改密碼,並希望允許所有用戶上傳與編輯的權利,而不是 重要: 不要自行創建的上傳目錄!參見下一段。 您可能還需要設置文件系統目錄再進行上傳,並提供一個 URL對應到該目錄,如: $UploadDir = "/home/foobar/public_html/uploads"; $UploadUrlFmt = "http://example.com/~foobar/uploads"; Upload directory configurationUploads can be configured site-wide, by-group (default), or by-page by changing 單檔案上傳$UploadPrefixFmt = '';
單文件上傳To organize uploads by page, use: $UploadPrefixFmt = '/$Group/$Name';
上傳目錄對於上傳功能能正常運作,該目錄 $UploadDir 必須為可寫入的Web服務器進程,它通常設置在網站一個可以訪問的位置(例如,在一個子目錄的public_html)。執行PmWiki與上傳啟用會提示你設置的步驟與要求,以創建您的服務器上傳目錄(它不同於一台服務器到下)。 注意,你可能需要顯式地創建可寫的組或頁面具體子目錄的! (it differs from one server to the next). Note that you are likely to be required to explicitly create writable group- or page-specific subdirectories as well! 上傳文件一旦啟用上傳功能,用戶上傳形式可在加入正常PmWiki URL 後面加上" 另一種上傳方式是在表單插入標記 " 默認情況下,PmWiki將組織上傳文件到每個組獨立的子目錄。這可以修改 $UploadPrefixFmt變量。見 Cookbook:UploadGroups。 上傳版本文件PmWiki不管理版本上傳文件默認情況下。但是,通過設置 上傳限制限制上傳的文件、groups和網頁Uploads can be enabled only for specific groups or pages by using a group customization?. Simply set Restricting total upload size for a group or the whole wikiUploads can be restricted to an overall size limit for groups. In the group configuration file (i.e., local/Group.php), add the line $UploadPrefixQuota = 1000000; # limit group uploads to 1000KB (1MB)
This will limit the total size of uploads for that group to 1000KB --any upload that pushes the total over the limit will be rejected with an error message. This value defaults to zero (unlimited). Uploads can also be restricted to an overall size limit for all uploads. Add the line $UploadDirQuota = 10000000; # limit total uploads to 10000KB (10MB)
This will limit the total size of uploads for the whole wiki to 10000KB --any upload that pushes the total over the limit will be rejected with an error message. This value defaults to zero (unlimited). 限制上傳的文件類型和大小The upload script performs a number of verifications on an uploaded file before storing it in the upload directory. The basic verifications are described below.
$UploadMaxSize = 100000;
然而,文件大小限制也可以指定每種類型的上傳文件. 因此,管理員可以限制 " $UploadExtSize['gif'] = 20000; # limit .gif files to 20KB
Setting an entry to zero disables file uploads of that type altogether: $UploadExtSize['zip'] = 0; # disallow .zip files $UploadExtSize[''] = 0; # disallow files with no extension You can limit which types of files are uploadable by disabling all defaults and specifying only desired types
Setting the variable $UploadMax to zero will disable all default file types. Individual file types may then be enabled by setting their maximum size with the variable # turns off all upload extensions $UploadMaxSize = 0; # enable only these file types for uploading $aSize=100000; // 100 KB file size limitation $UploadExtSize['jpg' ] = $aSize; $UploadExtSize['gif' ] = $aSize; $UploadExtSize['png' ] = $aSize; Adding new file types to permitted uploadsTo add a new extension to the list of allowed upload types, add a line like the following to a local customization? file: $UploadExts['ext'] = 'content-type';
where ext is the extension to be added, and content-type is the "MIME type", or content-type (which you may find here or on the lower part of this page) to be used for files with that extension. For example, to add the ' $UploadExts['dxf'] = 'image/x-dxf';
Each entry in $UploadExts needs to be the extension and the mime-type associated with that extension, thus: $UploadExts = array( 'gif' => 'image/gif', 'jpeg' => 'image/jpeg', 'jpg' => 'image/jpeg', 'png' => 'image/png', 'xxx' => 'yyyy/zzz' ); For the types that PmWiki already knows about it's not necessary to repeat them here (the upload.php script adds PmWiki's defaults to whatever the administrator supplies). See also Cookbook:UploadTypes for additional types. Other file size limitsThere are other factors involved that affect upload file sizes. In Apache 2.0, there is a `LimitRequestBody directive that controls the maximum size of anything that is posted (including file uploads). Apache has this defaulted to unlimited size. However, some Linux distributions (e.g., Red Hat Linux) limit postings to 512K so this may need to be changed or increased. (Normally these settings are in an httpd.conf configuration file or in a file in /etc/httpd/conf.d.) Problem noted on Red Hat 8.0/9.0 with Apache 2.0.x, the error "Requested content-length of 670955 is larger than the configured limit of 524288" was occurring under Apache and a "Page not found" would appear in the browser. Trying the above settings made no change with PHP, but on Red Hat 8.0/9.0 there is an additional PHP config file, /etc/httpd/conf.d/php.conf, and increasing the number on the line "LimitRequestBody 524288" solves the issue. PHP itself has two limits on file uploads (usually located in With the variables in place--PmWiki's maximum file size, Apache's request-size limits, and the PHP file size parameters, the maximum uploaded file size will be the smallest of the three variables. Password protecting uploaded filesSetting a read password for pages (and groups) will prevent an attached file from being seen or accessed through the page, but to prevent direct access to the file location (the uploads/ directory) one can do the following:
See Cookbook:Secure attachments 其它事項
file_uploads = On
upload_tmp_dir = /tmp
請注意,當您更改以上數值後,通常必須重新啟動httpd。另一個檢查的方法是設定 config.php檔案中,
" 如何禁用上傳某一類型的文件? 下面是一個例子,如何添加到您的 local/config.php 禁用上傳的 .zip 文件。或沒有擴展名的文件: $UploadExtSize['zip'] = 0; # Disallow uploading .zip files $UploadExtSize[''] = 0; # Disallow files with no extension How do I attach uploads to individual pages or the entire site, instead of organizing them by wiki group?? Use the $UploadPrefixFmt = '/$FullName'; # per-page
$UploadPrefixFmt = ''; # site-wide
For Units are in bytes.
我可以上傳不使用unicode檔名,或者其他編碼之檔名的文件嗎? 可以,參見 附件名單會被儲存在哪裡? It is generated on the fly by the (:attachlist:)? markup. 我如何才能找到遺失的附件 參見 Cookbook:Attachlist enhanced 我要如何防止我上傳的圖片被盜連(hotlinking)? 我設置config.php中文件上傳大小為8MB,但為何只能上傳小於2MB的文件? 請檢查您的 php.ini 中 upload_max_filesize upload_max_filesize = 8M 若您無法更動php.ini檔案,請直接改動server中的.htaccess檔案: php_value post_max_size 63M php_value upload_max_filesize 62M php_value memory_limit 64M php_value max_execution_time 600 php_value default_socket_timeout 600 |