Thanks to Ross Kowalski and IliyanJeliazkov for the original code! I did not intend to implement uploading for 1.0 until I stumbled on this page accidentally. --CliffordAdams
The first thing is that the implementation of this upload feature is as follows.
1. An editor or administrator does ?action=upload
2. They are prompted to select a file and upload it.
3. A page is presented to them where they are shown the image as uploaded and presented with a link to the image that they can cut and paste into their wiki page.
The second thing is a BIG WARNING. There is nothing in the code to check if the uploaded file is actually an image, and there is nothing in the code to chmod the uploaded file to 666. Someone could upload and possibly run a perl script or php script. Yikes!
The third thing to know about this modified usemodwiki is that it has a printable page "feature" where clicking on a link on the goto bar links you to an identical wiki script in the same directory called waki.pl that has the header and footer turned off. This is a bizarre way of doing this, but it was quickly implemented.
While this script is not well remarked, and definitely not ready for prime time, the feature does work reliably and I use it on a wiki of mine on a regular basis.
I did recently implement an upload feature for a php based wiki pmwiki that checks if the file is an image file, limits file size to 100K, limits the image size to 300x300px, requires a password, sets the permission of the uploaded file to 666, and names it with a name in keeping with the wiki page it was uploaded for (for organizational purposes) I am very satisfied with that solution.
[Link to a modified usemod script with upload feature] - DeadLink
--Ross Kowalski
Hmm, some checks for the filename and so on needs to be added. I currently have a strange case were small parts from the file contents seems to end up in the filename. Be careful when you enable $UseUpload?. This seems to be a problem with my local CGI.pm (3.15). Bug is already known. -- MarkusLude
Here are the diffs between the original UseModWiki 0.92 and the changes in the UseModWithUploads script:
1c1 < #!/usr/local/bin/perl --- > #!/usr/bin/perl 48c48 < $UserGotoBar $UpLdDir $UpLdName ); --- > $UserGotoBar); 58,59c58,60 < $DataDir = "./mywikidb"; # Main wiki directory < $UseConfig = 0; # 1 = use config file, 0 = do not look for config --- > $DataDir = "/tmp/mywikidb"; # Main wiki directory > $UseConfig = 1; # 1 = use config file, 0 = do not look for config > 61,65c62,64 < $UpLdName = "uploads"; #name of directory for uploads < $UpLdDir = "/home/user/public_html/mywiki"; #real path to upload dir < $CookieName = "MmyWiki"; # Name for this wiki (for multi-wiki sites) < $SiteName = "MyWiki"; # Name of site (used for titles) < $HomePage = "MyWikiWelcomePage"; # Home page (change space to _) --- > $CookieName = "Wiki"; # Name for this wiki (for multi-wiki sites) > $SiteName = "Wiki"; # Name of site (used for titles) > $HomePage = "HomePage"; # Home page (change space to _) 67c66 < $LogoUrl = "/logo.jpg"; # URL for site logo ("" for no logo) --- > $LogoUrl = "/wiki.gif"; # URL for site logo ("" for no logo) 73,74c72,73 < $SiteBase = "http://www.my-domain.org/mywiki/"; # Full URL for <BASE> header < $FullUrl = ""; # Set if the auto-detected URL is wrong --- > $SiteBase = ""; # Full URL for <BASE> header > $FullUrl = ""; # Set if the auto-detected URL is wrong 76,77c75,76 < $AdminPass = "admin"; # Set to non-blank to enable password(s) < $EditPass = "edit"; # Like AdminPass, but for editing only --- > $AdminPass = ""; # Set to non-blank to enable password(s) > $EditPass = ""; # Like AdminPass, but for editing only 80c79 < $EmailFrom = "MyWiki"; # Text for "From: " field of email notes. --- > $EmailFrom = "Wiki"; # Text for "From: " field of email notes. 93,94c92,93 < $RawHtml = 1; # 1 = allow <HTML> tag, 0 = no raw HTML in pages < $HtmlTags = 1; # 1 = "unsafe" HTML tags, 0 = only minimal tags --- > $RawHtml = 0; # 1 = allow <HTML> tag, 0 = no raw HTML in pages > $HtmlTags = 0; # 1 = "unsafe" HTML tags, 0 = only minimal tags 110c109 < $HtmlLinks = 1; # 1 = allow A HREF links, 0 = no raw HTML links --- > $HtmlLinks = 0; # 1 = allow A HREF links, 0 = no raw HTML links 144c143 < $RcOldFile = "$DataDir/rclog.old"; # Old RecentChanges logfile --- > $RcOldFile = "$DataDir/oldrclog"; # Old RecentChanges logfile 309c308 < $CGI::DISABLE_UPLOADS = 0; # no uploads --- > $CGI::DISABLE_UPLOADS = 1; # no uploads 877,882d875 < sub GetPrintLink { < my ($page) = @_; < return "<a href=\"$SiteBase"."waki.pl?$page\">PrintablePage</a>"; < } < < 958,960d950 < < < 977,978d966 < < 1099c1087 < my ($id,$rev) = @_; --- > my ($id) = @_; 1108,1111d1095 < < < < 1114d1097 < $bartext .= " | " . &GetPrintLink($id); 2486,2487d2468 < } elsif ($action eq "upload") { < &DoPublish(); 2511,2516d2491 < < if (&GetParam("upload", 0)) { < &SavePublish(); < return; < } < 2614c2589 < #print "<p>", T('Summary:'), --- > print "<p>", T('Summary:'), 2618,2624c2593,2599 < #if (&GetParam("recent_edit") eq "on") { < #print "<br>", $q->checkbox(-name=>'recent_edit', -checked=>1, < # -label=>T('This change is a minor edit.')); < #} else { < # print "<br>", $q->checkbox(-name=>'recent_edit', < # -label=>T('This change is a minor edit.')); < #} --- > if (&GetParam("recent_edit") eq "on") { > print "<br>", $q->checkbox(-name=>'recent_edit', -checked=>1, > -label=>T('This change is a minor edit.')); > } else { > print "<br>", $q->checkbox(-name=>'recent_edit', > -label=>T('This change is a minor edit.')); > } 3007,3027d2981 < sub DoPublish { < print &GetHeader('', T('File Upload Page'), ''); < < < if (&UserIsAdmin || &UserIsEditor){} < else < { < print '<center>Only Administrators and Editors can upload files</center>'; < print &GetCommonFooter(); < return; < } < < print '<FORM METHOD="post" ACTION="'.$ScriptName.'" ENCTYPE="multipart/form-data">'; < print '<input type="hidden" name="upload" value="1" />'; < print 'File to Upload: <INPUT TYPE="file" NAME="file"><br><BR>'; < print '<INPUT TYPE="submit" NAME="Submit" VALUE="Upload">'; < print '</FORM>'; < < print &GetCommonFooter(); < } < 3645,3679d3598 < < ##upload additions## < < sub SavePublish { < my ($filename,$upload_filehandle); < < print &GetHeader("", "Uploading file", ""); < < < if (&UserIsAdmin || &UserIsEditor){} < else < { < print '<center>Only Administrators and Editors can upload files</center>'; < print &GetCommonFooter(); < return; < } < < $filename = $q->param("file"); < $filename =~ s/.*[\/\\](.*)/$1/; < $upload_filehandle = $q->upload("file"); < < open UPLOADFILE, ">$UpLdDir/$UpLdName/$filename"; < < < while ( <$upload_filehandle> ){print UPLOADFILE;} < close UPLOADFILE; < < print "The link to your image is...\n<br><BR>"; < print $SiteBase.$UpLdName."/".$filename."<BR><BR>\n"; < print "<HR><img src=".$SiteBase.$UpLdName."/".$filename."></html>\n"; < < print &GetCommonFooter(); < } < < ##end upload additions##
sub GetUploadLink { return &ScriptLink("action=upload", T('Upload')); } sub GetGotoBar { ... if (&UserIsAdmin || &UserIsEditor){ $bartext .= " | " . &GetUploadLink(); ## Patch: Upload } if (&GetParam("linkrandom", 0)) {
#BEGIN_PATCH --- wiki.pl 4 Jul 2003 19:03:38 -0000 1.1 +++ wiki.pl 6 Jul 2003 03:45:46 -0000 @@ -45,7 +45,7 @@ $UrlProtocols $UrlPattern $ImageExtensions $RFCPattern $ISBNPattern $FS $FS1 $FS2 $FS3 $CookieName $SiteBase $StyleSheet $NotFoundPg $FooterNote $EditNote $MaxPost $NewText $NotifyDefault $HttpCharset - $UserGotoBar); + $UserGotoBar $UpLdLinkPattern $UpLdDir $UpLdName ); # Note: $NotifyDefault is kept because it was a config variable in 0.90 # Other global variables: use vars qw(%Page %Section %Text %InterSite %SaveUrl %SaveNumUrl @@ -55,10 +55,12 @@ $q $Now $UserID $TimeZoneOffset $ScriptName $BrowseCode $OtherCode); # == Configuration ===================================================== -$DataDir = "/tmp/mywikidb"; # Main wiki directory +$DataDir = "/usr/public/Www/wiki"; # Main wiki directory $UseConfig = 1; # 1 = use config file, 0 = do not look for config # Default configuration (used if UseConfig is 0) +$UpLdName = "uploads"; #name of directory for uploads +$UpLdDir = "/home/user/public_html/mywiki"; #real path to upload dir $CookieName = "Wiki"; # Name for this wiki (for multi-wiki sites) $SiteName = "Wiki"; # Name of site (used for titles) $HomePage = "HomePage"; # Home page (change space to _) @@ -233,6 +235,7 @@ $ImageExtensions = "(gif|jpg|png|bmp|jpeg)"; $RFCPattern = "RFC\\s?(\\d+)"; $ISBNPattern = "ISBN:?([0-9- xX]{10,})"; + $UpLdLinkPattern = "upload:\/([^\\]\\s\"<>$FS]+)$QDelim"; } # Simple HTML cache @@ -305,7 +308,7 @@ my @ScriptPath = split('/', "$ENV{SCRIPT_NAME}"); $CGI::POST_MAX = $MaxPost; - $CGI::DISABLE_UPLOADS = 1; # no uploads + $CGI::DISABLE_UPLOADS = 0; # no uploads $q = new CGI; $Now = time; # Reset in case script is persistent @@ -873,6 +876,12 @@ return &ScriptLink("action=editprefs", T('Preferences')); } +sub GetPrintLink { +my ($page) = @_; + return "<a href=\"$SiteBase"."waki.pl?$page\">PrintablePage</a>"; +} + + sub GetRandomLink { return &ScriptLink("action=random", T('Random Page')); } @@ -893,6 +902,10 @@ return &ScriptLink("action=browse&diff=$diff&id=$id$rev", $text); } +sub GetUploadLink { + return &ScriptLink("action=upload", T('Upload')); +} + sub ScriptLinkTitle { my ($action, $text, $title) = @_; @@ -949,7 +962,7 @@ return $result if ($embed); if ($oldId ne '') { - $result .= $q->h3('(' . Ts('redirected from %s', + $result .= $q->h3('(' . Ts('redirected from %s', &GetEditLink($oldId, $oldId)) . ')'); } if ((!$embed) && ($LogoUrl ne "")) { @@ -1084,7 +1097,7 @@ } sub GetGotoBar { - my ($id) = @_; + my ($id,$rev) = @_; my ($main, $bartext); $bartext = &GetPageLink($HomePage); @@ -1095,6 +1108,11 @@ } $bartext .= " | " . &GetPageLink($RCName); $bartext .= " | " . &GetPrefsLink(); + $bartext .= " | " . &GetPrintLink($id); + + if (&UserIsAdmin || &UserIsEditor){ + $bartext .= " | " . &GetUploadLink(); ## Patch: Upload + } if (&GetParam("linkrandom", 0)) { $bartext .= " | " . &GetRandomLink(); } @@ -1221,6 +1239,7 @@ } s/$RFCPattern/&StoreRFC($1)/geo; s/$ISBNPattern/&StoreISBN($1)/geo; + s/$UpLdLinkPattern/&StoreUpLd($1)/geo; if ($ThinLine) { s/----+/<hr noshade size=1>/g; s/====+/<hr noshade size=2>/g; @@ -1462,6 +1481,30 @@ return "<a href=\"http://www.faqs.org/rfcs/rfc${num}.html\">RFC $num</a>"; } +sub StoreUpLd { + my ($url) = @_; + + return &StoreRaw( &UpLdLink($url)); +} + +sub UpLdLink { + my ($filename) = @_; + my ($html); + + $html = "<a href=\"" . $SiteBase . $UpLdName . "/" . ${filename} . "\">"; + + if ($filename =~ /${ImageExtensions}$/) { + $html .= "<img src=\"" . $SiteBase . $UpLdName . "/" . ${filename} . "\" alt=\"upload:/${filename}\">"; + } + else { + $html .= "upload:/${filename}"; + } + $html .= "</a>"; + + return $html; +} + + sub StoreISBN { my ($num) = @_; @@ -2466,6 +2509,8 @@ &DoEditPrefs(); } elsif ($action eq "editbanned") { &DoEditBanned(); + } elsif ($action eq "upload") { + &DoPublish(); } elsif ($action eq "editlinks") { &DoEditLinks(); } elsif ($action eq "login") { @@ -2489,6 +2534,12 @@ &DoUpdateBanned(); return; } + + if (&GetParam("upload", 0)) { + &SavePublish(); + return; + } + if (&GetParam("enter_login", 0)) { &DoLogin(); return; @@ -2979,6 +3030,27 @@ print &GetMinimumFooter(); } +sub DoPublish { + print &GetHeader('', T('File Upload Page'), ''); + + + if (&UserIsAdmin || &UserIsEditor){} + else + { + print '<center>Only Administrators and Editors can upload files</center>'; + print &GetCommonFooter(); + return; + } + + print '<FORM METHOD="post" ACTION="'.$ScriptName.'" ENCTYPE="multipart/form-data">'; + print '<input type="hidden" name="upload" value="1" />'; + print 'File to Upload: <INPUT TYPE="file" NAME="file"><br><BR>'; + print '<INPUT TYPE="submit" NAME="Submit" VALUE="Upload">'; + print '</FORM>'; + + print &GetCommonFooter(); +} + sub GetNewUserId { my ($id); @@ -3597,6 +3669,41 @@ print &GetCommonFooter(); } +##upload additions## + +sub SavePublish { + my ($filename,$upload_filehandle); + + print &GetHeader("", "Uploading file", ""); + + + if (&UserIsAdmin || &UserIsEditor) {} + else + { + print '<center>Only Administrators and Editors can upload files</center>'; + print &GetCommonFooter(); + return; + } + + $filename = $q->param("file"); + $filename =~ s/.*[\/\\](.*)/$1/; + $upload_filehandle = $q->upload("file"); + + open UPLOADFILE, ">$UpLdDir/$UpLdName/$filename"; + + + while ( <$upload_filehandle> ){print UPLOADFILE;} + close UPLOADFILE; + + print "The link to your image is ...\n<br><BR>"; + print "upload:/".$filename."<BR><BR>\n"; + print "<HR><img src=".$SiteBase.$UpLdName."/".$filename."></html>\n"; + + print &GetCommonFooter(); +} + +##end upload additions## + sub DoEditBanned { my ($banList, $status); @@ -4033,7 +4140,7 @@ sub DoShowVersion { print &GetHeader("", "Displaying Wiki Version", ""); - print "<p>UseModWiki version 0.92<p>\n"; + print "<p>UseModWiki version 0.92. Pathched for CSS and File Uploads<p>\n"; print &GetCommonFooter(); } #END_OF_OTHER_CODE #END_PATCH