[pmwiki-users] Re: Upload Enhancement for file deletion

Patrick R. Michaud pmichaud at pobox.com
Wed Dec 14 14:11:55 CST 2005


On Wed, Dec 14, 2005 at 01:32:45PM -0500, Dan Weber wrote:
> 
> "sven saurwein" <saurwein at komit.at> wrote in message 
> news:43A0595D.4060608 at komit.at...
> > I - once again for usability reasons- suggest putting lines
> > 65 ...('Are you sure you want to delete ' + name + '?')...
> > and
> > 75  ...&lt;del&gt;...
> >
> > also in the XLSDV
> 
> I also added the change that the delete link does not show up when the user 
> does not have upload privileges.
> 
> I'll add this script to a cookbook entry 

I just reviewed Dan's script -- my first comment is "excellent work" --
you've written most of the things the way I would've done them.
Congratulations on being able to follow the original code so well!

However, there's a couple of *serious* flaws we'll have to address.  
Since all of the delete links are normal GET requests encoded in 
<a href='...'> tags, the first robot to come along and follow those 
links is going to delete all of the uploads.

Oops.

Password protection won't help, as many sites (e.g., pmwiki.org)
run with uploads unprotected.  Robot protection won't help, as
we're bound to miss at least one robot, or a robot may cloak under
a different user agent identifier.

I think the output of (:attachlist:) will have to be a form with
checkboxes and a submit button or multiple submit buttons.
Robots typically do not follow links given in forms.  Personally
I favor checkboxes, since it's an automatic form of confirmation,
and it also makes it easier to remove multiple things at once.

The other problem is that the filename= parameter isn't currently
being filtered in any way.  So, anyone with upload privileges can do
".../pmwiki.php?action=delattach&filename=../../wiki.d/Private.GroupAttributes"
and they'll have successfully removed a page from the wiki, with no 
backup available or trace of what happened.

Oops.

Lastly, I don't think the script should directly unlink items;
instead it should probably rename them with a timestamp the way
that PmWiki does for deleting pages.  Otherwise a malicious person
can completely eliminate lots of uploads.  (This could be
controlled by an appropriate $Enable option.)

Pm




More information about the pmwiki-users mailing list