Bug#594705: dokuwiki: moving 'images' out of DOKU_BASE

Sat, 28 Aug 2010 07:30:19 -0700 

Package: dokuwiki
Severity: wishlist

Debian 6 with Squeeze; Dokuwiki Version -
dokuwiki:
 Installed: 0.0.20091225c-6
 Candidate: 0.0.20091225c-6
 Version table:
 *** 0.0.20091225c-6 0
       500 http://debian.osuosl.org squeeze/main Packages
       100 /var/lib/dpkg/status

This Debian 'wish list' bug is regarding having the image layout (IE,
/usr/share/dokuwiki/lib/images/) NOT being left as part of the
Dokuwiki Debian layout -- because doing so makes it harder to secure
and still be able to share/use  'smileys' etc in rendered content...
For example,

The code says this:
    function smiley($smiley) {
        if ( array_key_exists($smiley, $this->smileys) ) {
            $title = $this->_xmlEntities($this->smileys[$smiley]);
            $this->doc .= '<img
src="'.DOKU_BASE.'lib/images/smileys/'.$this->smileys[$smiley].
                '" class="middle" alt="'.
                    $this->_xmlEntities($smiley).'" />';
        } else {
            $this->doc .= $this->_xmlEntities($smiley);
        }
    }


But I had to change it so I could have a secure 'editor portion and
still server smileys:
    function smiley($smiley) {
        if ( array_key_exists($smiley, $this->smileys) ) {
            $title = $this->_xmlEntities($this->smileys[$smiley]);
            /* --wcj Sat 28Aug2010: $this->doc .= '<img
src="'.DOKU_BASE.'lib/images/smileys/'.$this->smileys[$smiley]. */
            $this->doc .= '<img src="/images/smileys/'.$this->smileys[$smiley].
                '" class="middle" alt="'.
                    $this->_xmlEntities($smiley).'" />';
        } else {
            $this->doc .= $this->_xmlEntities($smiley);
        }
    }

Where /images is a /var/www (public access) symbolic link to
.DOKU_BASE.lib/images/ using:
cd /var/www && ln -s /usr/share/dokuwiki/lib/images .

My site has an internally accessible wiki for editing but serves the
content via a special PHP content washer to the unauthenticated
public; by having /usr/share/dokuwiki/lib/images/ as part of
/usr/share/dokuwiki (DOKU_BASE) the security model of denying access
(see below) makes images not render-able.

Alias /dokuwiki /usr/share/dokuwiki/

<Directory /usr/share/dokuwiki/>
        Options +FollowSymLinks
        AllowOverride All
        Order deny,allow
        Deny from all
        Allow from localhost 127.0.0.1
        Allow from 192.168.1.102
</Directory>


Maybe it's me but I think that doing it the way I suggest makes more
sense and still allows for a secure-able wiki...
Thx/Bill :)



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to