File Attachments

Each topic can have one or more files of any type attached to it by using the Attach screen to upload (or download) files from your local PC. Attachments are stored under revision control: uploads are automatically backed up; all previous versions of a modified file can be retrieved.

What are attachments good for?

File Attachments can be used to archive data, or to create powerful customized groupware solutions, like file sharing and document management systems, and quick Web page authoring.

Document management system

You can use Attachments to store and retrieve documents (in any format, with associated graphics, and other media files); attach documents to topics; collaborate on documents with full revision control; distribute documents on a need-to-know basis using web and topic-level access control; create a central reference library that's easy to share with an user group spread around the world.

File sharing

For file sharing, FileAttachments on a series of topics can be used to quickly create a well-documented, categorized digital download center for all types of files: documents, graphics and other media, drivers and patches, applications; anything you can safely upload!

Web authoring

Through your web browser, you can easily upload graphics (or sound files, or anything else you want to link to on a page) and place them on a single page, or use them across a web, or site-wide.

HELP You can also add graphics - any files - directly, typically by FTP upload. This requires FTP access, and may be more convenient if you have a large number of files to load. FTP-ed files cannot be managed using browser-based attachment controls. You can use your browser to create shortcuts using Macros, like this %H% = HELP.

Attachment Names

Attachment names are stored directly in the server native file system, so filenames are sanitized to prevent use of names that would be unacceptable to the variety of platforms where Foswiki is supported. Note that the rules are different depending on whether or not your installation is configured to support international characters (UseLocale)

Default rules without international character set support.

  • Filenames must only be compose of:
    • "Mixed Alpha-Numeric" characters. (A-Z, a-z and 0-9)
    • May also contain:
      • . (period / decimal point / "dot")
      • _ (Underscore)
      • - (Hyphen or dash)
      • embedded spaces (Will be converted to underscore (_) during upload
  • Any other characters are removed from the filename.
  • Any leading dots or slashes (., \ or /) will be stripped
  • Embedded spaces will be converted to underscore _
  • Certain filenames that might be interpreted as executable code will have .txt appended. (This is set locally by your system administrator)

Attachment name rules with international character set support enabled.

  • Embedded spaces are converted to _ (Underscore).
  • Filenames are filtered according to rules set by your administrator.
  • The default rules will strip the following characters from the filename:
    • Any "whitespace" characters
    • * (Asterisk)
    • ? (Question mark)
    • ~ (Tilde)
    • ^ (Caret / Circumflex)
    • \ (Backslash)
    • $ (Dollar-sign)
    • @ (At-sign)
    • % (Percent-sign)
    • `'" Quotes (Open-quote, Close-quote/Apostrophe, and Double-quote)
    • & (Ampersand)
    • ; (Semicolon)
    • | (Vertical line)
    • <> (Less and Greater signs)
    • [] (Open and close square brackets)
    • And any ASCII control characters (Hex x00-x1f)
  • Any leading dots or slashes (., \ or /) will be stripped
  • Certain filenames that might be interpreted as executable code will have .txt appended. (This is set locally by your system administrator)

Uploading files

  • Click on the [Attach] link at the bottom of the page. The Attach screen lets you browse for a file, add a comment, and upload it. The uploaded file will show up in the file attachment table.
    HELP The topic must already exist. If it does not, it is a two step process: First create the topic, then add the file attachment.
    • Any type of file can be uploaded. Some files that might pose a security risk are renamed, for example: *.php files are renamed to *.php.txt so that no one can place code that would be read in a .php file.
    • Foswiki can limit the file size. This is defined by the %ATTACHFILESIZELIMIT% preference settings, currently set at 10000 kB.
      ALERT! It is not recommended to upload files greater than a few hundred K through a browser. Large files can be extremely slow-loading, and often time out. Use an FTP site for large file uploads.
  • Automatic attachments:
    • When enabled, all files with valid names in a topic's attachment directory are shown as attachments to the topic - even if they were directly copied to the directory and never attached by using an [Attach] link. This is a convenient way to quickly "attach" files to a topic without uploading them one by one; although at the cost of losing audit trail and version control.
      • Before an attachment is shown, the filename is filtered per the above Attachment name rules. If the filtered name is not identical to the actual file name, the file will not be included in the list of attachments
    • To enable this feature, set the {AutoAttachPubFiles} configuration option.
      HELP The automatic attachment feature can only be used by an administrator who has access to the server's file system.
  • Linking to the attached file in the topic:
    • Checking the "Create a link to the attached file" appends a link at the end of the topic. The format can be modified with the %ATTACHEDFILELINKFORMAT% preference setting. Images (files ending in gif, jpg, jpeg or png) are handled by %ATTACHEDIMAGEFORMAT%.
    • The two named preference settings may use the following variables:
      • $filename: the name of the file
      • $fileext: the filename extension (string following the last period, if present) or an empty string.
      • $fileurl: URL encoded version of the filename
      • $comment: the file comment from the upload dialog
      • $size: the filesize (%ATTACHEDIMAGEFORMAT% only)
      • Any standard formatting tokens: $n, $comma, $lt, etc.
      • Any standard time format specifiers: $year, $hours, etc.
      • $name: (deprecated, should no longer be used)

Downloading files

ALERT! There is no access control on individual attachments. If you need control over single files, create a separate topic per file and set topic-level access restrictions for each.

Moving attachment files

An attachment can be moved between topics.
  • Click [Manage] on the Attachment to be moved.
  • On the control screen, select the new web and/or topic.
  • Click [Move]. The attachment and its version history are moved. The original location is stored as topic meta data.

Deleting attachments

Move unwanted Attachments to web Trash, topic TrashAttachment.

Linking to attached files

  • To reference an attachment located in another topic, enter:
    • %PUBURL%/%WEB%/OtherTopic/Sample.txt (if it's within the same web)
    • %PUBURL%/Otherweb/OtherTopic/Sample.txt (if it's in a different web)

  • Attached HTML files and text files can be inlined in a topic. Example:
    1. [Attach] file: Sample.txt
    2. [Edit] topic and write text: %INCLUDE{"%ATTACHURL%/Sample.txt"}%

  • GIF, JPG and PNG images can be attached and shown embedded in a topic. Example:
    1. [Attach] an image file, for example: Smile.gif
    2. [Edit] topic and write text: %ATTACHURL%/Smile.gif
    3. [Preview]: text appears as /foswiki/pub/System/FileAttachment/Smile.gif, an image.

Securing Attachments

In most installations, attachments are not secured. Anyone can read them if they know the name of the web, topic and attachment.

To secure attachments, you have to control access to the attachments through the viewfile script, which requires a change in your web server configuration. To see how to configure Apache to do this, see https://foswiki.org/Support/ApacheConfigGenerator#Attachments

Examples

Following you will find some examples of screens and tables related to this topic and referenced throughout the previous text. The appearance of these tables might vary, depending on what skin is used on your Foswiki installation.

File attachment table

Files attached to a topic are displayed in a directory table, showing the different file names and attributes. An h means the attachment is hidden and not listed when viewing a topic in normal mode.

The file attachment table is normally displayed at the bottom of the page, or optionally, hidden and accessed when you click [Attach].

Topic attachments
I Attachment Action Size Date Who Comment
txttxt Sample.txt manage 0.1 K 22 Jul 2000 - 19:37 ProjectContributor Just a sample
gifgif Smile.gif manage 0.1 K 22 Jul 2000 - 19:38 ProjectContributor Smiley face

File attachment controls

Clicking on a [Manage] link takes you to a new page that looks a bit like this (depending on what skin is selected).

Here, you have different options:
  • To update an existing file, choose the updated file on your local drive and click [Update file]. The filename of the original attachment will preserved; the filename of the local file you chose will not be used.
  • To change the comment on an attachment, enter a new comment and then click [Change comment and properties only]. Note that the comment listed against the specific version will not change, however the comment displayed when viewing the topic does change.
  • To hide/unhide an attachment, enable the Do not show attachment in table checkbox, then click [Change comment and properties only].

Attach new file

Select a new local file to update attachment Sample.txt
Upload up to 10000 KB.

Comment

Describe the file so other people know what it is.

Properties

Images will be displayed, for other attachments a link will be created.

Attachments will not be shown in topic view page.

or Cancel


Related Topics: UserDocumentationCategory

This site is powered by FoswikiCopyright © by the contributing authors. All material on this site is the property of the contributing authors.
Ideas, requests, problems regarding AustLII Communities? Send feedback
This website is using cookies. More info. That's Fine