Wiki source code of Attachments

Last modified by Thomas Mortagne on 2023/10/10

Show last authors
1 {{box cssClass="floatinginfobox" title="**Contents**"}}
2 {{toc/}}
3 {{/box}}
5 Attachments can be uploaded either through the regular [[upload action>>Documentation.UserGuide.Features.Attachments]], [[Documentation.UserGuide.Features.WebDAV]], [[XML-RPC>>extensions:Extension.XML-RPC Integration]] or [[Rest>>Documentation.UserGuide.Features.XWikiRESTfulAPI]].
6 As an administrator you can set limits on the maximum size of an attachment and where the attachments will be stored.
8 = Size Limit =
10 The maximum size of an attachment is limited by a configuration parameter in the //XWikiPreferences// document. It is set to 100GB by default (32MB for XWiki < 10.9RC1).
11 To change it follow these steps:
13 1. Go to //{{{http://<yourwiki>/xwiki/bin/edit/XWiki/XWikiPreferences?editor=object}}}//
14 1. Click on the line that says ##XWikiPreferences 0## (right below the line that says ##Objects of type XWiki.XWikiPreferences (1)##)
15 1. Scroll down to the field that says ##Maximum Upload Size## and change the number to whatever size you want (it is expressed in bytes)
16 1. Scroll to the bottom and click "Save"
17 1. Repeat for each (sub)wiki for which you need to increase the size, since currrently this configuration has to be set per wiki
19 {{warning}}
20 Note that if you've already tried to attach a file and it failed, in order for the new size setting to be taken into account you might need to clear your browser's cache.
21 {{/warning}}
23 = Mimetype Restriction =
25 See [[Attachent Validation Application>>extensions:Extension.Attachment.Validation.UI.WebHome]].
27 = Versions =
29 When a user uploads an attachment and then uploads another attachment with the exact same name, you can decide whether or not to keep a version history of the attachments like you do with documents.
30 XWiki stores all document attachment versions by default which costs more storage space. If you need only latest versions of attachments, you can disable attachment version control by editing your [[xwiki.cfg>>Documentation.AdminGuide.Configuration#HSamplexwiki.cfg]] and adding:
32 {{code language="none"}}
34 {{/code}}
36 = Deletion =
38 Deleted attachments are stored in a recycle bin so that they can be restored along with the document when rolling back or previewing an earlier version where the attachment should be visible. To disable this feature, edit [[xwiki.cfg>>Documentation.AdminGuide.Configuration#HSamplexwiki.cfg]] and add:
40 {{code language="none"}}
41 storage.attachment.recyclebin=0
42 {{/code}}
44 You can view the list of deleted attachments in your wiki and delete them permanently by going to ##XWiki.DeletedAttachments## in your wiki.
46 = Attachment Storage =
48 XWiki offers plugin attachment storage mechanisms so you can store your attachments in the database or directly in the filesystem.
50 Generally metadata for attachment and deleted attachments stay in the database whatever store is used for the content. The metadata contains the type of store used for the content allowing each attachment to choose a different store. The consequence is that what you configure is the **default** store for a new attachment and not the store used for all attachments.
52 == Filesystem Attachment Store ==
54 {{info}}
55 The default since 10.5
56 {{/info}}
58 The Filesystem attachment store saves your attachments in files in a directory tree. This means you will have one more thing to do when you back up your data but it also means you can save larger (over one gigabyte) files. Filesystem attachment store implements a two stage commit mechanism to maintain integrity even if the database fails to commit the attachment meta-data.
60 === Filesystem attachment store location ===
62 By default the filsystem storage is located in a sub-folder (##store/file## since XWiki 11.0 and ##storage## before) of the permanent directory (defined with the parameter ##environment.permanentDirectory## in the file). By default it's defined to be ##data##, which is a directory relative to where the Java Servlet Container was started. It's recommend to modify this value to be absolute sure that you can start the Servlet Container from any directory and still have XWiki find the attachments located in this work directory.
64 For example:
66 {{code}}
67 environment.permanentDirectory=/opt/tomcat6/data
68 {{/code}}
70 Since 11.4 it's possible to set the location of the filesystem store without modifying the general permanent directory using property of the file
72 {{code}}
74 {{/code}}
76 === Other considerations ===
78 If you are running a [[cluster>>Documentation.AdminGuide.Clustering.WebHome]] you will need to have a synchronized storage directory for each node. You can use NFS or other means to mount the disk on each node in the cluster.
80 ==== Directory cleanup ====
82 Since [[XWiki 6.0M2>>xwiki:ReleaseNotes.ReleaseNotesXWiki61M2]], it is possible to save time on startup by preventing XWiki from cleaning up empty directories in the Filesystem Attachment Store. To do this, edit and set **store.fsattach.cleanOnStartup** to false. If you do this, you will be responsible for cleanup of empty directories yourself.
84 == Database Attachment Store ==
86 {{info}}
87 The default before 10.5.
88 {{/info}}
90 This attachment storage mechanism stores your attachments in database entries in the [[xwikiattachment_content>>Documentation.DevGuide.DsXWikiAttachmentContent]], [[xwikiattachment_archive>>Documentation.DevGuide.XWikiAttachmentArchive]] and [[xwikiattrecyclebin>>Documentation.DevGuide.DsXwikiRecycleBin]] tables. This system allows for easy backup of your attachments by dumping the database and keeping all of your data together, but attachment size is memory constrained since the attachment content and archive must all be held in memory. As a general rule, attachments larger than 30MB are not possible.
92 === Switch to database attachment store ===
94 These settings should read as follows:
96 {{code language="none"}}
97 = hibernate
98 = hibernate
101 # If you need to use database store for the attachment it's probably true for deleted attachments
102 = hibernate
103 {{/code}}
105 Also make sure they are not commented out.
107 {{info}}
108 When using this attachment store with a MySQL database, you must set the ##max_allowed_packet## to about 3 times the size of your largest attachment since the attachment and its version history must be saved. See the [[MySQL Installation guide>>Documentation.AdminGuide.InstallationMySQL]] for more information.
109 {{/info}}
111 = Attachment display or download =
113 When possible (see [[Security section>>#HSecurity]] below) attachments are displayed directly in the browser when accessed.
114 It is possible for developers to force-downloading an attachment by adding the parameter ##?force-download=1## in the attachment URL.
116 {{version since="12.10"}}
117 it's possible to use a dedicated property in to always force some attachment mime-types to be downloaded:
119 {{code language="none"}}
120 #-# [Since 12.10]
121 #-# Define the kind of attachment that you always want to be downloaded and never displayed inline.
122 #-# By default this list is empty, but you can specify a list of mime-types (coma separated list of values) which
123 #-# should be always downloaded no matter who attached them or what is the whitelist/blacklist configuration.
124 #-#
125 #-# The distinction with the blacklist configuration above is that the blacklist won't affect file attached by a user
126 #-# with programming rights, while this configuration affect any attachment.
127 #
128 {{/code}}
129 {{/version}}
131 = Security =
133 In order to prevent attacks by using attachments, it's possible to control which attachments' can be directly opened on the browser based on their mimetypes.
134 Two properties in allow to control that independently:
136 {{code language="none"}}
137 #-# [Since 5.2M2]
138 #-# Define the kind of attachment that can be displayed inline. You can either choose to do it through a whitelist
139 #-# (only the mimetypes defined in this list would be displayed inline) or a blacklist (every mimetype that is not in
140 #-# this list would be displayed inline if possible).
141 #-# Note that only one configuration is used between the whitelist and the blacklist, and the whitelist always have
142 #-# the priority over the blacklist. Also note that these configurations exist for security reason so they are only
143 #-# impacting attachments added by users who do not have programming rights.
144 #-# If you want to force downloading some attachments types please check the configuration below.
145 #-#
146 #-# By default we use the following whitelist (coma separated list of values).
147 #,audio/L24,audio/mp4,audio/mpeg,audio/ogg,audio/vorbis,audio/vnd.rn-realaudio,audio/vnd.wave,audio/webm,image/gif,image/jpeg,image/pjpeg,image/png,image/tiff,text/csv,text/plain,text/xml,text/rtf,video/mpeg,video/ogg,video/quicktime,video/webm,video/x-matroska,video/x-ms-wmv,video/x-flv
148 #-#
149 #-# If you prefer to use a blacklist instead, you can define the forbidden types here, as a coma separated list of
150 #-# values. We advise you to forbid at least the following mimetypes : text/html, text/javascript
151 #,text/javascript
152 {{/code}}

Get Connected