Is there a quick and easy way to see if someone has uploaded some undesirable images to my wiki?
Install Qdig (Quick DIGital image gallery) in your uploads directory. All it takes is copying one file.
Qdig is a simple script that turns directories with images into galleries. Like PmWiki, Qdig is GNU GPL-licensed free software.
NOTE: QDig was last updated in 2007 and was written for PHP 4. It may not work properly on you version of PHP.
- Download and unpack Qdig.
- Put index.php in your
When you visit the script you'll see links to all of your group directories that contain image files. Each link leads a dynamic gallery. Supported formats are JPEG, GIF, PNG and sometimes BMP.
Optional Qdig Configuration
- Rename the Qdig script (say, to qdig.php) if you want to be able to explore the directories to look for other types of files.
- Create a link to your wiki on each gallery page by setting
$site_lnk_title = 'My Wiki'; $site_lnk_url = '../pmwiki.php';
- See the images sorted by date (rather than alphabetically) by setting
$img_links['sort_date'] = TRUE;
- Disable creating empty .txt files (although they won't hurt anything) by setting
$touch_captions = FALSE;
- Disable image conversion (thumbnails and alternate-sized images) by setting
$convert_magick = TRUE; $convert_GD = TRUE;
- Use thumbnails, but not alternate-sized images by setting
$disp_size['1'] = FALSE; $disp_size['2'] = FALSE;
/uploadsdirectory to view the images and possibly reveals otherwise-hidden group names (or page names if you use per-page uploads).
There are some things you can do to make it more secure.
Rename the Qdig Script
You should rename the script from index.php to some hard-to-guess name. Someone would need to know your
/uploads directory's URL (easy to determine) and the script name (much harder to determine).
A hard-to-guess script name is "security by obscurity", which some would say is not much security.
Add HTTP Authentication
For much better security than just renaming the script, use HTTP Authentication also. See http://qdig.sourceforge.net/Tips/HttpAuthGuide for instructions on how to set up HTTP-Auth.
Notes and Comments
- If you're using thumbnails, the thumbnail will not update itself automatically if someone replaces an image. Be sure to surf through the actual images or delete
uploads/qdig-files/and the thumbnails will be created afresh.
- This recipe was last tested on PmWiki version: 2.0.beta35
* This recipe requires at least PmWiki version: and (any other recipes)
- Cookbook.Recent Uploads Log
- Cookbook.Attachtable - enables you to immediately delete bad files from the wiki.
- Hagan Fox
- MichaelPaulukonis pointed out the security implication of having Qdig be an index file for the
See discussion at AuditImages-Talk