@@ -43,6 +43,20 @@ Installation: This only works for the templatetags, the admin still allows anybody to add or delete attachments. + +Mind that you serve files! +========================== + +django-attachments stores the files in your site_media directory and does not modify +them. For example, if an user uploads a .html file your webserver will probably display +it in HTML. It's a good idea to serve such files as plain text. In a Apache2 +configuration this would look like:: + + <Location /site_media/attachments> + AddType text/plain .html .htm .shtml .php .php5 .php4 .pl .cgi + </Location> + + Usage: ====== @@ -121,6 +135,10 @@ Quick Example: Changelog: ========== +v0.3.1 (2009-07-29): + + * Added a note to the README that you should secure your static files. + v0.3 (2009-07-22): * This version adds more granular control about user permissons. You need @@ -128,4 +146,4 @@ v0.3 (2009-07-22): delete or delete foreign attachments. This might be **backwards incompatible** as you did not need to assign add/delete - permissions before! \ No newline at end of file + permissions before! README.rst @@ -1,2 +1,2 @@ [egg_info] -tag_build = dev \ No newline at end of file +tag_build = dev setup.cfg @@ -2,7 +2,7 @@ from setuptools import setup, find_packages setup( name='django-attachments', - version='0.3', + version='0.3.1', description='A generic Django application to attach Files (Attachments) to any model', long_description=open('README.rst').read(), author='Martin Mahner', setup.py 71e4ca133a1d7e35e4d7c2ad925ee46284318322 Martin Mahner martin@mahner.org http://github.com/bartTC/django-attachments/commit/e548e7c93a8fad956fae559737630231020b3bac e548e7c93a8fad956fae559737630231020b3bac 2009-08-03T02:03:18-07:00 2009-08-03T02:03:18-07:00 Added a note that you deal with files. Really. 273f1ea076acfcb7b89958c2eb9dd8efee46faaf Martin Mahner martin@mahner.org