1# Display File Dokuwiki Plugin
3[![MIT License](https://svgshare.com/i/TRb.svg)](https://opensource.org/licenses/MIT)
4[![DokuWiki Plugin](https://svgshare.com/i/TSa.svg)](https://www.dokuwiki.org/dokuwiki)
5[![Plugin Home](https://svgshare.com/i/TRw.svg)](https://www.dokuwiki.org/plugin:displayfile)
6[![Gitlab Repo](https://svgshare.com/i/TRR.svg)](https://gitlab.com/JayJeckel/displayfile)
7[![Gitlab Issues](https://svgshare.com/i/TSw.svg)](https://gitlab.com/JayJeckel/displayfile/issues)
8[![Gitlab Download](https://svgshare.com/i/TT5.svg)](https://gitlab.com/JayJeckel/displayfile/repository/archive.zip?ref=master)
10The Display File Plugin displays the content of a specified file on the local system using a `displayfile` element. Language-specific syntax highlighting is support using the default Dokuwiki mechanisms and several configuration options give control over what files can and can't be displayed.
12## Installation
14Search and install the plugin using the [Extension Manager](https://www.dokuwiki.org/plugin:extension) or install directly using the latest [download url](https://gitlab.com/JayJeckel/displayfile/repository/archive.zip?ref=master), otherwise refer to [Plugins](https://www.dokuwiki.org/plugins) on how to install plugins manually.
16## Usage
18The plugin offers a single block element that expands into the content of the specified file. The element is self-closing and should not be used as an open/close pair.
20| Element | Note |
22| `<<display file LANG TARGET>>` ||
23| `<displayfile LANG TARGET />` | DEPRECATED |
25| Argument | Required | Description |
27| `LANG` | yes | The language of the content file. This is used by Dokuwiki's built-in syntax highlighting GeSHi library. To disable syntax highlighting, specify a dask (-) character for the `LANG` value. The supported `LANG` values are the same as those provided by Dokuwiki's `<code>` and `<file>` markup and can be found on the Dokuwiki syntax page: [Syntax Highlighting](https://www.dokuwiki.org/wiki:syntax#syntax_highlighting) |
28| `TARGET` | yes | The specific part of a file path to the desired file on the local file system. This will be appended to the value of the plugin's `root_path` configuration option. The `TARGET` value can be enclosed in single or double quotes (' or "). The `TARGET` path part must be enclosed in quotes if it contains spaces. |
30## Configuration Settings
32The plugin provides several settings that can be modified through the [Configuration Manager](https://www.dokuwiki.org/config:manager).
34| Setting | Default | Description |
36| `root_path` | empty | Specifies the root directory displayed file paths will evaluate relative to. An empty value effectively disables the plugin. |
37| `deny_extensions` | 'sh' | Space-separated list of extensions that should be disallowed by the `displayfile` element. The deny list supersedes the allow list. An empty list means no extension is explicitly disallowed. |
38| `allow_extensions` | 'txt php js css' | Space-separated list of extensions that should be allowed by the `displayfile` element. An empty list means any extension not in the deny list will be allowed. |
40## Security
42Some level of threat is inherent in the very purpose of this plugin, displaying the contents of files from the local file system. To avoid path traversal attacks, the admin is provided with a configuration option for specifying the root directory path where displayable files are located. Validation is done to ensure that no files outside that root path are displayed and, further more, user-facing error messages have been generalized to remove the chance of ambient data probing. In addition, both allow and deny list configuration options exist to further control what files are and aren't displayable. Any security concerns or suggestions are welcome and should be raised on the [Issue Tracker](https://gitlab.com/JayJeckel/displayfile/issues).