Changeset 7432


Ignore:
Timestamp:
03/28/2012 01:18:58 PM (3 years ago)
Author:
wwalc
Message:

Fixed server connectors.

Location:
FCKeditor/trunk
Files:
11 edited

Legend:

Unmodified
Added
Removed
  • FCKeditor/trunk/_dev/build_release.bat

    r5128 r7432  
    2626
    2727:: Update this variable for each new release.
    28 SET RELEASER_VERSION=2.6.7 (SVN)
     28SET RELEASER_VERSION=2.6.7
    2929
    3030CLS
  • FCKeditor/trunk/_whatsnew.html

    r5128 r7432  
    3434                FCKeditor ChangeLog - What's New?</h1>
    3535        <h3>
    36                 Version 2.6.7 (SVN)</h3>
    37         <p>
    38                 New Features and Improvements:</p>
    39         <ul>
    40                 <li></li>
    41         </ul>
     36                Version 2.6.7</h3>
    4237        <p>
    4338                Fixed Bugs:</p>
    4439        <ul>
    45                 <li></li>
     40                <li><strong>Security release, upgrade is highly recommended </strong>(improved protection for IIS6 web server).</li>
    4641        </ul>
    4742        <p>
  • FCKeditor/trunk/editor/filemanager/connectors/asp/io.asp

    r5126 r7432  
    192192        Set oRegex = New RegExp
    193193        oRegex.Global           = True
    194         oRegex.Pattern = "(/\.)|(//)|([\\:\*\?\""\<\>\|]|[\u0000-\u001F]|\u007F)"
     194        oRegex.Pattern = "(/\.)|(//)|([\\:\;\.\*\?\""\<\>\|]|[\u0000-\u001F]|\u007F)"
    195195
    196196        if (oRegex.Test(sCurrentFolder)) Then
     
    208208
    209209' remove . \ / | : ? *  " < > and control characters
    210         oRegex.Pattern = "(\.|\\|\/|\||:|\?|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
     210        oRegex.Pattern = "(\.|\\|\/|\||:|\?|\;|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
    211211        SanitizeFolderName = oRegex.Replace( sNewFolderName, "_" )
    212212
     
    226226
    227227' remove \ / | : ? *  " < > and control characters
    228         oRegex.Pattern = "(\\|\/|\||:|\?|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
     228        oRegex.Pattern = "(\\|\/|\||:|\;|\?|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
    229229        SanitizeFileName = oRegex.Replace( sNewFileName, "_" )
    230230
  • FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_connector.cfm

    r5126 r7432  
    117117        <cfset xmlContent = "<Error number=""1"" text=""This connector is disabled. Please check the 'editor/filemanager/connectors/cfm/config.cfm' file"" />">
    118118
    119 <cfelseif find("..",url.currentFolder) or find("\",url.currentFolder) or REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', url.currentFolder)>
     119<cfelseif find("..",url.currentFolder) or find("\",url.currentFolder) or REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\;\.\*\?\"<>])', url.currentFolder)>
    120120
    121121        <cfset invalidName = true>
  • FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_upload.cfm

    r5126 r7432  
    9191</cfif>
    9292
    93 <cfif REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', url.currentFolder)>
     93<cfif REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\;\.\*\?\"<>])', url.currentFolder)>
    9494        <cfset SendUploadResults(102, "", "", "")>
    9595        <cfabort>
  • FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_io.cfm

    r5126 r7432  
    194194        <cfset sCurrentFolder = rereplace( sCurrentFolder, "//+", "/", "all" )>
    195195
    196         <cfif find( "..", sCurrentFolder) or find( "\", sCurrentFolder) or REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', sCurrentFolder)>
     196        <cfif find( "..", sCurrentFolder) or find( "\", sCurrentFolder) or REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\;\.\*\?\"<>])', sCurrentFolder)>
    197197                <cfif URL.Command eq "FileUpload" or URL.Command eq "QuickUpload">
    198198                        <cfset SendUploadResults( 102, "", "", "") >
     
    210210        <!--- Do a cleanup of the folder name to avoid possible problems --->
    211211        <!--- Remove . \ / | : ? * " < > and control characters --->
    212         <cfset sNewFolderName = rereplace( sNewFolderName, '\.+|\\+|\/+|\|+|\:+|\?+|\*+|"+|<+|>+|[[:cntrl:]]+', "_", "all" )>
     212        <cfset sNewFolderName = rereplace( sNewFolderName, '\.+|\\+|\/+|\|+|\:+|\;+|[\.]+|\?+|\*+|"+|<+|>+|[[:cntrl:]]+', "_", "all" )>
    213213
    214214        <cfreturn sNewFolderName>
     
    294294        <!--- Do a cleanup of the file name to avoid possible problems --->
    295295        <!--- Remove \ / | : ? * " < > and control characters --->
    296         <cfset sNewFileName = rereplace( sNewFileName, '\\[.]+|\\+|\/+|\|+|\:+|\?+|\*+|"+|<+|>+|[[:cntrl:]]+', "_", "all" )>
     296        <cfset sNewFileName = rereplace( sNewFileName, '\\[.]+|\\+|\/+|\|+|\:+|\;+|\?+|\*+|"+|<+|>+|[[:cntrl:]]+', "_", "all" )>
    297297
    298298        <cfreturn sNewFileName>
  • FCKeditor/trunk/editor/filemanager/connectors/lasso/connector.lasso

    r5126 r7432  
    110110                        $commandData += '<Error number="' + $errorNumber + '" text="Invalid type specified" />\n';
    111111                /if;
    112         else if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\*\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]'));
     112        else if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\*\\;\\.\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]'));
    113113                if($Command == 'FileUpload');
    114114                        $responseType = 'html';
     
    173173            */
    174174                        case('CreateFolder');
    175                                 $NewFolderName = (String_ReplaceRegExp: $NewFolderName, -find='\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
     175                                $NewFolderName = (String_ReplaceRegExp: $NewFolderName, -find='\\.|\\\\|\\/|\\||\\:|\\;|\\.|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
    176176                                var('newFolder' = $currentFolderURL + $NewFolderName + '/');
    177177                                file_create($newFolder);
     
    225225                    */
    226226                                        $NewFileName = $NewFile->find('OrigName');
    227                                         $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
     227                                        $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\;|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
    228228                                        $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\.(?![^.]*$)', -replace='_');
    229229                                        $OrigFilePath = $currentFolderURL + $NewFileName;
    230230                                        $NewFilePath = $OrigFilePath;
    231231                                        local('fileExtension') = '.' + $NewFile->find('OrigExtension');
    232                                         #fileExtension = (String_ReplaceRegExp: #fileExtension, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
     232                                        #fileExtension = (String_ReplaceRegExp: #fileExtension, -find='\\\\|\\/|\\||\\:|\\;|\\.|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
    233233                                        local('shortFileName') = $NewFileName->removetrailing(#fileExtension)&;
    234234
  • FCKeditor/trunk/editor/filemanager/connectors/lasso/upload.lasso

    r5126 r7432  
    9494        /define_tag;
    9595
    96         if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\*\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]'));
     96        if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\;\\.\\*\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]'));
    9797                $errorNumber = 102;
    9898        /if;
     
    117117                                */
    118118                                $NewFileName = $NewFile->find('OrigName');
    119                                 $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
     119                                $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\;|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
    120120                                $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\.(?![^.]*$)', -replace='_');
    121121                                $OrigFilePath = $currentFolderURL + $NewFileName;
  • FCKeditor/trunk/editor/filemanager/connectors/perl/commands.pl

    r5126 r7432  
    9292        if($FORM{'NewFolderName'} ne "") {
    9393                $sNewFolderName = $FORM{'NewFolderName'};
    94                 $sNewFolderName =~ s/\.|\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
     94                $sNewFolderName =~ s/\.|\\|\/|\||\:|\;|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
    9595                # Map the virtual path to the local server path of the current folder.
    9696                $sServerDir = &ServerMapFolder($resourceType, $currentFolder);
     
    131131                # Get the uploaded file name.
    132132                $sFileName = $new_fname;
    133                 $sFileName =~ s/\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
     133                $sFileName =~ s/\\|\/|\||\:|\;|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
    134134                $sFileName =~ s/\.(?![^.]*$)/_/g;
    135135
  • FCKeditor/trunk/editor/filemanager/connectors/php/io.php

    r5126 r7432  
    246246                SendError( 102, '' ) ;
    247247
    248         if ( preg_match(",(/\.)|[[:cntrl:]]|(//)|(\\\\)|([\:\*\?\"\<\>\|]),", $sCurrentFolder))
     248        if ( preg_match(",(/\.)|[[:cntrl:]]|(//)|(\\\\)|([\.\;\:\*\?\"\<\>\|]),", $sCurrentFolder))
    249249                SendError( 102, '' ) ;
    250250
     
    257257        $sNewFolderName = stripslashes( $sNewFolderName ) ;
    258258
    259         // Remove . \ / | : ? * " < >
    260         $sNewFolderName = preg_replace( '/\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFolderName ) ;
     259        // Remove . \ / | : ; . ? * " < >
     260        $sNewFolderName = preg_replace( '/\\.|\\\\|\\;|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFolderName ) ;
    261261
    262262        return $sNewFolderName ;
     
    275275
    276276        // Remove \ / | : ? * " < >
    277         $sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName ) ;
     277        $sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\;|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName ) ;
    278278
    279279        return $sNewFileName ;
  • FCKeditor/trunk/editor/filemanager/connectors/py/fckutil.py

    r5126 r7432  
    6363        "Do a cleanup of the folder name to avoid possible problems"
    6464        # Remove . \ / | : ? * " < > and control characters
    65         return re.sub( '\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[\x00-\x1f\x7f-\x9f]', '_', newFolderName )
     65        return re.sub( '\\.|\\\\|\\/|\\;|\\||\\:|\\?|\\*|"|<|>|[\x00-\x1f\x7f-\x9f]', '_', newFolderName )
    6666
    6767def sanitizeFileName( newFileName ):
     
    7373        newFileName = os.path.basename (newFileName)    # strip directories
    7474        # Remove \ / | : ? *
    75         return re.sub ( '\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[\x00-\x1f\x7f-\x9f]/', '_', newFileName )
     75        return re.sub ( '\\\\|\\/|\\||\\:|\\;|\\?|\\*|"|<|>|[\x00-\x1f\x7f-\x9f]/', '_', newFileName )
    7676
    7777def getCurrentFolder(currentFolder):
     
    9494
    9595        # Check for invalid folder paths (..)
    96         if re.search( '(/\\.)|(//)|([\\\\:\\*\\?\\""\\<\\>\\|]|[\x00-\x1F]|[\x7f-\x9f])', currentFolder ):
     96        if re.search( '(/\\.)|(//)|([\\\\:\\;\\*\\?\\""\\<\\>\\|]|[\x00-\x1F]|[\x7f-\x9f])', currentFolder ):
    9797                return None
    9898
Note: See TracChangeset for help on using the changeset viewer.
© 2003 – 2012 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy