Changeset 7432

Timestamp:

03/28/12 13:18:58 (14 months ago)

Author:

wwalc

Message:

Fixed server connectors.

Location:

FCKeditor/trunk

Files:

• _dev/build_release.bat (modified) (1 diff)
• _whatsnew.html (modified) (1 diff)
• editor/filemanager/connectors/asp/io.asp (modified) (3 diffs)
• editor/filemanager/connectors/cfm/cf5_connector.cfm (modified) (1 diff)
• editor/filemanager/connectors/cfm/cf5_upload.cfm (modified) (1 diff)
• editor/filemanager/connectors/cfm/cf_io.cfm (modified) (3 diffs)
• editor/filemanager/connectors/lasso/connector.lasso (modified) (3 diffs)
• editor/filemanager/connectors/lasso/upload.lasso (modified) (2 diffs)
• editor/filemanager/connectors/perl/commands.pl (modified) (2 diffs)
• editor/filemanager/connectors/php/io.php (modified) (3 diffs)
• editor/filemanager/connectors/py/fckutil.py (modified) (3 diffs)

FCKeditor/trunk/_dev/build_release.bat

@@ -26 +26 @@
 
 :: Update this variable for each new release.
-SET RELEASER_VERSION=2.6.7 (SVN)
+SET RELEASER_VERSION=2.6.7
 
 CLS

FCKeditor/trunk/_whatsnew.html

@@ -34 +34 @@
                 FCKeditor ChangeLog - What's New?</h1>
         <h3>
-                Version 2.6.7 (SVN)</h3>
-        <p>
-                New Features and Improvements:</p>
-        <ul>
-                <li></li>
-        </ul>
+                Version 2.6.7</h3>
         <p>
                 Fixed Bugs:</p>
         <ul>
-                <li></li>
+                <li><strong>Security release, upgrade is highly recommended </strong>(improved protection for IIS6 web server).</li>
         </ul>
         <p>

FCKeditor/trunk/editor/filemanager/connectors/asp/io.asp

@@ -192 +192 @@
         Set oRegex = New RegExp
         oRegex.Global           = True
-        oRegex.Pattern = "(/\.)|(//)|([\\:\*\?\""\<\>\|]|[\u0000-\u001F]|\u007F)"
+        oRegex.Pattern = "(/\.)|(//)|([\\:\;\.\*\?\""\<\>\|]|[\u0000-\u001F]|\u007F)"
 
         if (oRegex.Test(sCurrentFolder)) Then
@@ -208 +208 @@
 
 ' remove . \ / | : ? *  " < > and control characters
-        oRegex.Pattern = "(\.|\\|\/|\||:|\?|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
+        oRegex.Pattern = "(\.|\\|\/|\||:|\?|\;|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
         SanitizeFolderName = oRegex.Replace( sNewFolderName, "_" )
 
@@ -226 +226 @@
 
 ' remove \ / | : ? *  " < > and control characters
-        oRegex.Pattern = "(\\|\/|\||:|\?|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
+        oRegex.Pattern = "(\\|\/|\||:|\;|\?|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
         SanitizeFileName = oRegex.Replace( sNewFileName, "_" )
 

FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_connector.cfm

@@ -117 +117 @@
         <cfset xmlContent = "<Error number=""1"" text=""This connector is disabled. Please check the 'editor/filemanager/connectors/cfm/config.cfm' file"" />">
 
-<cfelseif find("..",url.currentFolder) or find("\",url.currentFolder) or REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', url.currentFolder)>
+<cfelseif find("..",url.currentFolder) or find("\",url.currentFolder) or REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\;\.\*\?\"<>])', url.currentFolder)>
 
         <cfset invalidName = true>

FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_upload.cfm

@@ -91 +91 @@
 </cfif>
 
-<cfif REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', url.currentFolder)>
+<cfif REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\;\.\*\?\"<>])', url.currentFolder)>
         <cfset SendUploadResults(102, "", "", "")>
         <cfabort>

FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_io.cfm

@@ -194 +194 @@
         <cfset sCurrentFolder = rereplace( sCurrentFolder, "//+", "/", "all" )>
 
-        <cfif find( "..", sCurrentFolder) or find( "\", sCurrentFolder) or REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', sCurrentFolder)>
+        <cfif find( "..", sCurrentFolder) or find( "\", sCurrentFolder) or REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\;\.\*\?\"<>])', sCurrentFolder)>
                 <cfif URL.Command eq "FileUpload" or URL.Command eq "QuickUpload">
                         <cfset SendUploadResults( 102, "", "", "") >
@@ -210 +210 @@
         <!--- Do a cleanup of the folder name to avoid possible problems --->
         <!--- Remove . \ / | : ? * " < > and control characters --->
-        <cfset sNewFolderName = rereplace( sNewFolderName, '\.+|\\+|\/+|\|+|\:+|\?+|\*+|"+|<+|>+|[[:cntrl:]]+', "_", "all" )>
+        <cfset sNewFolderName = rereplace( sNewFolderName, '\.+|\\+|\/+|\|+|\:+|\;+|[\.]+|\?+|\*+|"+|<+|>+|[[:cntrl:]]+', "_", "all" )>
 
         <cfreturn sNewFolderName>
@@ -294 +294 @@
         <!--- Do a cleanup of the file name to avoid possible problems --->
         <!--- Remove \ / | : ? * " < > and control characters --->
-        <cfset sNewFileName = rereplace( sNewFileName, '\\[.]+|\\+|\/+|\|+|\:+|\?+|\*+|"+|<+|>+|[[:cntrl:]]+', "_", "all" )>
+        <cfset sNewFileName = rereplace( sNewFileName, '\\[.]+|\\+|\/+|\|+|\:+|\;+|\?+|\*+|"+|<+|>+|[[:cntrl:]]+', "_", "all" )>
 
         <cfreturn sNewFileName>

FCKeditor/trunk/editor/filemanager/connectors/lasso/connector.lasso

@@ -110 +110 @@
                         $commandData += '<Error number="' + $errorNumber + '" text="Invalid type specified" />\n';
                 /if;
-        else if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\*\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]'));
+        else if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\*\\;\\.\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]'));
                 if($Command == 'FileUpload');
                         $responseType = 'html';
@@ -173 +173 @@
             */
                         case('CreateFolder');
-                                $NewFolderName = (String_ReplaceRegExp: $NewFolderName, -find='\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
+                                $NewFolderName = (String_ReplaceRegExp: $NewFolderName, -find='\\.|\\\\|\\/|\\||\\:|\\;|\\.|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
                                 var('newFolder' = $currentFolderURL + $NewFolderName + '/');
                                 file_create($newFolder);
@@ -225 +225 @@
                     */
                                         $NewFileName = $NewFile->find('OrigName');
-                                        $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
+                                        $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\;|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
                                         $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\.(?![^.]*$)', -replace='_');
                                         $OrigFilePath = $currentFolderURL + $NewFileName;
                                         $NewFilePath = $OrigFilePath;
                                         local('fileExtension') = '.' + $NewFile->find('OrigExtension');
-                                        #fileExtension = (String_ReplaceRegExp: #fileExtension, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
+                                        #fileExtension = (String_ReplaceRegExp: #fileExtension, -find='\\\\|\\/|\\||\\:|\\;|\\.|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
                                         local('shortFileName') = $NewFileName->removetrailing(#fileExtension)&;
 

FCKeditor/trunk/editor/filemanager/connectors/lasso/upload.lasso

@@ -94 +94 @@
         /define_tag;
 
-        if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\*\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]'));
+        if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\;\\.\\*\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]'));
                 $errorNumber = 102;
         /if;
@@ -117 +117 @@
                                 */
                                 $NewFileName = $NewFile->find('OrigName');
-                                $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
+                                $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\;|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
                                 $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\.(?![^.]*$)', -replace='_');
                                 $OrigFilePath = $currentFolderURL + $NewFileName;

FCKeditor/trunk/editor/filemanager/connectors/perl/commands.pl

@@ -92 +92 @@
         if($FORM{'NewFolderName'} ne "") {
                 $sNewFolderName = $FORM{'NewFolderName'};
-                $sNewFolderName =~ s/\.|\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
+                $sNewFolderName =~ s/\.|\\|\/|\||\:|\;|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
                 # Map the virtual path to the local server path of the current folder.
                 $sServerDir = &ServerMapFolder($resourceType, $currentFolder);
@@ -131 +131 @@
                 # Get the uploaded file name.
                 $sFileName = $new_fname;
-                $sFileName =~ s/\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
+                $sFileName =~ s/\\|\/|\||\:|\;|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
                 $sFileName =~ s/\.(?![^.]*$)/_/g;
 

FCKeditor/trunk/editor/filemanager/connectors/php/io.php

@@ -246 +246 @@
                 SendError( 102, '' ) ;
 
-        if ( preg_match(",(/\.)|[[:cntrl:]]|(//)|(\\\\)|([\:\*\?\"\<\>\|]),", $sCurrentFolder))
+        if ( preg_match(",(/\.)|[[:cntrl:]]|(//)|(\\\\)|([\.\;\:\*\?\"\<\>\|]),", $sCurrentFolder))
                 SendError( 102, '' ) ;
 
@@ -257 +257 @@
         $sNewFolderName = stripslashes( $sNewFolderName ) ;
 
-        // Remove . \ / | : ? * " < >
-        $sNewFolderName = preg_replace( '/\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFolderName ) ;
+        // Remove . \ / | : ; . ? * " < >
+        $sNewFolderName = preg_replace( '/\\.|\\\\|\\;|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFolderName ) ;
 
         return $sNewFolderName ;
@@ -275 +275 @@
 
         // Remove \ / | : ? * " < >
-        $sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName ) ;
+        $sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\;|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName ) ;
 
         return $sNewFileName ;

FCKeditor/trunk/editor/filemanager/connectors/py/fckutil.py

@@ -63 +63 @@
         "Do a cleanup of the folder name to avoid possible problems"
         # Remove . \ / | : ? * " < > and control characters
-        return re.sub( '\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[\x00-\x1f\x7f-\x9f]', '_', newFolderName )
+        return re.sub( '\\.|\\\\|\\/|\\;|\\||\\:|\\?|\\*|"|<|>|[\x00-\x1f\x7f-\x9f]', '_', newFolderName )
 
 def sanitizeFileName( newFileName ):
@@ -73 +73 @@
         newFileName = os.path.basename (newFileName)    # strip directories
         # Remove \ / | : ? *
-        return re.sub ( '\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[\x00-\x1f\x7f-\x9f]/', '_', newFileName )
+        return re.sub ( '\\\\|\\/|\\||\\:|\\;|\\?|\\*|"|<|>|[\x00-\x1f\x7f-\x9f]/', '_', newFileName )
 
 def getCurrentFolder(currentFolder):
@@ -94 +94 @@
 
         # Check for invalid folder paths (..)
-        if re.search( '(/\\.)|(//)|([\\\\:\\*\\?\\""\\<\\>\\|]|[\x00-\x1F]|[\x7f-\x9f])', currentFolder ):
+        if re.search( '(/\\.)|(//)|([\\\\:\\;\\*\\?\\""\\<\\>\\|]|[\x00-\x1F]|[\x7f-\x9f])', currentFolder ):
                 return None