Ticket #883 (closed New Feature: wontfix)

Opened 7 years ago

Last modified 4 years ago

FTP upload for picturs with the PHP connector

Reported by: anonymous Owned by:
Priority: Normal Milestone:
Component: Server : PHP Version: FCKeditor 2.5
Keywords: SF HasPatch Cc: snefit@…

Description

It seems to be more security than change rights to the directory system. Soring files vie PHP ftp command is even better. You must only change the rights for a temporary directory and not for your working dir.


Moved from SF:
http://sourceforge.net/tracker/index.php?func=detail&aid=1482502&group_id=75348&atid=543656

Change History

comment:1 Changed 7 years ago by martinkou

  • Cc alfonsoml, snefit@… added
  • Reporter changed from martinkou to anonymous

Snefit:

please, create a new feature at http://dev.fckeditor.net and upload it there, if possible it would be great if you could also try to adapt the changes that I've made to the normal php connector in http://dev.fckeditor.net/ticket/454


Moved from SF. Original poster: alfonsoml

I have created a phpFtp Connector. All the file handling (image browsing, files, upload, directory creation...) is done through FTP. Also deleting files and folders is supported. In my case it is working, but it is not finished yet! (Too many spaghetti-code!)

Where and how can I submit this feature when it is 'ready'?

(it is a new connector and some 'minor' additions to frmresourcelist.htm)

Let me know!

SnefIT


Moved from SF. Original poster: snefit

comment:2 Changed 7 years ago by alfonsoml

  • Cc alfonsoml removed
  • Component changed from General to Server : PHP

comment:3 in reply to: ↑ description ; follow-up: ↓ 4 Changed 7 years ago by script22

Replying to anonymous:

It seems to be more security than change rights to the directory system. Soring files vie PHP ftp command is even better. You must only change the rights for a temporary directory and not for your working dir.


Moved from SF:
http://sourceforge.net/tracker/index.php?func=detail&aid=1482502&group_id=75348&atid=543656

<?php
/*
 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
 * Copyright (C) 2003-2007 Frederico Caldeira Knabben
 *
 * == BEGIN LICENSE ==
 *
 * Licensed under the terms of any of the following licenses at your
 * choice:
 *
 *  - GNU General Public License Version 2 or later (the "GPL")
 *    http://www.gnu.org/licenses/gpl.html
 *
 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
 *    http://www.gnu.org/licenses/lgpl.html
 *
 *  - Mozilla Public License Version 1.1 or later (the "MPL")
 *    http://www.mozilla.org/MPL/MPL-1.1.html
 *
 * == END LICENSE ==
 *
 * This is the File Manager Connector for PHP.
 */

function GetFolders( $resourceType, $currentFolder )
{
	global $Config ;
	
	// setting current folder
	$currentFolder = $Config['FTPfolder'] . $currentFolder ;
	
	// Arrays that will hold the folders and files names.
	$aFolders	= array() ;
	
	// set up a ftp connection or die
	$conn_id = ftp_connect($Config['FTPserver']); 
	
	// try to login
	if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {
    	echo "Connected as " . $Config[FTPuser] . "@" . $Config[FTPserver];
	} else {
    	echo "Couldn't connect as $Config[FTPuser]";
	}
		
	//loading contents of current directory and changing the current directory.
	$contents = ftp_nlist($conn_id, $currentFolder);	
	ftp_chdir($conn_id, $currentFolder);
	
	//looping through the folder contents and adding to folder array.
	foreach ($contents as $sFile)
	{	
		if ($sFile != '.' && $sFile != '..' && $sFile != '_notes') {
			$iFileSize = ftp_size($conn_id, $sFile);
			if ( $iFileSize < 0 ) {
				$aFolders[] = '<Folder name="' . ConvertToXmlAttribute( $sFile ) . '" />';
			}
		}
	}

	// Open the "Folders" node.
	echo "<Folders>" ;

	natcasesort( $aFolders ) ;
	foreach ( $aFolders as $sFolder )
		echo $sFolder ;

	// Close the "Folders" node.
	echo "</Folders>" ;
}

function GetFoldersAndFiles( $resourceType, $currentFolder )
{
	global $Config ;
	
	// setting current folder
	$currentFolder = $Config['FTPfolder'] . $currentFolder ;

	// Arrays that will hold the folders and files names.
	$aFolders	= array() ;
	$aFiles		= array() ;
	
	// set up a ftp connection or die
	$conn_id = ftp_connect($Config['FTPserver']); 
	
	// try to login
	if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {
    	echo "Connected as " . $Config[FTPuser] . "@" . $Config[FTPserver];
	} else {
    	echo "Couldn't connect as $Config[FTPuser]";
	}
	
	//loading contents of current directory and changing the current directory.
	$contents = ftp_nlist($conn_id, $currentFolder );	
	ftp_chdir($conn_id, $currentFolder);
	
	//looping through the folder contents and adding to file or folder array.
	foreach ($contents as $sFile)
	{	
		if ($sFile != '.' && $sFile != '..' && $sFile != '_notes') {
			$iFileSize = ftp_size($conn_id, $sFile);
			if ( $iFileSize > 0 )
			{
				// size is greater than 0 so it is a file.
				$iFileSize = round( $iFileSize / 1024 ) ;
				if ( $iFileSize < 1 ) $iFileSize = 1 ;
				$aFiles[] = '<File name="' . ConvertToXmlAttribute( $sFile ) . '" size="' . $iFileSize . '" base="' . $Config['FTPurl'] .'" />' ;		
			} else {
				// size is not greater than 0 so it is a folder.
				$aFolders[] = '<Folder name="' . ConvertToXmlAttribute( $sFile ) . '" />';
			}					
		}
	}

	// Send the folders
	natcasesort( $aFolders ) ;
	echo '<Folders>' ;

	foreach ( $aFolders as $sFolder )
		echo $sFolder ;

	echo '</Folders>' ;

	// Send the files
	natcasesort( $aFiles ) ;
	echo '<Files>' ;

	foreach ( $aFiles as $sFiles )
		echo $sFiles ;

	echo '</Files>' ;
}

function CreateFolder( $resourceType, $currentFolder )
{
	global $Config ;
	
	// setting current folder
	$currentFolder = $Config['FTPfolder'] . $currentFolder ;

	$sErrorNumber	= '0' ;
	$sErrorMsg		= '' ;

	if ( isset( $_GET['NewFolderName'] ) )
	{
		$sNewFolderName = $_GET['NewFolderName'] ;

		if ( strpos( $sNewFolderName, '..' ) !== FALSE )
			$sErrorNumber = '102' ;		// Invalid folder name.
		else
		{
			// set up a ftp connection or die
			$conn_id = ftp_connect($Config['FTPserver']); 
			
			// try to login
			if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {
				echo "Connected as $Config[FTPuser]@$$Config[FTP]\n";
			} else {
				echo "Couldn't connect as $Config[FTPuser]\n";
			}
			
			// try to create the directory $dir
			if (ftp_mkdir($conn_id, $currentFolder . $sNewFolderName)) {
			 	echo "successfully created $dir\n";
			} else {
			 	$sErrorNumber = '102' ;		// Invalid folder name.
			}
		}
	}
	else
		$sErrorNumber = '102' ;

	// Create the "Error" node.
	echo '<Error number="' . $sErrorNumber . '" originalDescription="' . ConvertToXmlAttribute( $sErrorMsg ) . '" />' ;
}


function FileUpload( $resourceType, $currentFolder )
{
	$sErrorNumber = '0' ;
	$sFileName = '' ;

	if ( isset( $_FILES['NewFile'] ) && !is_null( $_FILES['NewFile']['tmp_name'] ) )
	{
		global $Config ;
		
		// setting current folder
		$currentFolder = $Config['FTPfolder'] . $currentFolder ;

		$oFile = $_FILES['NewFile'] ;
		
		// Get the uploaded file name.
		$sFileName = $oFile['name'] ;

		// Replace dots in the name with underscores (only one dot can be there... security issue).
		if ( $Config['ForceSingleExtension'] )
			$sFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sFileName ) ;

		$sOriginalFileName = $sFileName ;

		// Get the extension.
		$sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ;
		$sExtension = strtolower( $sExtension ) ;

		$arAllowed	= $Config['AllowedExtensions'][$resourceType] ;
		$arDenied	= $Config['DeniedExtensions'][$resourceType] ;

		if ( ( count($arAllowed) == 0 || in_array( $sExtension, $arAllowed ) ) && ( count($arDenied) == 0 || !in_array( $sExtension, $arDenied ) ) )
		{
			$iCounter = 0 ;

			// STEP 1: first we need to upload the file to websiteamigo.com so it can be resized.
			while ( true )
			{
				if ($resourceType == 'Image') {
					$sFilePath = $Config['FTPworkingimage'] . $_POST['ddlImageSize'] . '-' . $sFileName ;
				} else {
					$sFilePath = $Config['FTPworkingimage'] . $sFileName ;					
				}				

				if ( is_file( $sFilePath ) )
				{
					$iCounter++ ;
					$sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
					$sErrorNumber = '201' ;
				}
				else
				{
					move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ;

					if ( is_file( $sFilePath ) )
					{
						$oldumask = umask(0) ;
						chmod( $sFilePath, 0777 ) ;
						umask( $oldumask ) ;
					}
					break ;
				}
			}
			
			// STEP 2: resizing the uploaded image using the class simple-image found in the scripts directory.  If the uploaded image's width is
			// greater than the height, then we resize to the width of the user selected size.  Vice versa for the height.
			if ($resourceType == 'Image') {
				include('../../../../../../../scripts/simple-image.php');
				$image = new SimpleImage();
				$image->load($sFilePath);
				if ($image->getWidth() > $image->getHeight()) {
					$image->resizeToWidth($_POST['ddlImageSize']);
				} else {
					$image->resizeToHeight($_POST['ddlImageSize']);
				}
				$image->save($sFilePath);
			}
			
			// STEP 3: moving the resized image to the ftp server.
			// set up a ftp connection or die
			$conn_id = ftp_connect($Config['FTPserver']); 
		
			// try to login
			if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {		
				// changing ftp directory
				ftp_chdir($conn_id, $currentFolder);
				
				$iCounter = 0 ;
	
				while ( true )
				{
					if ($resourceType == 'Image') {
						$sFileName = $_POST['ddlImageSize'] . '-' . $sFileName ;
					}
					
					if ( ftp_size($conn_id, $sFileName) != -1 ) {
						$iCounter++ ;
						$sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
						$sErrorNumber = '201' ;
					} else {
						ftp_put($conn_id, $sFileName, $sFilePath, FTP_BINARY);					
						break ;
					}
				}							
			} else {
				$sErrorNumber = '250' ;
			}
			
			//STEP 4: removing the file from websiteamigo.com
			unlink($sFilePath);
		} else {
			$sErrorNumber = '202' ;
		}
	}
	else
		$sErrorNumber = '202' ;

	echo '<script type="text/javascript">' ;
	echo 'window.parent.frames["frmUpload"].OnUploadCompleted(' . $sErrorNumber . ',"' . str_replace( '"', '\\"', $sFileName ) . '") ;' ;
	echo '</script>' ;

	exit ;
}
?>

comment:4 in reply to: ↑ 3 Changed 7 years ago by script22

Replying to script22:

Replying to anonymous:

It seems to be more security than change rights to the directory system. Soring files vie PHP ftp command is even better. You must only change the rights for a temporary directory and not for your working dir.


Moved from SF:
http://sourceforge.net/tracker/index.php?func=detail&aid=1482502&group_id=75348&atid=543656

<?php
/*
 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
 * Copyright (C) 2003-2007 Frederico Caldeira Knabben
 *
 * == BEGIN LICENSE ==
 *
 * Licensed under the terms of any of the following licenses at your
 * choice:
 *
 *  - GNU General Public License Version 2 or later (the "GPL")
 *    http://www.gnu.org/licenses/gpl.html
 *
 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
 *    http://www.gnu.org/licenses/lgpl.html
 *
 *  - Mozilla Public License Version 1.1 or later (the "MPL")
 *    http://www.mozilla.org/MPL/MPL-1.1.html
 *
 * == END LICENSE ==
 *
 * This is the File Manager Connector for PHP.
 */

function GetFolders( $resourceType, $currentFolder )
{
	global $Config ;
	
	// setting current folder
	$currentFolder = $Config['FTPfolder'] . $currentFolder ;
	
	// Arrays that will hold the folders and files names.
	$aFolders	= array() ;
	
	// set up a ftp connection or die
	$conn_id = ftp_connect($Config['FTPserver']); 
	
	// try to login
	if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {
    	echo "Connected as " . $Config[FTPuser] . "@" . $Config[FTPserver];
	} else {
    	echo "Couldn't connect as $Config[FTPuser]";
	}
		
	//loading contents of current directory and changing the current directory.
	$contents = ftp_nlist($conn_id, $currentFolder);	
	ftp_chdir($conn_id, $currentFolder);
	
	//looping through the folder contents and adding to folder array.
	foreach ($contents as $sFile)
	{	
		if ($sFile != '.' && $sFile != '..' && $sFile != '_notes') {
			$iFileSize = ftp_size($conn_id, $sFile);
			if ( $iFileSize < 0 ) {
				$aFolders[] = '<Folder name="' . ConvertToXmlAttribute( $sFile ) . '" />';
			}
		}
	}

	// Open the "Folders" node.
	echo "<Folders>" ;

	natcasesort( $aFolders ) ;
	foreach ( $aFolders as $sFolder )
		echo $sFolder ;

	// Close the "Folders" node.
	echo "</Folders>" ;
}

function GetFoldersAndFiles( $resourceType, $currentFolder )
{
	global $Config ;
	
	// setting current folder
	$currentFolder = $Config['FTPfolder'] . $currentFolder ;

	// Arrays that will hold the folders and files names.
	$aFolders	= array() ;
	$aFiles		= array() ;
	
	// set up a ftp connection or die
	$conn_id = ftp_connect($Config['FTPserver']); 
	
	// try to login
	if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {
    	echo "Connected as " . $Config[FTPuser] . "@" . $Config[FTPserver];
	} else {
    	echo "Couldn't connect as $Config[FTPuser]";
	}
	
	//loading contents of current directory and changing the current directory.
	$contents = ftp_nlist($conn_id, $currentFolder );	
	ftp_chdir($conn_id, $currentFolder);
	
	//looping through the folder contents and adding to file or folder array.
	foreach ($contents as $sFile)
	{	
		if ($sFile != '.' && $sFile != '..' && $sFile != '_notes') {
			$iFileSize = ftp_size($conn_id, $sFile);
			if ( $iFileSize > 0 )
			{
				// size is greater than 0 so it is a file.
				$iFileSize = round( $iFileSize / 1024 ) ;
				if ( $iFileSize < 1 ) $iFileSize = 1 ;
				$aFiles[] = '<File name="' . ConvertToXmlAttribute( $sFile ) . '" size="' . $iFileSize . '" base="' . $Config['FTPurl'] .'" />' ;		
			} else {
				// size is not greater than 0 so it is a folder.
				$aFolders[] = '<Folder name="' . ConvertToXmlAttribute( $sFile ) . '" />';
			}					
		}
	}

	// Send the folders
	natcasesort( $aFolders ) ;
	echo '<Folders>' ;

	foreach ( $aFolders as $sFolder )
		echo $sFolder ;

	echo '</Folders>' ;

	// Send the files
	natcasesort( $aFiles ) ;
	echo '<Files>' ;

	foreach ( $aFiles as $sFiles )
		echo $sFiles ;

	echo '</Files>' ;
}

function CreateFolder( $resourceType, $currentFolder )
{
	global $Config ;
	
	// setting current folder
	$currentFolder = $Config['FTPfolder'] . $currentFolder ;

	$sErrorNumber	= '0' ;
	$sErrorMsg		= '' ;

	if ( isset( $_GET['NewFolderName'] ) )
	{
		$sNewFolderName = $_GET['NewFolderName'] ;

		if ( strpos( $sNewFolderName, '..' ) !== FALSE )
			$sErrorNumber = '102' ;		// Invalid folder name.
		else
		{
			// set up a ftp connection or die
			$conn_id = ftp_connect($Config['FTPserver']); 
			
			// try to login
			if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {
				echo "Connected as $Config[FTPuser]@$$Config[FTP]\n";
			} else {
				echo "Couldn't connect as $Config[FTPuser]\n";
			}
			
			// try to create the directory $dir
			if (ftp_mkdir($conn_id, $currentFolder . $sNewFolderName)) {
			 	echo "successfully created $dir\n";
			} else {
			 	$sErrorNumber = '102' ;		// Invalid folder name.
			}
		}
	}
	else
		$sErrorNumber = '102' ;

	// Create the "Error" node.
	echo '<Error number="' . $sErrorNumber . '" originalDescription="' . ConvertToXmlAttribute( $sErrorMsg ) . '" />' ;
}


function FileUpload( $resourceType, $currentFolder )
{
	$sErrorNumber = '0' ;
	$sFileName = '' ;

	if ( isset( $_FILES['NewFile'] ) && !is_null( $_FILES['NewFile']['tmp_name'] ) )
	{
		global $Config ;
		
		// setting current folder
		$currentFolder = $Config['FTPfolder'] . $currentFolder ;

		$oFile = $_FILES['NewFile'] ;
		
		// Get the uploaded file name.
		$sFileName = $oFile['name'] ;

		// Replace dots in the name with underscores (only one dot can be there... security issue).
		if ( $Config['ForceSingleExtension'] )
			$sFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sFileName ) ;

		$sOriginalFileName = $sFileName ;

		// Get the extension.
		$sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ;
		$sExtension = strtolower( $sExtension ) ;

		$arAllowed	= $Config['AllowedExtensions'][$resourceType] ;
		$arDenied	= $Config['DeniedExtensions'][$resourceType] ;

		if ( ( count($arAllowed) == 0 || in_array( $sExtension, $arAllowed ) ) && ( count($arDenied) == 0 || !in_array( $sExtension, $arDenied ) ) )
		{
			$iCounter = 0 ;

			// STEP 1: first we need to upload the file to local server so it can be resized.
			while ( true )
			{
				if ($resourceType == 'Image') {
					$sFilePath = $Config['FTPworkingimage'] . $_POST['ddlImageSize'] . '-' . $sFileName ;
				} else {
					$sFilePath = $Config['FTPworkingimage'] . $sFileName ;					
				}				

				if ( is_file( $sFilePath ) )
				{
					$iCounter++ ;
					$sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
					$sErrorNumber = '201' ;
				}
				else
				{
					move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ;

					if ( is_file( $sFilePath ) )
					{
						$oldumask = umask(0) ;
						chmod( $sFilePath, 0777 ) ;
						umask( $oldumask ) ;
					}
					break ;
				}
			}
			
			// STEP 2: resizing the uploaded image using the class simple-image found in the scripts directory.  If the uploaded image's width is
			// greater than the height, then we resize to the width of the user selected size.  Vice versa for the height.
			if ($resourceType == 'Image') {
				include('../../../../../../../scripts/simple-image.php');
				$image = new SimpleImage();
				$image->load($sFilePath);
				if ($image->getWidth() > $image->getHeight()) {
					$image->resizeToWidth($_POST['ddlImageSize']);
				} else {
					$image->resizeToHeight($_POST['ddlImageSize']);
				}
				$image->save($sFilePath);
			}
			
			// STEP 3: moving the resized image to the ftp server.
			// set up a ftp connection or die
			$conn_id = ftp_connect($Config['FTPserver']); 
		
			// try to login
			if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {		
				// changing ftp directory
				ftp_chdir($conn_id, $currentFolder);
				
				$iCounter = 0 ;
	
				while ( true )
				{
					if ($resourceType == 'Image') {
						$sFileName = $_POST['ddlImageSize'] . '-' . $sFileName ;
					}
					
					if ( ftp_size($conn_id, $sFileName) != -1 ) {
						$iCounter++ ;
						$sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
						$sErrorNumber = '201' ;
					} else {
						ftp_put($conn_id, $sFileName, $sFilePath, FTP_BINARY);					
						break ;
					}
				}							
			} else {
				$sErrorNumber = '250' ;
			}
			
			//STEP 4: removing the file from local server
			unlink($sFilePath);
		} else {
			$sErrorNumber = '202' ;
		}
	}
	else
		$sErrorNumber = '202' ;

	echo '<script type="text/javascript">' ;
	echo 'window.parent.frames["frmUpload"].OnUploadCompleted(' . $sErrorNumber . ',"' . str_replace( '"', '\\"', $sFileName ) . '") ;' ;
	echo '</script>' ;

	exit ;
}
?>

comment:5 Changed 7 years ago by w.olchawa

  • Keywords HasPatch added

comment:6 Changed 4 years ago by wwalc

  • Status changed from new to closed
  • Version set to FCKeditor 2.5
  • Resolution set to wontfix

The file browser is now distributed as an external application: CKFinder, the built-in filemanager is no longer maintained.

If you're still looking for a similar feature, please create a feature request on the CKFinder forum

Note: See TracTickets for help on using tickets.
© 2003 – 2012 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy