1 | diff -ru FCKeditor_2.5-virgin/editor/filemanager/browser/default/frmupload.html FCKeditor_2.5-patched/editor/filemanager/browser/default/frmupload.html |
---|
2 | --- FCKeditor_2.5-virgin/editor/filemanager/browser/default/frmupload.html 2007-07-10 13:47:30.000000000 +0100 |
---|
3 | +++ FCKeditor_2.5-patched/editor/filemanager/browser/default/frmupload.html 2007-12-10 19:15:23.000000000 +0000 |
---|
4 | @@ -82,6 +82,9 @@ |
---|
5 | case 202 : |
---|
6 | alert( 'Invalid file' ) ; |
---|
7 | break ; |
---|
8 | + case 204 : |
---|
9 | + alert( 'Invalid filename - it did not match a required pattern' ) ; |
---|
10 | + break ; |
---|
11 | default : |
---|
12 | alert( 'Error on file upload. Error number: ' + errorNumber ) ; |
---|
13 | break ; |
---|
14 | diff -ru FCKeditor_2.5-virgin/editor/filemanager/connectors/php/commands.php FCKeditor_2.5-patched/editor/filemanager/connectors/php/commands.php |
---|
15 | --- FCKeditor_2.5-virgin/editor/filemanager/connectors/php/commands.php 2007-10-02 19:15:16.000000000 +0100 |
---|
16 | +++ FCKeditor_2.5-patched/editor/filemanager/connectors/php/commands.php 2007-12-10 19:09:57.000000000 +0000 |
---|
17 | @@ -205,6 +205,13 @@ |
---|
18 | |
---|
19 | while ( true ) |
---|
20 | { |
---|
21 | + # Check filename is valid against any regexp |
---|
22 | + $arRegexp = (isSet ($Config['Regexp']) && array_key_exists ($resourceType, $Config['Regexp']) ? $Config['Regexp'][$resourceType] : false); |
---|
23 | + if ($arRegexp && !ereg( $arRegexp, RemoveExtension( $sOriginalFileName ))) { |
---|
24 | + $sErrorNumber = '204'; |
---|
25 | + break; |
---|
26 | + } |
---|
27 | + |
---|
28 | $sFilePath = $sServerDir . $sFileName ; |
---|
29 | |
---|
30 | if ( is_file( $sFilePath ) ) |
---|
31 | diff -ru FCKeditor_2.5-virgin/editor/filemanager/connectors/php/config.php FCKeditor_2.5-patched/editor/filemanager/connectors/php/config.php |
---|
32 | --- FCKeditor_2.5-virgin/editor/filemanager/connectors/php/config.php 2007-11-21 17:46:48.000000000 +0000 |
---|
33 | +++ FCKeditor_2.5-patched/editor/filemanager/connectors/php/config.php 2007-12-10 19:23:50.000000000 +0000 |
---|
34 | @@ -111,6 +111,7 @@ |
---|
35 | |
---|
36 | $Config['AllowedExtensions']['File'] = array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ; |
---|
37 | $Config['DeniedExtensions']['File'] = array() ; |
---|
38 | +$Config['Regexp']['File'] = '' ; |
---|
39 | $Config['FileTypesPath']['File'] = $Config['UserFilesPath'] . 'file/' ; |
---|
40 | $Config['FileTypesAbsolutePath']['File']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'file/' ; |
---|
41 | $Config['QuickUploadPath']['File'] = $Config['UserFilesPath'] ; |
---|
42 | @@ -118,6 +119,7 @@ |
---|
43 | |
---|
44 | $Config['AllowedExtensions']['Image'] = array('bmp','gif','jpeg','jpg','png') ; |
---|
45 | $Config['DeniedExtensions']['Image'] = array() ; |
---|
46 | +$Config['Regexp']['Image'] = '' ; |
---|
47 | $Config['FileTypesPath']['Image'] = $Config['UserFilesPath'] . 'image/' ; |
---|
48 | $Config['FileTypesAbsolutePath']['Image']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'image/' ; |
---|
49 | $Config['QuickUploadPath']['Image'] = $Config['UserFilesPath'] ; |
---|
50 | @@ -125,6 +127,7 @@ |
---|
51 | |
---|
52 | $Config['AllowedExtensions']['Flash'] = array('swf','flv') ; |
---|
53 | $Config['DeniedExtensions']['Flash'] = array() ; |
---|
54 | +$Config['Regexp']['Flash'] = '' ; |
---|
55 | $Config['FileTypesPath']['Flash'] = $Config['UserFilesPath'] . 'flash/' ; |
---|
56 | $Config['FileTypesAbsolutePath']['Flash']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'flash/' ; |
---|
57 | $Config['QuickUploadPath']['Flash'] = $Config['UserFilesPath'] ; |
---|
58 | @@ -132,6 +135,7 @@ |
---|
59 | |
---|
60 | $Config['AllowedExtensions']['Media'] = array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ; |
---|
61 | $Config['DeniedExtensions']['Media'] = array() ; |
---|
62 | +$Config['Regexp']['Media'] = '' ; |
---|
63 | $Config['FileTypesPath']['Media'] = $Config['UserFilesPath'] . 'media/' ; |
---|
64 | $Config['FileTypesAbsolutePath']['Media']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'media/' ; |
---|
65 | $Config['QuickUploadPath']['Media'] = $Config['UserFilesPath'] ; |
---|
66 | diff -ru FCKeditor_2.5-virgin/editor/filemanager/connectors/test.html FCKeditor_2.5-patched/editor/filemanager/connectors/test.html |
---|
67 | --- FCKeditor_2.5-virgin/editor/filemanager/connectors/test.html 2007-07-10 13:47:30.000000000 +0100 |
---|
68 | +++ FCKeditor_2.5-patched/editor/filemanager/connectors/test.html 2007-12-10 19:15:07.000000000 +0000 |
---|
69 | @@ -84,6 +84,9 @@ |
---|
70 | case 202 : |
---|
71 | alert( 'Invalid file' ) ; |
---|
72 | break ; |
---|
73 | + case 204 : |
---|
74 | + alert( 'Invalid filename - it did not match a required pattern' ) ; |
---|
75 | + break ; |
---|
76 | default : |
---|
77 | alert( 'Error on file upload. Error number: ' + errorNumber ) ; |
---|
78 | break ; |
---|
79 | diff -ru FCKeditor_2.5-virgin/editor/filemanager/connectors/uploadtest.html FCKeditor_2.5-patched/editor/filemanager/connectors/uploadtest.html |
---|
80 | --- FCKeditor_2.5-virgin/editor/filemanager/connectors/uploadtest.html 2007-08-31 16:08:32.000000000 +0100 |
---|
81 | +++ FCKeditor_2.5-patched/editor/filemanager/connectors/uploadtest.html 2007-12-10 19:15:13.000000000 +0000 |
---|
82 | @@ -73,6 +73,9 @@ |
---|
83 | case 203 : |
---|
84 | alert( "Security error. You probably don't have enough permissions to upload. Please check your server." ) ; |
---|
85 | break ; |
---|
86 | + case 204 : |
---|
87 | + alert( 'Invalid filename - it did not match a required pattern' ) ; |
---|
88 | + break ; |
---|
89 | default : |
---|
90 | alert( 'Error on file upload. Error number: ' + errorNumber ) ; |
---|
91 | break ; |
---|