Ticket #1650: tallyce-regexpCheck-2.5.diff.txt

File tallyce-regexpCheck-2.5.diff.txt, 5.4 KB (added by Thomas Tallyce, 12 years ago)

Patch for FCKeditor 2.5 (plus PHP connector) to implement upload filename regexp checking

Line 
1diff -ru FCKeditor_2.5-virgin/editor/filemanager/browser/default/frmupload.html FCKeditor_2.5-patched/editor/filemanager/browser/default/frmupload.html
2--- FCKeditor_2.5-virgin/editor/filemanager/browser/default/frmupload.html      2007-07-10 13:47:30.000000000 +0100
3+++ FCKeditor_2.5-patched/editor/filemanager/browser/default/frmupload.html     2007-12-10 19:15:23.000000000 +0000
4@@ -82,6 +82,9 @@
5                case 202 :
6                        alert( 'Invalid file' ) ;
7                        break ;
8+               case 204 :
9+                       alert( 'Invalid filename - it did not match a required pattern' ) ;
10+                       break ;
11                default :
12                        alert( 'Error on file upload. Error number: ' + errorNumber ) ;
13                        break ;
14diff -ru FCKeditor_2.5-virgin/editor/filemanager/connectors/php/commands.php FCKeditor_2.5-patched/editor/filemanager/connectors/php/commands.php
15--- FCKeditor_2.5-virgin/editor/filemanager/connectors/php/commands.php 2007-10-02 19:15:16.000000000 +0100
16+++ FCKeditor_2.5-patched/editor/filemanager/connectors/php/commands.php        2007-12-10 19:09:57.000000000 +0000
17@@ -205,6 +205,13 @@
18 
19                        while ( true )
20                        {
21+                               # Check filename is valid against any regexp
22+                               $arRegexp = (isSet ($Config['Regexp']) && array_key_exists ($resourceType, $Config['Regexp']) ? $Config['Regexp'][$resourceType] : false);
23+                               if ($arRegexp && !ereg( $arRegexp, RemoveExtension( $sOriginalFileName ))) {
24+                                       $sErrorNumber = '204';
25+                                       break;
26+                               }
27+
28                                $sFilePath = $sServerDir . $sFileName ;
29 
30                                if ( is_file( $sFilePath ) )
31diff -ru FCKeditor_2.5-virgin/editor/filemanager/connectors/php/config.php FCKeditor_2.5-patched/editor/filemanager/connectors/php/config.php
32--- FCKeditor_2.5-virgin/editor/filemanager/connectors/php/config.php   2007-11-21 17:46:48.000000000 +0000
33+++ FCKeditor_2.5-patched/editor/filemanager/connectors/php/config.php  2007-12-10 19:23:50.000000000 +0000
34@@ -111,6 +111,7 @@
35 
36 $Config['AllowedExtensions']['File']   = array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ;
37 $Config['DeniedExtensions']['File']            = array() ;
38+$Config['Regexp']['File']                              = '' ;
39 $Config['FileTypesPath']['File']               = $Config['UserFilesPath'] . 'file/' ;
40 $Config['FileTypesAbsolutePath']['File']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'file/' ;
41 $Config['QuickUploadPath']['File']             = $Config['UserFilesPath'] ;
42@@ -118,6 +119,7 @@
43 
44 $Config['AllowedExtensions']['Image']  = array('bmp','gif','jpeg','jpg','png') ;
45 $Config['DeniedExtensions']['Image']   = array() ;
46+$Config['Regexp']['Image']                             = '' ;
47 $Config['FileTypesPath']['Image']              = $Config['UserFilesPath'] . 'image/' ;
48 $Config['FileTypesAbsolutePath']['Image']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'image/' ;
49 $Config['QuickUploadPath']['Image']            = $Config['UserFilesPath'] ;
50@@ -125,6 +127,7 @@
51 
52 $Config['AllowedExtensions']['Flash']  = array('swf','flv') ;
53 $Config['DeniedExtensions']['Flash']   = array() ;
54+$Config['Regexp']['Flash']                             = '' ;
55 $Config['FileTypesPath']['Flash']              = $Config['UserFilesPath'] . 'flash/' ;
56 $Config['FileTypesAbsolutePath']['Flash']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'flash/' ;
57 $Config['QuickUploadPath']['Flash']            = $Config['UserFilesPath'] ;
58@@ -132,6 +135,7 @@
59 
60 $Config['AllowedExtensions']['Media']  = array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ;
61 $Config['DeniedExtensions']['Media']   = array() ;
62+$Config['Regexp']['Media']                             = '' ;
63 $Config['FileTypesPath']['Media']              = $Config['UserFilesPath'] . 'media/' ;
64 $Config['FileTypesAbsolutePath']['Media']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'media/' ;
65 $Config['QuickUploadPath']['Media']            = $Config['UserFilesPath'] ;
66diff -ru FCKeditor_2.5-virgin/editor/filemanager/connectors/test.html FCKeditor_2.5-patched/editor/filemanager/connectors/test.html
67--- FCKeditor_2.5-virgin/editor/filemanager/connectors/test.html        2007-07-10 13:47:30.000000000 +0100
68+++ FCKeditor_2.5-patched/editor/filemanager/connectors/test.html       2007-12-10 19:15:07.000000000 +0000
69@@ -84,6 +84,9 @@
70                case 202 :
71                        alert( 'Invalid file' ) ;
72                        break ;
73+               case 204 :
74+                       alert( 'Invalid filename - it did not match a required pattern' ) ;
75+                       break ;
76                default :
77                        alert( 'Error on file upload. Error number: ' + errorNumber ) ;
78                        break ;
79diff -ru FCKeditor_2.5-virgin/editor/filemanager/connectors/uploadtest.html FCKeditor_2.5-patched/editor/filemanager/connectors/uploadtest.html
80--- FCKeditor_2.5-virgin/editor/filemanager/connectors/uploadtest.html  2007-08-31 16:08:32.000000000 +0100
81+++ FCKeditor_2.5-patched/editor/filemanager/connectors/uploadtest.html 2007-12-10 19:15:13.000000000 +0000
82@@ -73,6 +73,9 @@
83                case 203 :
84                        alert( "Security error. You probably don't have enough permissions to upload. Please check your server." ) ;
85                        break ;
86+               case 204 :
87+                       alert( 'Invalid filename - it did not match a required pattern' ) ;
88+                       break ;
89                default :
90                        alert( 'Error on file upload. Error number: ' + errorNumber ) ;
91                        break ;
© 2003 – 2019 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy