1 | <cfsetting enablecfoutputonly="yes" showdebugoutput="no"> |
---|
2 | <!--- |
---|
3 | * FCKeditor - The text editor for Internet - http://www.fckeditor.net |
---|
4 | * Copyright (C) 2003-2007 Frederico Caldeira Knabben |
---|
5 | * |
---|
6 | * == BEGIN LICENSE == |
---|
7 | * |
---|
8 | * Licensed under the terms of any of the following licenses at your |
---|
9 | * choice: |
---|
10 | * |
---|
11 | * - GNU General Public License Version 2 or later (the "GPL") |
---|
12 | * http://www.gnu.org/licenses/gpl.html |
---|
13 | * |
---|
14 | * - GNU Lesser General Public License Version 2.1 or later (the "LGPL") |
---|
15 | * http://www.gnu.org/licenses/lgpl.html |
---|
16 | * |
---|
17 | * - Mozilla Public License Version 1.1 or later (the "MPL") |
---|
18 | * http://www.mozilla.org/MPL/MPL-1.1.html |
---|
19 | * |
---|
20 | * == END LICENSE == |
---|
21 | * |
---|
22 | * File Browser connector for ColdFusion. |
---|
23 | * (based on the original CF connector by Hendrik Kramer - hk@lwd.de) |
---|
24 | * |
---|
25 | * Note: |
---|
26 | * FCKeditor requires that the connector responds with UTF-8 encoded XML. |
---|
27 | * As ColdFusion 5 does not fully support UTF-8 encoding, we force ASCII |
---|
28 | * file and folder names in this connector to allow CF5 send a UTF-8 |
---|
29 | * encoded response - code points under 127 in UTF-8 are stored using a |
---|
30 | * single byte, using the same encoding as ASCII, which is damn handy. |
---|
31 | * This is all grand for the English speakers, like meself, but I dunno |
---|
32 | * how others are gonna take to it. Well, the previous version of this |
---|
33 | * connector already did this with file names and nobody seemed to mind, |
---|
34 | * so fingers-crossed nobody will mind their folder names being munged too. |
---|
35 | * |
---|
36 | ---> |
---|
37 | |
---|
38 | <cfparam name="url.command"> |
---|
39 | <cfparam name="url.type"> |
---|
40 | <cfparam name="url.currentFolder"> |
---|
41 | <!--- note: no serverPath url parameter - see config.cfm if you need to set the serverPath manually ---> |
---|
42 | |
---|
43 | <cfinclude template="config.cfm"> |
---|
44 | |
---|
45 | <cfscript> |
---|
46 | userFilesPath = config.userFilesPath; |
---|
47 | lAllowedExtensions = config.allowedExtensions[url.type]; |
---|
48 | lDeniedExtensions = config.deniedExtensions[url.type]; |
---|
49 | |
---|
50 | if ( find("/",getBaseTemplatePath()) neq 0 ) { |
---|
51 | fs = "/"; |
---|
52 | } else { |
---|
53 | fs = "\"; |
---|
54 | } |
---|
55 | |
---|
56 | // Get the base physical path to the web root for this application. The code to determine the path automatically assumes that |
---|
57 | // the "FCKeditor" directory in the http request path is directly off the web root for the application and that it's not a |
---|
58 | // virtual directory or a symbolic link / junction. Use the serverPath config setting to force a physical path if necessary. |
---|
59 | if ( len(config.serverPath) ) { |
---|
60 | serverPath = config.serverPath; |
---|
61 | } else { |
---|
62 | serverPath = replaceNoCase(getBaseTemplatePath(),replace(cgi.script_name,"/",fs,"all"),""); |
---|
63 | } |
---|
64 | |
---|
65 | // map the user files path to a physical directory |
---|
66 | userFilesServerPath = serverPath & userFilesPath & url.type & replace(url.currentFolder,"/",fs,"all"); |
---|
67 | |
---|
68 | //make sure userFilesPath is formatted correctly |
---|
69 | userFilesServerPath = replace(userFilesServerPath, "/", "\", "ALL"); |
---|
70 | userFilesServerPath = replace(userFilesServerPath, "\\", "\", "ALL"); |
---|
71 | |
---|
72 | xmlContent = ""; // append to this string to build content |
---|
73 | </cfscript> |
---|
74 | |
---|
75 | <cfif not config.enabled> |
---|
76 | |
---|
77 | <cfset xmlContent = "<Error number=""1"" text=""This connector is disabled. Please check the 'editor/filemanager/browser/default/connectors/cfm/config.cfm' file"" />"> |
---|
78 | |
---|
79 | <cfelseif find("..",url.currentFolder)> |
---|
80 | |
---|
81 | <cfset xmlContent = "<Error number=""102"" />"> |
---|
82 | |
---|
83 | </cfif> |
---|
84 | |
---|
85 | <cfif not len(xmlContent)> |
---|
86 | |
---|
87 | <!--- create directories in physical path if they don't already exist ---> |
---|
88 | <cfset currentPath = ""> |
---|
89 | <cftry> |
---|
90 | <cfloop list="#userFilesServerPath#" index="name" delimiters="/"> |
---|
91 | |
---|
92 | <cfif not directoryExists(currentPath & fs & name)> |
---|
93 | <cfdirectory action="create" directory="#currentPath##fs##name#" mode="755"> |
---|
94 | </cfif> |
---|
95 | |
---|
96 | <cfset currentPath = currentPath & fs & name> |
---|
97 | |
---|
98 | </cfloop> |
---|
99 | |
---|
100 | <!--- create sub-directory for file type if it doesn't already exist ---> |
---|
101 | <!--- |
---|
102 | <cfif not directoryExists(userFilesServerPath & url.type)> |
---|
103 | <cfdirectory action="create" directory="#userFilesServerPath##url.type#" mode="755"> |
---|
104 | </cfif> |
---|
105 | ---> |
---|
106 | <cfcatch> |
---|
107 | |
---|
108 | <!--- this should only occur as a result of a permissions problem ---> |
---|
109 | <cfset xmlContent = "<Error number=""103"" />"> |
---|
110 | |
---|
111 | </cfcatch> |
---|
112 | </cftry> |
---|
113 | |
---|
114 | </cfif> |
---|
115 | |
---|
116 | <cfif not len(xmlContent)> |
---|
117 | |
---|
118 | <!--- no errors thus far - run command ---> |
---|
119 | |
---|
120 | <!--- we need to know the physical path to the current folder for all commands ---> |
---|
121 | <cfset currentFolderPath = userFilesServerPath> |
---|
122 | |
---|
123 | <cfswitch expression="#url.command#"> |
---|
124 | |
---|
125 | |
---|
126 | <cfcase value="FileUpload"> |
---|
127 | |
---|
128 | <cfset fileName = ""> |
---|
129 | <cfset fileExt = ""> |
---|
130 | |
---|
131 | <cftry> |
---|
132 | |
---|
133 | <!--- TODO: upload to a temp directory and move file if extension is allowed ---> |
---|
134 | |
---|
135 | <!--- first upload the file with an unique filename ---> |
---|
136 | <cffile action="upload" |
---|
137 | fileField="NewFile" |
---|
138 | destination="#currentFolderPath#" |
---|
139 | nameConflict="makeunique" |
---|
140 | mode="644" |
---|
141 | attributes="normal"> |
---|
142 | |
---|
143 | <cfif cffile.fileSize EQ 0> |
---|
144 | <cfthrow> |
---|
145 | </cfif> |
---|
146 | |
---|
147 | <cfif ( len(lAllowedExtensions) and not listFindNoCase(lAllowedExtensions,cffile.ServerFileExt) ) |
---|
148 | or ( len(lDeniedExtensions) and listFindNoCase(lDeniedExtensions,cffile.ServerFileExt) )> |
---|
149 | |
---|
150 | <cfset errorNumber = "202"> |
---|
151 | <cffile action="delete" file="#cffile.ServerDirectory##fs##cffile.ServerFile#"> |
---|
152 | |
---|
153 | <cfelse> |
---|
154 | |
---|
155 | <cfscript> |
---|
156 | errorNumber = 0; |
---|
157 | fileName = cffile.ClientFileName; |
---|
158 | fileExt = cffile.ServerFileExt; |
---|
159 | |
---|
160 | // munge filename for html download. Only a-z, 0-9, _, - and . are allowed |
---|
161 | if( reFind("[^A-Za-z0-9_\-\.]", fileName) ) { |
---|
162 | fileName = reReplace(fileName, "[^A-Za-z0-9\-\.]", "_", "ALL"); |
---|
163 | fileName = reReplace(fileName, "_{2,}", "_", "ALL"); |
---|
164 | fileName = reReplace(fileName, "([^_]+)_+$", "\1", "ALL"); |
---|
165 | fileName = reReplace(fileName, "$_([^_]+)$", "\1", "ALL"); |
---|
166 | } |
---|
167 | |
---|
168 | // When the original filename already exists, add numbers (0), (1), (2), ... at the end of the filename. |
---|
169 | if( compare( cffile.ServerFileName, fileName ) ) { |
---|
170 | counter = 0; |
---|
171 | tmpFileName = fileName; |
---|
172 | while( fileExists("#currentFolderPath##fileName#.#fileExt#") ) { |
---|
173 | counter = counter + 1; |
---|
174 | fileName = tmpFileName & '(#counter#)'; |
---|
175 | } |
---|
176 | } |
---|
177 | </cfscript> |
---|
178 | |
---|
179 | <!--- Rename the uploaded file, if neccessary ---> |
---|
180 | <cfif compare(cffile.ServerFileName,fileName)> |
---|
181 | |
---|
182 | <cfset errorNumber = "201"> |
---|
183 | <cffile |
---|
184 | action="rename" |
---|
185 | source="#currentFolderPath##cffile.ServerFileName#.#cffile.ServerFileExt#" |
---|
186 | destination="#currentFolderPath##fileName#.#fileExt#" |
---|
187 | mode="644" |
---|
188 | attributes="normal"> |
---|
189 | |
---|
190 | </cfif> |
---|
191 | |
---|
192 | </cfif> |
---|
193 | |
---|
194 | <cfcatch type="Any"> |
---|
195 | |
---|
196 | <cfset errorNumber = "202"> |
---|
197 | |
---|
198 | </cfcatch> |
---|
199 | |
---|
200 | </cftry> |
---|
201 | |
---|
202 | |
---|
203 | <cfif errorNumber eq 201> |
---|
204 | |
---|
205 | <!--- file was changed (201), submit the new filename ---> |
---|
206 | <cfoutput> |
---|
207 | <script type="text/javascript"> |
---|
208 | window.parent.frames['frmUpload'].OnUploadCompleted(#errorNumber#,'#replace( fileName & "." & fileExt, "'", "\'", "ALL")#'); |
---|
209 | </script> |
---|
210 | </cfoutput> |
---|
211 | |
---|
212 | <cfelse> |
---|
213 | |
---|
214 | <!--- file was uploaded succesfully(0) or an error occured(202). Submit only the error code. ---> |
---|
215 | <cfoutput> |
---|
216 | <script type="text/javascript"> |
---|
217 | window.parent.frames['frmUpload'].OnUploadCompleted(#errorNumber#); |
---|
218 | </script> |
---|
219 | </cfoutput> |
---|
220 | |
---|
221 | </cfif> |
---|
222 | |
---|
223 | <cfabort> |
---|
224 | |
---|
225 | </cfcase> |
---|
226 | |
---|
227 | |
---|
228 | <cfcase value="GetFolders"> |
---|
229 | |
---|
230 | <!--- Sort directories first, name ascending ---> |
---|
231 | <cfdirectory |
---|
232 | action="list" |
---|
233 | directory="#currentFolderPath#" |
---|
234 | name="qDir" |
---|
235 | sort="type,name"> |
---|
236 | |
---|
237 | <cfscript> |
---|
238 | i=1; |
---|
239 | folders = ""; |
---|
240 | while( i lte qDir.recordCount ) { |
---|
241 | if( not compareNoCase( qDir.type[i], "FILE" )) |
---|
242 | break; |
---|
243 | if( not listFind(".,..", qDir.name[i]) ) |
---|
244 | folders = folders & '<Folder name="#HTMLEditFormat( qDir.name[i] )#" />'; |
---|
245 | i=i+1; |
---|
246 | } |
---|
247 | |
---|
248 | xmlContent = xmlContent & '<Folders>' & folders & '</Folders>'; |
---|
249 | </cfscript> |
---|
250 | |
---|
251 | </cfcase> |
---|
252 | |
---|
253 | |
---|
254 | <cfcase value="GetFoldersAndFiles"> |
---|
255 | |
---|
256 | <!--- Sort directories first, name ascending ---> |
---|
257 | <cfdirectory |
---|
258 | action="list" |
---|
259 | directory="#currentFolderPath#" |
---|
260 | name="qDir" |
---|
261 | sort="type,name"> |
---|
262 | |
---|
263 | <cfscript> |
---|
264 | i=1; |
---|
265 | folders = ""; |
---|
266 | files = ""; |
---|
267 | while( i lte qDir.recordCount ) { |
---|
268 | if( not compareNoCase( qDir.type[i], "DIR" ) and not listFind(".,..", qDir.name[i]) ) { |
---|
269 | folders = folders & '<Folder name="#HTMLEditFormat(qDir.name[i])#" />'; |
---|
270 | } else if( not compareNoCase( qDir.type[i], "FILE" ) ) { |
---|
271 | fileSizeKB = round(qDir.size[i] / 1024); |
---|
272 | files = files & '<File name="#HTMLEditFormat(qDir.name[i])#" size="#IIf( fileSizeKB GT 0, DE( fileSizeKB ), 1)#" />'; |
---|
273 | } |
---|
274 | i=i+1; |
---|
275 | } |
---|
276 | |
---|
277 | xmlContent = xmlContent & '<Folders>' & folders & '</Folders>'; |
---|
278 | xmlContent = xmlContent & '<Files>' & files & '</Files>'; |
---|
279 | </cfscript> |
---|
280 | |
---|
281 | </cfcase> |
---|
282 | |
---|
283 | |
---|
284 | <cfcase value="CreateFolder"> |
---|
285 | |
---|
286 | <cfparam name="url.newFolderName" default=""> |
---|
287 | |
---|
288 | <cfscript> |
---|
289 | newFolderName = url.newFolderName; |
---|
290 | if( reFind("[^A-Za-z0-9_\-\.]", newFolderName) ) { |
---|
291 | // Munge folder name same way as we do the filename |
---|
292 | // This means folder names are always US-ASCII so we don't have to worry about CF5 and UTF-8 |
---|
293 | newFolderName = reReplace(newFolderName, "[^A-Za-z0-9\-\.]", "_", "all"); |
---|
294 | newFolderName = reReplace(newFolderName, "_{2,}", "_", "all"); |
---|
295 | newFolderName = reReplace(newFolderName, "([^_]+)_+$", "\1", "all"); |
---|
296 | newFolderName = reReplace(newFolderName, "$_([^_]+)$", "\1", "all"); |
---|
297 | } |
---|
298 | </cfscript> |
---|
299 | |
---|
300 | <cfif not len(newFolderName) or len(newFolderName) gt 255> |
---|
301 | <cfset errorNumber = 102> |
---|
302 | <cfelseif directoryExists(currentFolderPath & newFolderName)> |
---|
303 | <cfset errorNumber = 101> |
---|
304 | <cfelseif reFind("^\.\.",newFolderName)> |
---|
305 | <cfset errorNumber = 103> |
---|
306 | <cfelse> |
---|
307 | <cfset errorNumber = 0> |
---|
308 | |
---|
309 | <cftry> |
---|
310 | <cfdirectory |
---|
311 | action="create" |
---|
312 | directory="#currentFolderPath##newFolderName#" |
---|
313 | mode="755"> |
---|
314 | <cfcatch> |
---|
315 | <!--- |
---|
316 | un-resolvable error numbers in ColdFusion: |
---|
317 | * 102 : Invalid folder name. |
---|
318 | * 103 : You have no permissions to create the folder. |
---|
319 | ---> |
---|
320 | <cfset errorNumber = 110> |
---|
321 | </cfcatch> |
---|
322 | </cftry> |
---|
323 | </cfif> |
---|
324 | |
---|
325 | <cfset xmlContent = xmlContent & '<Error number="#errorNumber#" />'> |
---|
326 | |
---|
327 | </cfcase> |
---|
328 | |
---|
329 | |
---|
330 | <cfdefaultcase> |
---|
331 | |
---|
332 | <cfthrow type="fckeditor.connector" message="Illegal command: #url.command#"> |
---|
333 | |
---|
334 | </cfdefaultcase> |
---|
335 | |
---|
336 | |
---|
337 | </cfswitch> |
---|
338 | |
---|
339 | </cfif> |
---|
340 | |
---|
341 | <cfscript> |
---|
342 | xmlHeader = '<?xml version="1.0" encoding="utf-8" ?><Connector command="#url.command#" resourceType="#url.type#">'; |
---|
343 | xmlHeader = xmlHeader & '<CurrentFolder path="#url.currentFolder#" url="#userFilesPath##url.type##url.currentFolder#" />'; |
---|
344 | xmlFooter = '</Connector>'; |
---|
345 | </cfscript> |
---|
346 | |
---|
347 | <cfheader name="Expires" value="#GetHttpTimeString(Now())#"> |
---|
348 | <cfheader name="Pragma" value="no-cache"> |
---|
349 | <cfheader name="Cache-Control" value="no-cache, no-store, must-revalidate"> |
---|
350 | <cfcontent reset="true" type="text/xml; charset=UTF-8"> |
---|
351 | <cfoutput>#xmlHeader##xmlContent##xmlFooter#</cfoutput> |
---|
352 | |
---|
353 | |
---|
354 | |
---|
355 | /* // make sure the user files path is correctly formatted |
---|
356 | userFilesPath = replace(userFilesPath, "\", "/", "ALL"); |
---|
357 | if ( right(userFilesPath,1) neq "/" ) { |
---|
358 | userFilesPath = userFilesPath & "/"; |
---|
359 | } |
---|
360 | |
---|
361 | // make sure the current folder is correctly formatted |
---|
362 | url.currentFolder = replace(url.currentFolder, "\", "/", "ALL"); |
---|
363 | url.currentFolder = replace(url.currentFolder, '//', '/', 'ALL'); |
---|
364 | if ( right(url.currentFolder,1) neq "/" ) { |
---|
365 | url.currentFolder = url.currentFolder & "/"; |
---|
366 | } |
---|
367 | if ( left(url.currentFolder,1) neq "/" ) { |
---|
368 | url.currentFolder = "/" & url.currentFolder; |
---|
369 | }*/ |
---|