Index: /FCKeditor.Java/branches/2.4/src/main/java/net/fckeditor/connector/ConnectorServlet.java =================================================================== --- /FCKeditor.Java/branches/2.4/src/main/java/net/fckeditor/connector/ConnectorServlet.java (revision 1393) +++ /FCKeditor.Java/branches/2.4/src/main/java/net/fckeditor/connector/ConnectorServlet.java (revision 1394) @@ -226,4 +226,8 @@ String currentFolderStr = request.getParameter("CurrentFolder"); + logger.debug("Parameter Command: {}", commandStr); + logger.debug("Parameter CurrentFolder: {}", currentFolderStr); + logger.debug("Parameter Type: {}", typeStr); + if (isEmpty(commandStr) && isEmpty(currentFolderStr)) { commandStr = "QuickUpload"; @@ -233,72 +237,87 @@ UploadResponse ur = null; - String currentPath = constructTypeBasedFolderString(typeStr, - currentFolderStr); - String currentDirPath = getServletContext().getRealPath(currentPath); - - if (!commandStr.equals("FileUpload") - || !commandStr.equals("QuickUpload")) - ur = UploadResponse.UR_SECURITY_ERROR; - else if (!isValidPath(currentFolderStr) - || !(new File(currentDirPath).exists())) { + if (isEmpty(commandStr) || isEmpty(currentFolderStr) + || isEmpty(typeStr)) { ur = new UploadResponse(UploadResponse.EN_ERROR); - ur.setCustomMessage("The current folder path is invalid"); - } else { - - // logger.debug("current path dir: " + currentDirPath); - - String newFilename = ""; - FileItemFactory factory = new DiskFileItemFactory(); - ServletFileUpload upload = new ServletFileUpload(factory); - try { - List items = (List) upload - .parseRequest(request); - - // We upload only one file at the same time - FileItem uplFile = items.get(0); - String filename = FilenameUtils.getName(uplFile.getName()); - String baseName = FilenameUtils.removeExtension(filename); - String extension = FilenameUtils.getExtension(filename); - - boolean validExtension = ExtensionsHandler.isAllowed(typeStr, - extension); - - if (!validExtension) - ur = UploadResponse.UR_INVALID_EXTENSION; - else { - - // TODO check if forceSingleExtension is enabled - if (false) { - filename = forceSingleExtension(filename); - baseName = FilenameUtils.removeExtension(filename); - } - - File pathToSave = new File(currentDirPath, filename); - int counter = 1; - while (pathToSave.exists()) { - newFilename = baseName + "(" + counter + ")" + "." - + extension; - pathToSave = new File(currentDirPath, newFilename); - counter++; - } - - uplFile.write(pathToSave); - if (newFilename.equals(filename)) - ur = UploadResponse.UR_OK; - else { - ur = new UploadResponse(UploadResponse.EN_RENAMED); - ur.setFilename(newFilename); + ur.setCustomMessage(UploadResponse.CM_HTTP_400); + // printResponse(out, ur); + // return; + } else if (!commandStr.matches("(File|Quick)Upload")) //{ + ur = UploadResponse.UR_SECURITY_ERROR; + // printResponse(out, ur); + // return; + /*}*/ else { + + String currentPath = constructTypeBasedFolderString(typeStr, + currentFolderStr); + String currentDirPath = getServletContext().getRealPath( + currentPath); + + // TODO Test this if clause + if (!isValidPath(currentFolderStr) + || !(new File(currentDirPath).exists())) { + ur = new UploadResponse(UploadResponse.EN_ERROR); + ur.setCustomMessage(UploadResponse.CM_HTTP_400); + // printResponse(out, ur); + // return; + } else { + + String newFilename = ""; + FileItemFactory factory = new DiskFileItemFactory(); + ServletFileUpload upload = new ServletFileUpload(factory); + try { + List items = (List) upload + .parseRequest(request); + + // We upload only one file at the same time + FileItem uplFile = items.get(0); + String filename = FilenameUtils.getName(uplFile + .getName()); + String baseName = FilenameUtils + .removeExtension(filename); + String extension = FilenameUtils.getExtension(filename); + + boolean validExtension = ExtensionsHandler.isAllowed( + typeStr, extension); + + if (!validExtension) + ur = UploadResponse.UR_INVALID_EXTENSION; + else { + + // TODO check if forceSingleExtension is enabled + if (false) { + filename = forceSingleExtension(filename); + baseName = FilenameUtils + .removeExtension(filename); + } + + File pathToSave = new File(currentDirPath, filename); + int counter = 1; + while (pathToSave.exists()) { + newFilename = baseName + "(" + counter + ")" + + "." + extension; + pathToSave = new File(currentDirPath, + newFilename); + counter++; + } + + uplFile.write(pathToSave); + if (isEmpty(newFilename)) + ur = UploadResponse.UR_OK; + else { + ur = new UploadResponse( + UploadResponse.EN_RENAMED); + ur.setFilename(newFilename); + } + } + } catch (FileUploadException ex) { + ur = new UploadResponse(UploadResponse.EN_ERROR); + ur.setCustomMessage(UploadResponse.CM_HTTP_400); + } catch (Exception e) { + ur = UploadResponse.UR_SECURITY_ERROR; } } - } catch (FileUploadException ex) { - ur = new UploadResponse(UploadResponse.EN_ERROR); - ur - .setCustomMessage("Your request could not be parsed successfully"); - } catch (Exception e) { - ur = UploadResponse.UR_SECURITY_ERROR; } - - } - out.println(ur); + out.print(ur); out.flush(); out.close(); Index: /FCKeditor.Java/branches/2.4/src/main/java/net/fckeditor/tool/UploadResponse.java =================================================================== --- /FCKeditor.Java/branches/2.4/src/main/java/net/fckeditor/tool/UploadResponse.java (revision 1393) +++ /FCKeditor.Java/branches/2.4/src/main/java/net/fckeditor/tool/UploadResponse.java (revision 1394) @@ -14,4 +14,6 @@ public static final int EN_SECURITY_ERROR = 203; public static final int EN_GENERIC_NUMBER = -1; + + public static final String CM_HTTP_400 = "400 Bad request"; public static final UploadResponse UR_OK = new UploadResponse(EN_OK); @@ -39,10 +41,14 @@ */ public void setFilename(String filename) { + if (Utils.isNotEmpty(filename)) { if (parameters.size() == 1) parameters.put("fileUrl", null); parameters.put("filename", filename); + } } public void setCustomMessage(String customMassage) { + + if (Utils.isNotEmpty(customMassage)) { if (parameters.size() == 1) { parameters.put("fileUrl", null); @@ -50,4 +56,5 @@ } parameters.put("customMessage", customMassage); + } } @@ -93,6 +100,6 @@ UploadResponse ur = new UploadResponse(101); //ur.setCustomMessage("shit happens"); - //ur.setFilename("hacked.php"); - ur.setCustomMessage("nothing happens"); + ur.setFilename(""); + //ur.setCustomMessage("nothing happens"); System.out.println(ur); }