Index: /FCKeditor/branches/developers/alfonsoml/editor/filemanager/browser/default/frmupload.html
===================================================================
--- /FCKeditor/branches/developers/alfonsoml/editor/filemanager/browser/default/frmupload.html (revision 291)
+++ /FCKeditor/branches/developers/alfonsoml/editor/filemanager/browser/default/frmupload.html (revision 292)
@@ -24,4 +24,6 @@
+ File Upload
+
Index: /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/asp/commands.asp
===================================================================
--- /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/asp/commands.asp (revision 291)
+++ /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/asp/commands.asp (revision 292)
@@ -97,4 +97,5 @@
Dim sNewFolderName
sNewFolderName = Request.QueryString( "NewFolderName" )
+ sNewFolderName = SanitizeFolderName( sNewFolderName )
If ( sNewFolderName = "" OR InStr( 1, sNewFolderName, ".." ) > 0 ) Then
@@ -103,5 +104,5 @@
' Map the virtual path to the local server path of the current folder.
Dim sServerDir
- sServerDir = ServerMapFolder( resourceType, currentFolder & "/" & sNewFolderName )
+ sServerDir = ServerMapFolder( resourceType, CombinePaths(currentFolder, sNewFolderName) )
On Error Resume Next
@@ -162,4 +163,5 @@
sFileName = oUploader.File( "NewFile" ).Name
sExtension = oUploader.File( "NewFile" ).Ext
+ sFileName = SanitizeFileName( sFileName )
sOriginalFileName = sFileName
Index: /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/asp/config.asp
===================================================================
--- /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/asp/config.asp (revision 291)
+++ /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/asp/config.asp (revision 292)
@@ -31,10 +31,15 @@
ConfigIsEnabled = true
+' Due to security issues with Apache modules, it is reccomended to leave the
+' following setting enabled.
+Dim ConfigForceSingleExtension
+ConfigForceSingleExtension = true
+
' What the user can do with this connector
-dim ConfigAllowedCommands
+Dim ConfigAllowedCommands
ConfigAllowedCommands = "FileUpload|GetFolders|GetFoldersAndFiles|CreateFolder"
' Allowed Resource Types
-dim ConfigAllowedTypes
+Dim ConfigAllowedTypes
ConfigAllowedTypes = "File|Image|Flash|Media"
Index: /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/asp/io.asp
===================================================================
--- /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/asp/io.asp (revision 291)
+++ /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/asp/io.asp (revision 292)
@@ -157,4 +157,35 @@
end function
+' Do a cleanup of the folder name to avoid possible problems
+function SanitizeFolderName( sNewFolderName )
+ Dim oRegex
+ Set oRegex = New RegExp
+ oRegex.Global = True
+
+' remove . \ / | : ? *
+ oRegex.Pattern = "(\.|\\|\/|\||:|\?|\*)"
+ SanitizeFolderName = oRegex.Replace( sNewFolderName, "_" )
+
+ Set oRegex = Nothing
+end function
+
+' Do a cleanup of the file name to avoid possible problems
+function SanitizeFileName( sNewFileName )
+ Dim oRegex
+ Set oRegex = New RegExp
+ oRegex.Global = True
+
+ if ( ConfigForceSingleExtension = True ) then
+ oRegex.Pattern = "\.(?![^.]*$)"
+ sNewFileName = oRegex.Replace( sNewFileName, "_" )
+ end if
+
+' remove \ / | : ? *
+ oRegex.Pattern = "(\\|\/|\||:|\?|\*)"
+ SanitizeFileName = oRegex.Replace( sNewFileName, "_" )
+
+ Set oRegex = Nothing
+end function
+
' This is the function that sends the results of the uploading process.
Sub SendUploadResults( errorNumber, fileUrl, fileName, customMsg )
Index: /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/php/commands.php
===================================================================
--- /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/php/commands.php (revision 291)
+++ /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/php/commands.php (revision 292)
@@ -110,4 +110,5 @@
{
$sNewFolderName = $_GET['NewFolderName'] ;
+ $sNewFolderName = SanitizeFolderName( $sNewFolderName ) ;
if ( strpos( $sNewFolderName, '..' ) !== FALSE )
@@ -165,8 +166,5 @@
// Get the uploaded file name.
$sFileName = $oFile['name'] ;
-
- // Replace dots in the name with underscores (only one dot can be there... security issue).
- if ( $Config['ForceSingleExtension'] )
- $sFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sFileName ) ;
+ $sFileName = SanitizeFileName( $sFileName ) ;
$sOriginalFileName = $sFileName ;
Index: /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/php/io.php
===================================================================
--- /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/php/io.php (revision 291)
+++ /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/php/io.php (revision 292)
@@ -181,4 +181,33 @@
}
+// Do a cleanup of the folder name to avoid possible problems
+function SanitizeFolderName( $sNewFolderName )
+{
+ $sNewFolderName = stripslashes( $sNewFolderName ) ;
+
+ // Remove . \ / | : ? *
+// $sNewFolderName = preg_replace( '(\.|\\|\/|\||:|\?|\*)', '_', $sNewFolderName ) ;
+ $sNewFolderName = preg_replace( '/\\.|\\\\|\\/|\\||\\:|\\?|\\*/', '_', $sNewFolderName ) ;
+
+ return $sNewFolderName ;
+}
+
+// Do a cleanup of the file name to avoid possible problems
+function SanitizeFileName( $sNewFileName )
+{
+ global $Config ;
+
+ $sNewFileName = stripslashes( $sNewFileName ) ;
+
+ // Replace dots in the name with underscores (only one dot can be there... security issue).
+ if ( $Config['ForceSingleExtension'] )
+ $sNewFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sNewFileName ) ;
+
+ // Remove \ / | : ? *
+ $sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*/', '_', $sNewFileName ) ;
+
+ return $sNewFileName ;
+}
+
// This is the function that sends the results of the uploading process.
function SendUploadResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' )
Index: /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/test.html
===================================================================
--- /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/test.html (revision 291)
+++ /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/test.html (revision 292)
@@ -33,5 +33,5 @@
'?Command=' + command +
'&Type=' + document.getElementById('cmbType').value +
- '&CurrentFolder=' + document.getElementById('txtFolder').value ;
+ '&CurrentFolder=' + encodeURIComponent(document.getElementById('txtFolder').value) ;
return sUrl ;
Index: /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/uploadtest.html
===================================================================
--- /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/uploadtest.html (revision 292)
+++ /FCKeditor/branches/developers/alfonsoml/editor/filemanager/connectors/uploadtest.html (revision 292)
@@ -0,0 +1,133 @@
+
+
+
+ FCKeditor - Uploaders Tests
+
+
+
+
+
+
+
+
+
+
+ Post URL:
+ |
+
+
+
+
+ |
+
+
+
+