Index: /FCKeditor/trunk/_testcases/sampleposteddata.asp
===================================================================
--- /FCKeditor/trunk/_testcases/sampleposteddata.asp	(revision 4245)
+++ /FCKeditor/trunk/_testcases/sampleposteddata.asp	(revision 4246)
@@ -47,5 +47,5 @@
 			<td valign="top" style="white-space: nowrap;">
 				<b>
-					<%=sForm%>
+					<%=Server.HTMLEncode(sForm)%>
 				</b>
 			</td>
Index: /FCKeditor/trunk/_whatsnew.html
===================================================================
--- /FCKeditor/trunk/_whatsnew.html	(revision 4245)
+++ /FCKeditor/trunk/_whatsnew.html	(revision 4246)
@@ -43,4 +43,6 @@
 		Fixed Bugs:</p>
 	<ul>
+		<li><strong>Security release, upgrade is highly recommended</strong> (fixed security issues in ASP and ColdFusion scripts).
+			</li>
 		<li>[<a target="_blank" href="http://dev.fckeditor.net/ticket/2856">#2856</a>] Fixed 
 			problem with inches in paste dialog.</li> 
Index: /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_connector.cfm
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_connector.cfm	(revision 4245)
+++ /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_connector.cfm	(revision 4246)
@@ -36,4 +36,9 @@
 --->
 
+<!--- disable connector for ColdFusion > CF5 --->
+<cfif Left(SERVER.COLDFUSION.PRODUCTVERSION,Find(",",SERVER.COLDFUSION.PRODUCTVERSION)-1) gt 5>
+	<cfabort>
+</cfif>
+
 <cfparam name="url.command">
 <cfparam name="url.type">
@@ -42,4 +47,5 @@
 
 <cfinclude template="config.cfm">
+<cfset REQUEST.Config = Config>
 
 <cfscript>
@@ -197,5 +203,5 @@
 
 		<cfcase value="FileUpload">
-			<cfset config_included = true >
+			<cfset REQUEST.config_included = true>
 			<cfinclude template="cf5_upload.cfm">
 			<cfabort>
Index: /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_upload.cfm
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_upload.cfm	(revision 4245)
+++ /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf5_upload.cfm	(revision 4246)
@@ -36,13 +36,24 @@
 --->
 
+<!--- disable connector for ColdFusion > CF5 --->
+<cfif Left(SERVER.COLDFUSION.PRODUCTVERSION,Find(",",SERVER.COLDFUSION.PRODUCTVERSION)-1) gt 5>
+	<cfabort>
+</cfif>
+
 <cfparam name="url.command" default="QuickUpload">
 <cfparam name="url.type" default="File">
 <cfparam name="url.currentFolder" default="/">
 
+<cfif find( "/", getBaseTemplatePath() ) >
+	<cfset REQUEST.Fs = "/">
+<cfelse>
+	<cfset REQUEST.Fs = "\">
+</cfif>
+
 <cfif url.command eq "QuickUpload">
 	<cfset url.currentFolder = "/">
 </cfif>
 
-<cfif not isDefined("config_included")>
+<cfif not isDefined("REQUEST.config_included") or isDefined("URL.config_included")>
 	<cfinclude template="config.cfm">
 </cfif>
@@ -76,10 +87,10 @@
 
 <cfif find( "..", url.currentFolder) or find( "\", url.currentFolder)>
-	<cfset SendUploadResults(102)>
+	<cfset SendUploadResults(102, "", "", "")>
 	<cfabort>
 </cfif>
 
 <cfif REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', url.currentFolder)>
-	<cfset SendUploadResults(102)>
+	<cfset SendUploadResults(102, "", "", "")>
 	<cfabort>
 </cfif>
@@ -199,5 +210,5 @@
 
 		<!--- this should only occur as a result of a permissions problem --->
-		<cfset SendUploadResults(103)>
+		<cfset SendUploadResults(103, "", "", "")>
 		<cfabort>
 
@@ -217,8 +228,14 @@
 
 <cftry>
+	<cfif isDefined( "REQUEST.Config.TempDirectory" )>
+		<cfset sTempDir = REQUEST.Config.TempDirectory>
+	<cfelse>
+		<cfset sTempDir = GetTempDirectory()>
+	</cfif>
+	
 	<!--- first upload the file with an unique filename --->
 	<cffile action="upload"
 		fileField="NewFile"
-		destination="#currentFolderPath#"
+		destination="#sTempDir#"
 		nameConflict="makeunique"
 		mode="644"
@@ -226,7 +243,9 @@
 
 	<cfif cffile.fileSize EQ 0>
+		<cffile action="delete" file="#cffile.ServerDirectory##fs##cffile.ServerFile#">
 		<cfthrow>
 	</cfif>
 
+	<cfset sTempFilePath = CFFILE.ServerDirectory & REQUEST.fs & CFFILE.ServerFile>
 	<cfset lAllowedExtensions = config.allowedExtensions[#resourceType#]>
 	<cfset lDeniedExtensions = config.deniedExtensions[#resourceType#]>
@@ -234,10 +253,7 @@
 	<cfif ( len(lAllowedExtensions) and not listFindNoCase(lAllowedExtensions,cffile.ServerFileExt) )
 		or ( len(lDeniedExtensions) and listFindNoCase(lDeniedExtensions,cffile.ServerFileExt) )>
-
 		<cfset errorNumber = "202">
 		<cffile action="delete" file="#cffile.ServerDirectory##fs##cffile.ServerFile#">
-
 	<cfelse>
-
 		<cfscript>
 		errorNumber = 0;
@@ -259,30 +275,29 @@
 
 		// When the original filename already exists, add numbers (0), (1), (2), ... at the end of the filename.
-		if( compare( cffile.ServerFileName, fileName ) ) {
-			counter = 0;
-			tmpFileName = fileName;
-			while( fileExists("#currentFolderPath##fileName#.#fileExt#") ) {
-				fileExisted = true ;
-				counter = counter + 1 ;
-				fileName = tmpFileName & '(#counter#)' ;
-			}
+		counter = 0;
+		tmpFileName = fileName;
+		while( fileExists("#currentFolderPath##fileName#.#fileExt#") ) {
+			fileExisted = true ;
+			counter = counter + 1 ;
+			fileName = tmpFileName & '(#counter#)' ;
 		}
 		</cfscript>
 
-		<!--- Rename the uploaded file, if neccessary --->
-		<cfif compare(cffile.ServerFileName,fileName)>
-
-			<cfif fileExisted>
-				<cfset errorNumber = "201">
-			</cfif>
-			<cffile
-				action="rename"
-				source="#currentFolderPath##cffile.ServerFileName#.#cffile.ServerFileExt#"
-				destination="#currentFolderPath##fileName#.#fileExt#"
-				mode="644"
-				attributes="normal">
-
+		<cfset destination = currentFolderPath & fileName & "." & fileExt>
+		<cfif fileExisted>
+			<cfset errorNumber = "201">
 		</cfif>
 
+		<cftry>
+			<cffile action="copy" source="#sTempFilePath#" destination="#destination#" mode="755">
+			<cfcatch type="any">
+				<cfset errorNumber = 102>
+			</cfcatch>
+		</cftry>
+		<cftry>
+			<cffile action="delete" file="#sTempFilePath#">
+			<cfcatch type="any">
+			</cfcatch>
+		</cftry>
 	</cfif>
 
Index: /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_commands.cfm
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_commands.cfm	(revision 4245)
+++ /FCKeditor/trunk/editor/filemanager/connectors/cfm/cf_commands.cfm	(revision 4246)
@@ -109,5 +109,15 @@
 			<!--- omit CF 6.1 error during moving uploaded file, just copy that file instead of moving --->
 			<cfcatch type="any">
-				<cffile action="copy" source="#sTempFilePath#" destination="#destination#" mode="755">
+				<cftry>
+					<cffile action="copy" source="#sTempFilePath#" destination="#destination#" mode="755">
+					<cfcatch type="any">
+						<cfset errorNumber = 102>
+					</cfcatch>
+				</cftry>
+				<cftry>
+					<cffile action="delete" file="#sTempFilePath#">
+					<cfcatch type="any">
+					</cfcatch>
+				</cftry>
 			</cfcatch>
 		</cftry>
Index: /FCKeditor/trunk/editor/filemanager/connectors/cfm/config.cfm
===================================================================
--- /FCKeditor/trunk/editor/filemanager/connectors/cfm/config.cfm	(revision 4245)
+++ /FCKeditor/trunk/editor/filemanager/connectors/cfm/config.cfm	(revision 4246)
@@ -62,5 +62,20 @@
 	//(used by MX 6.0 and above)
 	Config.TempDirectory = GetTempDirectory();
+</cfscript>
 
+<cftry>
+<!--- code to maintain backwards compatibility with previous version of cfm connector --->
+	<cfif isDefined("application.userFilesPath")>
+		<cflock scope="application" type="readonly" timeout="20">
+			<cfset config.userFilesPath = application.userFilesPath>
+		</cflock>
+	</cfif>
+
+	<!--- catch potential "The requested scope application has not been enabled" exception --->
+	<cfcatch type="any">
+	</cfcatch>
+</cftry>
+
+<cfscript>
 //	Configuration settings for each Resource Type
 //
@@ -134,55 +149,2 @@
 	Config.QuickUploadAbsolutePath["Media"] = Config.FileTypesAbsolutePath["Media"] ;
 </cfscript>
-
-<cftry>
-<!--- code to maintain backwards compatibility with previous version of cfm connector --->
-<cfif isDefined("application.userFilesPath")>
-
-	<cflock scope="application" type="readonly" timeout="5">
-		<cfset config.userFilesPath = application.userFilesPath>
-	</cflock>
-
-<cfelseif isDefined("server.userFilesPath")>
-
-	<cflock scope="server" type="readonly" timeout="5">
-		<cfset config.userFilesPath = server.userFilesPath>
-	</cflock>
-
-</cfif>
-
-<!--- look for config struct in application and server scopes --->
-<cfif isDefined("application.FCKeditor") and isStruct(application.FCKeditor)>
-
-	<cflock scope="application" type="readonly" timeout="5">
-	<cfset variables.FCKeditor = duplicate(application.FCKeditor)>
-	</cflock>
-
-<cfelseif isDefined("server.FCKeditor") and isStruct(server.FCKeditor)>
-
-	<cflock scope="server" type="readonly" timeout="5">
-	<cfset variables.FCKeditor = duplicate(server.FCKeditor)>
-	</cflock>
-
-</cfif>
-	<!--- catch potential "The requested scope application has not been enabled" exception --->
-	<cfcatch type="any">
-	</cfcatch>
-</cftry>
-
-<cfif isDefined("FCKeditor")>
-
-	<!--- copy key values from external to local config (i.e. override default config as required) --->
-	<cfscript>
-		function structCopyKeys(stFrom, stTo) {
-			for ( key in stFrom ) {
-				if ( isStruct(stFrom[key]) ) {
-					structCopyKeys(stFrom[key],stTo[key]);
-				} else {
-					stTo[key] = stFrom[key];
-				}
-			}
-		}
-		structCopyKeys(FCKeditor, config);
-	</cfscript>
-
-</cfif>