diff -ru --exclude='fckconfig*' FCKeditor_2.4.1-virgin/editor/filemanager/browser/default/connectors/php/commands.php FCKeditor_2.4.1-patched/editor/filemanager/browser/default/connectors/php/commands.php --- FCKeditor_2.4.1-virgin/editor/filemanager/browser/default/connectors/php/commands.php 2007-03-01 22:55:20.000000000 +0000 +++ FCKeditor_2.4.1-patched/editor/filemanager/browser/default/connectors/php/commands.php 2007-03-27 12:56:52.000000000 +0100 @@ -177,33 +177,70 @@ $arAllowed = $Config['AllowedExtensions'][$resourceType] ; $arDenied = $Config['DeniedExtensions'][$resourceType] ; + $arRegexp = (isSet ($Config['Regexp']) && array_key_exists ($resourceType, $Config['Regexp']) ? $Config['Regexp'][$resourceType] : ''); - if ( ( count($arAllowed) == 0 || in_array( $sExtension, $arAllowed ) ) && ( count($arDenied) == 0 || !in_array( $sExtension, $arDenied ) ) ) + if ( ( count($arAllowed) == 0 || in_array( $sExtension, $arAllowed ) ) && ( count($arDenied) == 0 || !in_array( $sExtension, $arDenied ) ) && ( $arRegexp === '' || ereg( $arRegexp, RemoveExtension( $sOriginalFileName ) ) ) ) { - $iCounter = 0 ; - - while ( true ) - { - $sFilePath = $sServerDir . $sFileName ; - + // Assign the new file's name + $sFilePath = $sServerDir . $sFileName ; + $doUpload = true; + + // If the file already exists, select what behaviour should be adopted + if ( is_file( $sFilePath ) ) { + $sFilenameClashBehaviour = (isSet ($Config['filenameClashBehaviour']) ? $Config['filenameClashBehaviour'] : 'newname'); + switch ($sFilenameClashBehaviour) { + + // overwrites the version on the server with the same name + case 'overwrite': + $sErrorNumber = '204' ; + // Do nothing - move_uploaded_file will just overwrite naturally + break; + + // generate an error so that the file uploading fails + case false: + case 'false': // String version in case someone quotes the boolean text equivalent + $sErrorNumber = '205' ; + $doUpload = false; + break; + + // give the uploaded file a new name (this was the (unconfigurable) behaviour in FCKeditor2.2) - named as: originalName(number).extension + case 'newname': + $iCounter = 0 ; + while ( true ) + { + if ( is_file( $sFilePath ) ) + { + $iCounter++ ; + $sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ; + $sErrorNumber = '201' ; + $sFilePath = $sServerDir . $sFileName ; + } + else + { + break ; + } + } + break; + + // (default behaviour) back up the version on the server to the same name + timestamp appended to the filename (after the extension) + case 'renameold': + default: + $timestamp = '.' . date ('Ymd-His'); + copy ($sFilePath, $sFilePath . $timestamp); + $sFileName = $sFileName . $timestamp; + $sErrorNumber = '206' ; + break; + } // End of switch statement + } + + // Now its name has been assigned, move the uploaded file into position + if ($doUpload) { + move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ; if ( is_file( $sFilePath ) ) { - $iCounter++ ; - $sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ; - $sErrorNumber = '201' ; - } - else - { - move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ; - - if ( is_file( $sFilePath ) ) - { - $oldumask = umask(0) ; - chmod( $sFilePath, 0777 ) ; - umask( $oldumask ) ; - } - - break ; + $oldumask = umask(0) ; + chmod( $sFilePath, 0777 ) ; + umask( $oldumask ) ; } } } diff -ru --exclude='fckconfig*' FCKeditor_2.4.1-virgin/editor/filemanager/browser/default/connectors/php/config.php FCKeditor_2.4.1-patched/editor/filemanager/browser/default/connectors/php/config.php --- FCKeditor_2.4.1-virgin/editor/filemanager/browser/default/connectors/php/config.php 2007-03-06 11:21:08.000000000 +0000 +++ FCKeditor_2.4.1-patched/editor/filemanager/browser/default/connectors/php/config.php 2007-03-27 13:22:09.000000000 +0100 @@ -24,33 +24,57 @@ global $Config ; -// SECURITY: You must explicitelly enable this "connector". (Set it to "true"). +// SECURITY: You must explicitly enable this "connector". (Set it to "true"). $Config['Enabled'] = false ; // Path to user files relative to the document root. -$Config['UserFilesPath'] = '/userfiles/' ; +$Config['UserFilesPath'] = '/userfiles/' ; // Set to / if you want filebrowsing across the whole site directory // Fill the following value it you prefer to specify the absolute path for the -// user files directory. Usefull if you are using a virtual directory, symbolic +// user files directory. Useful if you are using a virtual directory, symbolic // link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'. // Attention: The above 'UserFilesPath' must point to the same directory. -$Config['UserFilesAbsolutePath'] = '' ; +$Config['UserFilesAbsolutePath'] = '' ; // Set to $_SERVER['DOCUMENT_ROOT'] if you want filebrowsing across the whole site // Due to security issues with Apache modules, it is reccomended to leave the // following setting enabled. $Config['ForceSingleExtension'] = true ; +// What to do if a file being uploaded has the same name as an existing file on the server +// 'renameold' - (default behaviour) backs up the version on the server to the same name + timestamp appended to the filename (after the extension) +// 'overwrite' - overwrites the version on the server with the same name +// 'newname' - gives the uploaded file a new name (this was the (unconfigurable) behaviour in FCKeditor2.2) +// false - generates an error so that the file uploading fails +$Config['filenameClashBehaviour'] = 'renameold'; + +// In the following groupings: +// 'Subdirectory' is the subdirectory under the main 'UserFilesPath' +// e.g. 'File/' +// or leave it blank as '' to use the main UserFilesPath directory (i.e. the user can add files across the whole site) +// 'Regexp' ereg-style regexp which the name must validate to +// This regexp applies to the part BEFORE the dot + file extension +// e.g. '^([-_a-zA-Z0-9]{1,25})$' (which would be sensible for best practice) +// or leave it blank as '' for no checking + +$Config['Subdirectory']['File'] = 'file/' ; $Config['AllowedExtensions']['File'] = array() ; $Config['DeniedExtensions']['File'] = array('html','htm','php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi','htaccess','asis') ; +$Config['Regexp']['File'] = '' ; +$Config['Subdirectory']['Image'] = 'image/' ; $Config['AllowedExtensions']['Image'] = array('jpg','gif','jpeg','png') ; $Config['DeniedExtensions']['Image'] = array() ; +$Config['Regexp']['Image'] = '' ; +$Config['Subdirectory']['Flash'] = 'flash/' ; $Config['AllowedExtensions']['Flash'] = array('swf','fla') ; $Config['DeniedExtensions']['Flash'] = array() ; +$Config['Regexp']['Flash'] = '' ; +$Config['Subdirectory']['Media'] = 'media/' ; $Config['AllowedExtensions']['Media'] = array('swf','fla','jpg','gif','jpeg','png','avi','mpg','mpeg') ; $Config['DeniedExtensions']['Media'] = array() ; +$Config['Regexp']['Media'] = '' ; ?> \ No newline at end of file diff -ru --exclude='fckconfig*' FCKeditor_2.4.1-virgin/editor/filemanager/browser/default/connectors/php/connector.php FCKeditor_2.4.1-patched/editor/filemanager/browser/default/connectors/php/connector.php --- FCKeditor_2.4.1-virgin/editor/filemanager/browser/default/connectors/php/connector.php 2007-03-01 22:55:20.000000000 +0000 +++ FCKeditor_2.4.1-patched/editor/filemanager/browser/default/connectors/php/connector.php 2007-03-27 13:04:42.000000000 +0100 @@ -36,6 +36,11 @@ // Get the "UserFiles" path. $GLOBALS["UserFilesPath"] = '' ; +// Global the subdirectories for the media types +if (isSet ($Config['Subdirectory'])) { + $GLOBALS['Subdirectory'] = $Config['Subdirectory'] ; +} + if ( isset( $Config['UserFilesPath'] ) ) $GLOBALS["UserFilesPath"] = $Config['UserFilesPath'] ; else if ( isset( $_GET['ServerPath'] ) ) diff -ru --exclude='fckconfig*' FCKeditor_2.4.1-virgin/editor/filemanager/browser/default/connectors/php/io.php FCKeditor_2.4.1-patched/editor/filemanager/browser/default/connectors/php/io.php --- FCKeditor_2.4.1-virgin/editor/filemanager/browser/default/connectors/php/io.php 2007-03-01 22:55:20.000000000 +0000 +++ FCKeditor_2.4.1-patched/editor/filemanager/browser/default/connectors/php/io.php 2007-03-27 13:13:19.000000000 +0100 @@ -24,10 +24,7 @@ function GetUrlFromPath( $resourceType, $folderPath ) { - if ( $resourceType == '' ) - return RemoveFromEnd( $GLOBALS["UserFilesPath"], '/' ) . $folderPath ; - else - return $GLOBALS["UserFilesPath"] . strtolower( $resourceType ) . $folderPath ; + return $GLOBALS["UserFilesPath"] . GetResourceTypeSubdirectory ( $resourceType ) . RemoveFromStart ( $folderPath , '/' ); } function RemoveExtension( $fileName ) @@ -38,7 +35,7 @@ function ServerMapFolder( $resourceType, $folderPath ) { // Get the resource type directory. - $sResourceTypePath = $GLOBALS["UserFilesDirectory"] . strtolower( $resourceType ) . '/' ; + $sResourceTypePath = $GLOBALS["UserFilesDirectory"] . GetResourceTypeSubdirectory ( $resourceType ); // Ensure that the directory exists. CreateServerFolder( $sResourceTypePath ) ; @@ -47,6 +44,27 @@ return $sResourceTypePath . RemoveFromStart( $folderPath, '/' ) ; } + +// Function to determine the directory where the files for this resource type are located +function GetResourceTypeSubdirectory ( $resourceType ) +{ + // Return the empty string if no resource type specified, i.e. don't go down into any subdirectory + if ($resourceType == '') {return '';} + + // Use the configured value if it exists; NB array_key_exists is used rather than isSet to allow empty values + if (isSet ($GLOBALS['Subdirectory']) && array_key_exists ($resourceType, $GLOBALS['Subdirectory'])) { + + // If the value is empty, don't add a slash to the empty string, and return that + if ($GLOBALS['Subdirectory'][$resourceType] == '') {return '';} + + // Otherwise ensure the subdirectory is slash-terminated, and return that + return RemoveFromEnd( $GLOBALS['Subdirectory'][$resourceType], '/' ) . '/'; + } + + // Otherwise default to the resource type name itself as the directory name + return strtolower ( $resourceType ) . '/'; +} + function GetParentFolder( $folderPath ) { $sPattern = "-[/\\\\][^/\\\\]+[/\\\\]?$-" ; @@ -55,6 +73,12 @@ function CreateServerFolder( $folderPath ) { + // Ensure the folder path has no double-slashes, or mkdir may fail on certain platforms + while (strpos ($folderPath, '//') !== false) + { + $folderPath = str_replace( '//', '/', $folderPath ) ; + } + $sParent = GetParentFolder( $folderPath ) ; // Check if the parent exists, or create it. diff -ru --exclude='fckconfig*' FCKeditor_2.4.1-virgin/editor/filemanager/browser/default/frmupload.html FCKeditor_2.4.1-patched/editor/filemanager/browser/default/frmupload.html --- FCKeditor_2.4.1-virgin/editor/filemanager/browser/default/frmupload.html 2007-03-01 22:55:20.000000000 +0000 +++ FCKeditor_2.4.1-patched/editor/filemanager/browser/default/frmupload.html 2007-03-27 13:16:46.000000000 +0100 @@ -81,6 +81,17 @@ case 202 : alert( 'Invalid file' ) ; break ; + case 204 : + window.parent.frames['frmResourcesList'].Refresh() ; + alert( 'Your file has been successfully uploaded, and replaced the existing file with the same name.' ) ; + break ; + case 205 : + alert( 'A file of that name already exists, so the upload failed.' ) ; + break ; + case 206 : + window.parent.frames['frmResourcesList'].Refresh() ; + alert( 'Your file has been successfully uploaded. There was already a file of that name, so that previous file has been backed up by being renamed to "' + data + '".' ) ; + break ; default : alert( 'Error on file upload. Error number: ' + errorNumber ) ; break ;