Opened 18 years ago

Closed 14 years ago

#883 closed New Feature (wontfix)

FTP upload for picturs with the PHP connector

Reported by: anonymous Owned by:
Priority: Normal Milestone:
Component: Server : PHP Version: FCKeditor 2.5
Keywords: SF HasPatch Cc: snefit@…

Description

It seems to be more security than change rights to the directory system. Soring files vie PHP ftp command is even better. You must only change the rights for a temporary directory and not for your working dir.

Moved from SF:
http://sourceforge.net/tracker/index.php?func=detail&aid=1482502&group_id=75348&atid=543656

Find this issue on GitHub

Change History (6)

comment:1 Changed 18 years ago by Martin Kou

Cc: Alfonso Martínez de Lizarrondo snefit@… added
Reporter: changed from Martin Kou to anonymous

Snefit:

please, create a new feature at http://dev.fckeditor.net and upload it there, if possible it would be great if you could also try to adapt the changes that I've made to the normal php connector in http://dev.fckeditor.net/ticket/454

Moved from SF. Original poster: alfonsoml

I have created a phpFtp Connector. All the file handling (image browsing, files, upload, directory creation...) is done through FTP. Also deleting files and folders is supported. In my case it is working, but it is not finished yet! (Too many spaghetti-code!)

Where and how can I submit this feature when it is 'ready'?

(it is a new connector and some 'minor' additions to frmresourcelist.htm)

Let me know!

SnefIT

Moved from SF. Original poster: snefit

comment:2 Changed 18 years ago by Alfonso Martínez de Lizarrondo

Cc: Alfonso Martínez de Lizarrondo removed
Component: GeneralServer : PHP

comment:3 in reply to:  description ; Changed 17 years ago by Jason Mayfield

Replying to anonymous:

It seems to be more security than change rights to the directory system. Soring files vie PHP ftp command is even better. You must only change the rights for a temporary directory and not for your working dir.

Moved from SF:
http://sourceforge.net/tracker/index.php?func=detail&aid=1482502&group_id=75348&atid=543656 

<?php
/*
 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
 * Copyright (C) 2003-2007 Frederico Caldeira Knabben
 *
 * == BEGIN LICENSE ==
 *
 * Licensed under the terms of any of the following licenses at your
 * choice:
 *
 *  - GNU General Public License Version 2 or later (the "GPL")
 *    http://www.gnu.org/licenses/gpl.html
 *
 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
 *    http://www.gnu.org/licenses/lgpl.html
 *
 *  - Mozilla Public License Version 1.1 or later (the "MPL")
 *    http://www.mozilla.org/MPL/MPL-1.1.html
 *
 * == END LICENSE ==
 *
 * This is the File Manager Connector for PHP.
 */

function GetFolders( $resourceType, $currentFolder )
{
	global $Config ;
	
	// setting current folder
	$currentFolder = $Config['FTPfolder'] . $currentFolder ;
	
	// Arrays that will hold the folders and files names.
	$aFolders	= array() ;
	
	// set up a ftp connection or die
	$conn_id = ftp_connect($Config['FTPserver']); 
	
	// try to login
	if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {
    	echo "Connected as " . $Config[FTPuser] . "@" . $Config[FTPserver];
	} else {
    	echo "Couldn't connect as $Config[FTPuser]";
	}
		
	//loading contents of current directory and changing the current directory.
	$contents = ftp_nlist($conn_id, $currentFolder);	
	ftp_chdir($conn_id, $currentFolder);
	
	//looping through the folder contents and adding to folder array.
	foreach ($contents as $sFile)
	{	
		if ($sFile != '.' && $sFile != '..' && $sFile != '_notes') {
			$iFileSize = ftp_size($conn_id, $sFile);
			if ( $iFileSize < 0 ) {
				$aFolders[] = '<Folder name="' . ConvertToXmlAttribute( $sFile ) . '" />';
			}
		}
	}

	// Open the "Folders" node.
	echo "<Folders>" ;

	natcasesort( $aFolders ) ;
	foreach ( $aFolders as $sFolder )
		echo $sFolder ;

	// Close the "Folders" node.
	echo "</Folders>" ;
}

function GetFoldersAndFiles( $resourceType, $currentFolder )
{
	global $Config ;
	
	// setting current folder
	$currentFolder = $Config['FTPfolder'] . $currentFolder ;

	// Arrays that will hold the folders and files names.
	$aFolders	= array() ;
	$aFiles		= array() ;
	
	// set up a ftp connection or die
	$conn_id = ftp_connect($Config['FTPserver']); 
	
	// try to login
	if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {
    	echo "Connected as " . $Config[FTPuser] . "@" . $Config[FTPserver];
	} else {
    	echo "Couldn't connect as $Config[FTPuser]";
	}
	
	//loading contents of current directory and changing the current directory.
	$contents = ftp_nlist($conn_id, $currentFolder );	
	ftp_chdir($conn_id, $currentFolder);
	
	//looping through the folder contents and adding to file or folder array.
	foreach ($contents as $sFile)
	{	
		if ($sFile != '.' && $sFile != '..' && $sFile != '_notes') {
			$iFileSize = ftp_size($conn_id, $sFile);
			if ( $iFileSize > 0 )
			{
				// size is greater than 0 so it is a file.
				$iFileSize = round( $iFileSize / 1024 ) ;
				if ( $iFileSize < 1 ) $iFileSize = 1 ;
				$aFiles[] = '<File name="' . ConvertToXmlAttribute( $sFile ) . '" size="' . $iFileSize . '" base="' . $Config['FTPurl'] .'" />' ;		
			} else {
				// size is not greater than 0 so it is a folder.
				$aFolders[] = '<Folder name="' . ConvertToXmlAttribute( $sFile ) . '" />';
			}					
		}
	}

	// Send the folders
	natcasesort( $aFolders ) ;
	echo '<Folders>' ;

	foreach ( $aFolders as $sFolder )
		echo $sFolder ;

	echo '</Folders>' ;

	// Send the files
	natcasesort( $aFiles ) ;
	echo '<Files>' ;

	foreach ( $aFiles as $sFiles )
		echo $sFiles ;

	echo '</Files>' ;
}

function CreateFolder( $resourceType, $currentFolder )
{
	global $Config ;
	
	// setting current folder
	$currentFolder = $Config['FTPfolder'] . $currentFolder ;

	$sErrorNumber	= '0' ;
	$sErrorMsg		= '' ;

	if ( isset( $_GET['NewFolderName'] ) )
	{
		$sNewFolderName = $_GET['NewFolderName'] ;

		if ( strpos( $sNewFolderName, '..' ) !== FALSE )
			$sErrorNumber = '102' ;		// Invalid folder name.
		else
		{
			// set up a ftp connection or die
			$conn_id = ftp_connect($Config['FTPserver']); 
			
			// try to login
			if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {
				echo "Connected as $Config[FTPuser]@$$Config[FTP]\n";
			} else {
				echo "Couldn't connect as $Config[FTPuser]\n";
			}
			
			// try to create the directory $dir
			if (ftp_mkdir($conn_id, $currentFolder . $sNewFolderName)) {
			 	echo "successfully created $dir\n";
			} else {
			 	$sErrorNumber = '102' ;		// Invalid folder name.
			}
		}
	}
	else
		$sErrorNumber = '102' ;

	// Create the "Error" node.
	echo '<Error number="' . $sErrorNumber . '" originalDescription="' . ConvertToXmlAttribute( $sErrorMsg ) . '" />' ;
}


function FileUpload( $resourceType, $currentFolder )
{
	$sErrorNumber = '0' ;
	$sFileName = '' ;

	if ( isset( $_FILES['NewFile'] ) && !is_null( $_FILES['NewFile']['tmp_name'] ) )
	{
		global $Config ;
		
		// setting current folder
		$currentFolder = $Config['FTPfolder'] . $currentFolder ;

		$oFile = $_FILES['NewFile'] ;
		
		// Get the uploaded file name.
		$sFileName = $oFile['name'] ;

		// Replace dots in the name with underscores (only one dot can be there... security issue).
		if ( $Config['ForceSingleExtension'] )
			$sFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sFileName ) ;

		$sOriginalFileName = $sFileName ;

		// Get the extension.
		$sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ;
		$sExtension = strtolower( $sExtension ) ;

		$arAllowed	= $Config['AllowedExtensions'][$resourceType] ;
		$arDenied	= $Config['DeniedExtensions'][$resourceType] ;

		if ( ( count($arAllowed) == 0 || in_array( $sExtension, $arAllowed ) ) && ( count($arDenied) == 0 || !in_array( $sExtension, $arDenied ) ) )
		{
			$iCounter = 0 ;

			// STEP 1: first we need to upload the file to websiteamigo.com so it can be resized.
			while ( true )
			{
				if ($resourceType == 'Image') {
					$sFilePath = $Config['FTPworkingimage'] . $_POST['ddlImageSize'] . '-' . $sFileName ;
				} else {
					$sFilePath = $Config['FTPworkingimage'] . $sFileName ;					
				}				

				if ( is_file( $sFilePath ) )
				{
					$iCounter++ ;
					$sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
					$sErrorNumber = '201' ;
				}
				else
				{
					move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ;

					if ( is_file( $sFilePath ) )
					{
						$oldumask = umask(0) ;
						chmod( $sFilePath, 0777 ) ;
						umask( $oldumask ) ;
					}
					break ;
				}
			}
			
			// STEP 2: resizing the uploaded image using the class simple-image found in the scripts directory.  If the uploaded image's width is
			// greater than the height, then we resize to the width of the user selected size.  Vice versa for the height.
			if ($resourceType == 'Image') {
				include('../../../../../../../scripts/simple-image.php');
				$image = new SimpleImage();
				$image->load($sFilePath);
				if ($image->getWidth() > $image->getHeight()) {
					$image->resizeToWidth($_POST['ddlImageSize']);
				} else {
					$image->resizeToHeight($_POST['ddlImageSize']);
				}
				$image->save($sFilePath);
			}
			
			// STEP 3: moving the resized image to the ftp server.
			// set up a ftp connection or die
			$conn_id = ftp_connect($Config['FTPserver']); 
		
			// try to login
			if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {		
				// changing ftp directory
				ftp_chdir($conn_id, $currentFolder);
				
				$iCounter = 0 ;
	
				while ( true )
				{
					if ($resourceType == 'Image') {
						$sFileName = $_POST['ddlImageSize'] . '-' . $sFileName ;
					}
					
					if ( ftp_size($conn_id, $sFileName) != -1 ) {
						$iCounter++ ;
						$sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
						$sErrorNumber = '201' ;
					} else {
						ftp_put($conn_id, $sFileName, $sFilePath, FTP_BINARY);					
						break ;
					}
				}							
			} else {
				$sErrorNumber = '250' ;
			}
			
			//STEP 4: removing the file from websiteamigo.com
			unlink($sFilePath);
		} else {
			$sErrorNumber = '202' ;
		}
	}
	else
		$sErrorNumber = '202' ;

	echo '<script type="text/javascript">' ;
	echo 'window.parent.frames["frmUpload"].OnUploadCompleted(' . $sErrorNumber . ',"' . str_replace( '"', '\\"', $sFileName ) . '") ;' ;
	echo '</script>' ;

	exit ;
}
?>

comment:4 in reply to:  3 Changed 17 years ago by Jason Mayfield

Replying to script22:

Replying to anonymous:

It seems to be more security than change rights to the directory system. Soring files vie PHP ftp command is even better. You must only change the rights for a temporary directory and not for your working dir.

Moved from SF:
http://sourceforge.net/tracker/index.php?func=detail&aid=1482502&group_id=75348&atid=543656 

<?php
/*
 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
 * Copyright (C) 2003-2007 Frederico Caldeira Knabben
 *
 * == BEGIN LICENSE ==
 *
 * Licensed under the terms of any of the following licenses at your
 * choice:
 *
 *  - GNU General Public License Version 2 or later (the "GPL")
 *    http://www.gnu.org/licenses/gpl.html
 *
 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
 *    http://www.gnu.org/licenses/lgpl.html
 *
 *  - Mozilla Public License Version 1.1 or later (the "MPL")
 *    http://www.mozilla.org/MPL/MPL-1.1.html
 *
 * == END LICENSE ==
 *
 * This is the File Manager Connector for PHP.
 */

function GetFolders( $resourceType, $currentFolder )
{
	global $Config ;
	
	// setting current folder
	$currentFolder = $Config['FTPfolder'] . $currentFolder ;
	
	// Arrays that will hold the folders and files names.
	$aFolders	= array() ;
	
	// set up a ftp connection or die
	$conn_id = ftp_connect($Config['FTPserver']); 
	
	// try to login
	if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {
    	echo "Connected as " . $Config[FTPuser] . "@" . $Config[FTPserver];
	} else {
    	echo "Couldn't connect as $Config[FTPuser]";
	}
		
	//loading contents of current directory and changing the current directory.
	$contents = ftp_nlist($conn_id, $currentFolder);	
	ftp_chdir($conn_id, $currentFolder);
	
	//looping through the folder contents and adding to folder array.
	foreach ($contents as $sFile)
	{	
		if ($sFile != '.' && $sFile != '..' && $sFile != '_notes') {
			$iFileSize = ftp_size($conn_id, $sFile);
			if ( $iFileSize < 0 ) {
				$aFolders[] = '<Folder name="' . ConvertToXmlAttribute( $sFile ) . '" />';
			}
		}
	}

	// Open the "Folders" node.
	echo "<Folders>" ;

	natcasesort( $aFolders ) ;
	foreach ( $aFolders as $sFolder )
		echo $sFolder ;

	// Close the "Folders" node.
	echo "</Folders>" ;
}

function GetFoldersAndFiles( $resourceType, $currentFolder )
{
	global $Config ;
	
	// setting current folder
	$currentFolder = $Config['FTPfolder'] . $currentFolder ;

	// Arrays that will hold the folders and files names.
	$aFolders	= array() ;
	$aFiles		= array() ;
	
	// set up a ftp connection or die
	$conn_id = ftp_connect($Config['FTPserver']); 
	
	// try to login
	if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {
    	echo "Connected as " . $Config[FTPuser] . "@" . $Config[FTPserver];
	} else {
    	echo "Couldn't connect as $Config[FTPuser]";
	}
	
	//loading contents of current directory and changing the current directory.
	$contents = ftp_nlist($conn_id, $currentFolder );	
	ftp_chdir($conn_id, $currentFolder);
	
	//looping through the folder contents and adding to file or folder array.
	foreach ($contents as $sFile)
	{	
		if ($sFile != '.' && $sFile != '..' && $sFile != '_notes') {
			$iFileSize = ftp_size($conn_id, $sFile);
			if ( $iFileSize > 0 )
			{
				// size is greater than 0 so it is a file.
				$iFileSize = round( $iFileSize / 1024 ) ;
				if ( $iFileSize < 1 ) $iFileSize = 1 ;
				$aFiles[] = '<File name="' . ConvertToXmlAttribute( $sFile ) . '" size="' . $iFileSize . '" base="' . $Config['FTPurl'] .'" />' ;		
			} else {
				// size is not greater than 0 so it is a folder.
				$aFolders[] = '<Folder name="' . ConvertToXmlAttribute( $sFile ) . '" />';
			}					
		}
	}

	// Send the folders
	natcasesort( $aFolders ) ;
	echo '<Folders>' ;

	foreach ( $aFolders as $sFolder )
		echo $sFolder ;

	echo '</Folders>' ;

	// Send the files
	natcasesort( $aFiles ) ;
	echo '<Files>' ;

	foreach ( $aFiles as $sFiles )
		echo $sFiles ;

	echo '</Files>' ;
}

function CreateFolder( $resourceType, $currentFolder )
{
	global $Config ;
	
	// setting current folder
	$currentFolder = $Config['FTPfolder'] . $currentFolder ;

	$sErrorNumber	= '0' ;
	$sErrorMsg		= '' ;

	if ( isset( $_GET['NewFolderName'] ) )
	{
		$sNewFolderName = $_GET['NewFolderName'] ;

		if ( strpos( $sNewFolderName, '..' ) !== FALSE )
			$sErrorNumber = '102' ;		// Invalid folder name.
		else
		{
			// set up a ftp connection or die
			$conn_id = ftp_connect($Config['FTPserver']); 
			
			// try to login
			if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {
				echo "Connected as $Config[FTPuser]@$$Config[FTP]\n";
			} else {
				echo "Couldn't connect as $Config[FTPuser]\n";
			}
			
			// try to create the directory $dir
			if (ftp_mkdir($conn_id, $currentFolder . $sNewFolderName)) {
			 	echo "successfully created $dir\n";
			} else {
			 	$sErrorNumber = '102' ;		// Invalid folder name.
			}
		}
	}
	else
		$sErrorNumber = '102' ;

	// Create the "Error" node.
	echo '<Error number="' . $sErrorNumber . '" originalDescription="' . ConvertToXmlAttribute( $sErrorMsg ) . '" />' ;
}


function FileUpload( $resourceType, $currentFolder )
{
	$sErrorNumber = '0' ;
	$sFileName = '' ;

	if ( isset( $_FILES['NewFile'] ) && !is_null( $_FILES['NewFile']['tmp_name'] ) )
	{
		global $Config ;
		
		// setting current folder
		$currentFolder = $Config['FTPfolder'] . $currentFolder ;

		$oFile = $_FILES['NewFile'] ;
		
		// Get the uploaded file name.
		$sFileName = $oFile['name'] ;

		// Replace dots in the name with underscores (only one dot can be there... security issue).
		if ( $Config['ForceSingleExtension'] )
			$sFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sFileName ) ;

		$sOriginalFileName = $sFileName ;

		// Get the extension.
		$sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ;
		$sExtension = strtolower( $sExtension ) ;

		$arAllowed	= $Config['AllowedExtensions'][$resourceType] ;
		$arDenied	= $Config['DeniedExtensions'][$resourceType] ;

		if ( ( count($arAllowed) == 0 || in_array( $sExtension, $arAllowed ) ) && ( count($arDenied) == 0 || !in_array( $sExtension, $arDenied ) ) )
		{
			$iCounter = 0 ;

			// STEP 1: first we need to upload the file to local server so it can be resized.
			while ( true )
			{
				if ($resourceType == 'Image') {
					$sFilePath = $Config['FTPworkingimage'] . $_POST['ddlImageSize'] . '-' . $sFileName ;
				} else {
					$sFilePath = $Config['FTPworkingimage'] . $sFileName ;					
				}				

				if ( is_file( $sFilePath ) )
				{
					$iCounter++ ;
					$sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
					$sErrorNumber = '201' ;
				}
				else
				{
					move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ;

					if ( is_file( $sFilePath ) )
					{
						$oldumask = umask(0) ;
						chmod( $sFilePath, 0777 ) ;
						umask( $oldumask ) ;
					}
					break ;
				}
			}
			
			// STEP 2: resizing the uploaded image using the class simple-image found in the scripts directory.  If the uploaded image's width is
			// greater than the height, then we resize to the width of the user selected size.  Vice versa for the height.
			if ($resourceType == 'Image') {
				include('../../../../../../../scripts/simple-image.php');
				$image = new SimpleImage();
				$image->load($sFilePath);
				if ($image->getWidth() > $image->getHeight()) {
					$image->resizeToWidth($_POST['ddlImageSize']);
				} else {
					$image->resizeToHeight($_POST['ddlImageSize']);
				}
				$image->save($sFilePath);
			}
			
			// STEP 3: moving the resized image to the ftp server.
			// set up a ftp connection or die
			$conn_id = ftp_connect($Config['FTPserver']); 
		
			// try to login
			if (@ftp_login($conn_id, $Config['FTPuser'], $Config['FTPpwd'])) {		
				// changing ftp directory
				ftp_chdir($conn_id, $currentFolder);
				
				$iCounter = 0 ;
	
				while ( true )
				{
					if ($resourceType == 'Image') {
						$sFileName = $_POST['ddlImageSize'] . '-' . $sFileName ;
					}
					
					if ( ftp_size($conn_id, $sFileName) != -1 ) {
						$iCounter++ ;
						$sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
						$sErrorNumber = '201' ;
					} else {
						ftp_put($conn_id, $sFileName, $sFilePath, FTP_BINARY);					
						break ;
					}
				}							
			} else {
				$sErrorNumber = '250' ;
			}
			
			//STEP 4: removing the file from local server
			unlink($sFilePath);
		} else {
			$sErrorNumber = '202' ;
		}
	}
	else
		$sErrorNumber = '202' ;

	echo '<script type="text/javascript">' ;
	echo 'window.parent.frames["frmUpload"].OnUploadCompleted(' . $sErrorNumber . ',"' . str_replace( '"', '\\"', $sFileName ) . '") ;' ;
	echo '</script>' ;

	exit ;
}
?>

comment:5 Changed 17 years ago by Wojciech Olchawa

Keywords: HasPatch added

comment:6 Changed 14 years ago by Wiktor Walc

Resolution: wontfix
Status: newclosed
Version: FCKeditor 2.5

The file browser is now distributed as an external application: CKFinder, the built-in filemanager is no longer maintained.

If you're still looking for a similar feature, please create a feature request on the CKFinder forum

Find this issue on GitHub
Note: See TracTickets for help on using tickets.
© 2003 – 2022, CKSource sp. z o.o. sp.k. All rights reserved. | Terms of use | Privacy policy