1
<cfsetting enablecfoutputonly="yes" showdebugoutput="no">
3
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
4
* Copyright (C) 2003-2007 Frederico Caldeira Knabben
8
* Licensed under the terms of any of the following licenses at your
11
* - GNU General Public License Version 2 or later (the "GPL")
12
* http://www.gnu.org/licenses/gpl.html
14
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
15
* http://www.gnu.org/licenses/lgpl.html
17
* - Mozilla Public License Version 1.1 or later (the "MPL")
18
* http://www.mozilla.org/MPL/MPL-1.1.html
22
* File Browser connector for ColdFusion.
23
* (based on the original CF connector by Hendrik Kramer - hk@lwd.de)
26
* FCKeditor requires that the connector responds with UTF-8 encoded XML.
27
* As ColdFusion 5 does not fully support UTF-8 encoding, we force ASCII
28
* file and folder names in this connector to allow CF5 send a UTF-8
29
* encoded response - code points under 127 in UTF-8 are stored using a
30
* single byte, using the same encoding as ASCII, which is damn handy.
31
* This is all grand for the English speakers, like meself, but I dunno
32
* how others are gonna take to it. Well, the previous version of this
33
* connector already did this with file names and nobody seemed to mind,
34
* so fingers-crossed nobody will mind their folder names being munged too.
38
<cfparam name="url.command">
39
<cfparam name="url.type">
40
<cfparam name="url.currentFolder">
41
<!--- note: no serverPath url parameter - see config.cfm if you need to set the serverPath manually --->
43
<cfinclude template="config.cfm">
46
userFilesPath = config.userFilesPath;
47
lAllowedExtensions = config.allowedExtensions[url.type];
48
lDeniedExtensions = config.deniedExtensions[url.type];
50
if ( userFilesPath eq "" ) {
51
userFilesPath = "/userfiles/";
54
// make sure the user files path is correctly formatted
55
userFilesPath = replace(userFilesPath, "\", "/", "ALL");
56
if ( right(userFilesPath,1) neq "/" ) {
57
userFilesPath = userFilesPath & "/";
60
// make sure the current folder is correctly formatted
61
url.currentFolder = replace(url.currentFolder, "\", "/", "ALL");
62
url.currentFolder = replace(url.currentFolder, '//', '/', 'ALL');
63
if ( right(url.currentFolder,1) neq "/" ) {
64
url.currentFolder = url.currentFolder & "/";
66
if ( left(url.currentFolder,1) neq "/" ) {
67
url.currentFolder = "/" & url.currentFolder;
70
if ( find("/",getBaseTemplatePath()) neq 0 ) {
76
// Get the base physical path to the web root for this application. The code to determine the path automatically assumes that
77
// the "FCKeditor" directory in the http request path is directly off the web root for the application and that it's not a
78
// virtual directory or a symbolic link / junction. Use the serverPath config setting to force a physical path if necessary.
79
if ( len(config.serverPath) ) {
80
serverPath = config.serverPath;
82
if ( right(serverPath,1) neq fs ) {
83
serverPath = serverPath & fs;
86
serverPath = replaceNoCase(getBaseTemplatePath(),replace(cgi.script_name,"/",fs,"all"),"") & replace(userFilesPath,"/",fs,"all");
89
// map the user files path to a physical directory
90
userFilesServerPath = serverPath & url.type & replace(url.currentFolder,"/",fs,"all");
92
xmlContent = ""; // append to this string to build content
95
<cfif not config.enabled>
97
<cfset xmlContent = "<Error number=""1"" text=""This connector is disabled. Please check the 'editor/filemanager/browser/default/connectors/cfm/config.cfm' file"" />">
99
<cfelseif find("..",url.currentFolder)>
101
<cfset xmlContent = "<Error number=""102"" />">
105
<cfif not len(xmlContent)>
107
<!--- create directories in physical path if they don't already exist --->
108
<cfset currentPath = "">
110
<cfloop list="#userFilesServerPath#" index="name" delimiters="/">
112
<cfif not directoryExists(currentPath & fs & name)>
113
<cfdirectory action="create" directory="#currentPath##fs##name#" mode="755">
116
<cfset currentPath = currentPath & fs & name>
120
<!--- create sub-directory for file type if it doesn't already exist --->
122
<cfif not directoryExists(userFilesServerPath & url.type)>
123
<cfdirectory action="create" directory="#userFilesServerPath##url.type#" mode="755">
128
<!--- this should only occur as a result of a permissions problem --->
129
<cfset xmlContent = "<Error number=""103"" />">
136
<cfif not len(xmlContent)>
138
<!--- no errors thus far - run command --->
140
<!--- we need to know the physical path to the current folder for all commands --->
141
<cfset currentFolderPath = userFilesServerPath>
143
<cfswitch expression="#url.command#">
146
<cfcase value="FileUpload">
148
<cfset fileName = "">
153
<!--- TODO: upload to a temp directory and move file if extension is allowed --->
155
<!--- first upload the file with an unique filename --->
156
<cffile action="upload"
158
destination="#currentFolderPath#"
159
nameConflict="makeunique"
163
<cfif cffile.fileSize EQ 0>
167
<cfif ( len(lAllowedExtensions) and not listFindNoCase(lAllowedExtensions,cffile.ServerFileExt) )
168
or ( len(lDeniedExtensions) and listFindNoCase(lDeniedExtensions,cffile.ServerFileExt) )>
170
<cfset errorNumber = "202">
171
<cffile action="delete" file="#cffile.ServerDirectory##fs##cffile.ServerFile#">
177
fileName = cffile.ClientFileName;
178
fileExt = cffile.ServerFileExt;
180
// munge filename for html download. Only a-z, 0-9, _, - and . are allowed
181
if( reFind("[^A-Za-z0-9_\-\.]", fileName) ) {
182
fileName = reReplace(fileName, "[^A-Za-z0-9\-\.]", "_", "ALL");
183
fileName = reReplace(fileName, "_{2,}", "_", "ALL");
184
fileName = reReplace(fileName, "([^_]+)_+$", "\1", "ALL");
185
fileName = reReplace(fileName, "$_([^_]+)$", "\1", "ALL");
188
// When the original filename already exists, add numbers (0), (1), (2), ... at the end of the filename.
189
if( compare( cffile.ServerFileName, fileName ) ) {
191
tmpFileName = fileName;
192
while( fileExists("#currentFolderPath##fileName#.#fileExt#") ) {
193
counter = counter + 1;
194
fileName = tmpFileName & '(#counter#)';
199
<!--- Rename the uploaded file, if neccessary --->
200
<cfif compare(cffile.ServerFileName,fileName)>
202
<cfset errorNumber = "201">
205
source="#currentFolderPath##cffile.ServerFileName#.#cffile.ServerFileExt#"
206
destination="#currentFolderPath##fileName#.#fileExt#"
216
<cfset errorNumber = "202">
223
<cfif errorNumber eq 201>
225
<!--- file was changed (201), submit the new filename --->
227
<script type="text/javascript">
228
window.parent.frames['frmUpload'].OnUploadCompleted(#errorNumber#,'#replace( fileName & "." & fileExt, "'", "\'", "ALL")#');
234
<!--- file was uploaded succesfully(0) or an error occured(202). Submit only the error code. --->
236
<script type="text/javascript">
237
window.parent.frames['frmUpload'].OnUploadCompleted(#errorNumber#);
248
<cfcase value="GetFolders">
250
<!--- Sort directories first, name ascending --->
253
directory="#currentFolderPath#"
260
while( i lte qDir.recordCount ) {
261
if( not compareNoCase( qDir.type[i], "FILE" ))
263
if( not listFind(".,..", qDir.name[i]) )
264
folders = folders & '<Folder name="#HTMLEditFormat( qDir.name[i] )#" />';
268
xmlContent = xmlContent & '<Folders>' & folders & '</Folders>';
274
<cfcase value="GetFoldersAndFiles">
276
<!--- Sort directories first, name ascending --->
279
directory="#currentFolderPath#"
287
while( i lte qDir.recordCount ) {
288
if( not compareNoCase( qDir.type[i], "DIR" ) and not listFind(".,..", qDir.name[i]) ) {
289
folders = folders & '<Folder name="#HTMLEditFormat(qDir.name[i])#" />';
290
} else if( not compareNoCase( qDir.type[i], "FILE" ) ) {
291
fileSizeKB = round(qDir.size[i] / 1024);
292
files = files & '<File name="#HTMLEditFormat(qDir.name[i])#" size="#IIf( fileSizeKB GT 0, DE( fileSizeKB ), 1)#" />';
297
xmlContent = xmlContent & '<Folders>' & folders & '</Folders>';
298
xmlContent = xmlContent & '<Files>' & files & '</Files>';
304
<cfcase value="CreateFolder">
306
<cfparam name="url.newFolderName" default="">
309
newFolderName = url.newFolderName;
310
if( reFind("[^A-Za-z0-9_\-\.]", newFolderName) ) {
311
// Munge folder name same way as we do the filename
312
// This means folder names are always US-ASCII so we don't have to worry about CF5 and UTF-8
313
newFolderName = reReplace(newFolderName, "[^A-Za-z0-9\-\.]", "_", "all");
314
newFolderName = reReplace(newFolderName, "_{2,}", "_", "all");
315
newFolderName = reReplace(newFolderName, "([^_]+)_+$", "\1", "all");
316
newFolderName = reReplace(newFolderName, "$_([^_]+)$", "\1", "all");
320
<cfif not len(newFolderName) or len(newFolderName) gt 255>
321
<cfset errorNumber = 102>
322
<cfelseif directoryExists(currentFolderPath & newFolderName)>
323
<cfset errorNumber = 101>
324
<cfelseif reFind("^\.\.",newFolderName)>
325
<cfset errorNumber = 103>
327
<cfset errorNumber = 0>
332
directory="#currentFolderPath##newFolderName#"
336
un-resolvable error numbers in ColdFusion:
337
* 102 : Invalid folder name.
338
* 103 : You have no permissions to create the folder.
340
<cfset errorNumber = 110>
345
<cfset xmlContent = xmlContent & '<Error number="#errorNumber#" />'>
352
<cfthrow type="fckeditor.connector" message="Illegal command: #url.command#">
362
xmlHeader = '<?xml version="1.0" encoding="utf-8" ?><Connector command="#url.command#" resourceType="#url.type#">';
363
xmlHeader = xmlHeader & '<CurrentFolder path="#url.currentFolder#" url="#userFilesPath##url.type##url.currentFolder#" />';
364
xmlFooter = '</Connector>';
367
<cfheader name="Expires" value="#GetHttpTimeString(Now())#">
368
<cfheader name="Pragma" value="no-cache">
369
<cfheader name="Cache-Control" value="no-cache, no-store, must-revalidate">
370
<cfcontent reset="true" type="text/xml; charset=UTF-8">
371
<cfoutput>#xmlHeader##xmlContent##xmlFooter#</cfoutput>
b'\\ No newline at end of file'