2
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
3
* Copyright (C) 2003-2007 Frederico Caldeira Knabben
7
* Licensed under the terms of any of the following licenses at your
10
* - GNU General Public License Version 2 or later (the "GPL")
11
* http://www.gnu.org/licenses/gpl.html
13
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
14
* http://www.gnu.org/licenses/lgpl.html
16
* - Mozilla Public License Version 1.1 or later (the "MPL")
17
* http://www.mozilla.org/MPL/MPL-1.1.html
21
* This is the "File Uploader" for ColdFusion.
22
* Based on connector.cfm by Mark Woods (mark@thickpaddy.com)
25
<cfinclude template="config.cfm">
27
<cfparam name="url.type" default="File">
29
<cffunction name="SendResults">
30
<cfargument name="errorNumber" type="numeric" required="yes">
31
<cfargument name="fileUrl" type="string" required="no" default="">
32
<cfargument name="fileName" type="string" required="no" default="">
33
<cfargument name="customMsg" type="string" required="no" default="">
36
<script type="text/javascript">
37
window.parent.OnUploadCompleted(#errorNumber#, "#JSStringFormat(fileUrl)#", "#JSStringFormat(fileName)#", "#JSStringFormat(customMsg)#");
41
<cfabort><!--- Result sent, stop processing this page --->
44
<cfif NOT config.enabled>
45
<cfset SendResults(1, '', '', 'This file uploader is disabled. Please check the "editor/filemanager/upload/cfm/config.cfm" file')>
49
userFilesPath = config.userFilesPath;
50
lAllowedExtensions = config.allowedExtensions[url.type];
51
lDeniedExtensions = config.deniedExtensions[url.type];
52
customMsg = ''; // Can be overwritten. The last value will be sent with the result
54
// make sure the user files path is correctly formatted
55
userFilesPath = replace(userFilesPath, "\", "/", "ALL");
56
userFilesPath = replace(userFilesPath, '//', '/', 'ALL');
57
if ( right(userFilesPath,1) NEQ "/" ) {
58
userFilesPath = userFilesPath & "/";
60
if ( left(userFilesPath,1) NEQ "/" ) {
61
userFilesPath = "/" & userFilesPath;
64
if (find("/",getBaseTemplatePath())) {
70
// Get the base physical path to the web root for this application. The code to determine the path automatically assumes that
71
// the "FCKeditor" directory in the http request path is directly off the web root for the application and that it's not a
72
// virtual directory or a symbolic link / junction. Use the serverPath config setting to force a physical path if necessary.
73
if ( len(config.serverPath) ) {
74
serverPath = config.serverPath;
76
serverPath = replaceNoCase(getBaseTemplatePath(),replace(cgi.script_name,"/",fs,"all"),"");
79
// map the user files path to a physical directory
80
userFilesServerPath = serverPath & replace(userFilesPath,"/",fs,"all");
88
<!--- we need to know the physical path to the current folder for all commands --->
89
<cfset currentFolderPath = userFilesServerPath & url.type & fs>
91
<cfif not directoryExists(currentFolderPath)>
92
<cfdirectory action="create" directory="#currentFolderPath#"/>
95
<!--- TODO: upload to a temp directory and move file if extension is allowed --->
97
<!--- first upload the file with an unique filename --->
98
<cffile action="upload"
100
destination="#currentFolderPath#"
101
nameConflict="makeunique"
105
<cfif (Len(lAllowedExtensions) AND NOT listFindNoCase(lAllowedExtensions, cffile.ServerFileExt))
106
OR (Len(lDeniedExtensions) AND listFindNoCase(lDeniedExtensions, cffile.ServerFileExt))>
108
<!--- Extension of the uploaded file is not allowed --->
109
<cfset errorNumber = "202">
110
<cffile action="delete" file="#cffile.ServerDirectory##fs##cffile.ServerFile#">
116
fileName = cffile.ClientFileName;
117
fileExt = cffile.ServerFileExt;
119
// munge filename for html download. Only a-z, 0-9, _, - and . are allowed
120
if( reFind("[^A-Za-z0-9_\-\.]", fileName) ) {
121
fileName = reReplace(fileName, "[^A-Za-z0-9\-\.]", "_", "ALL");
122
fileName = reReplace(fileName, "_{2,}", "_", "ALL");
123
fileName = reReplace(fileName, "([^_]+)_+$", "\1", "ALL");
124
fileName = reReplace(fileName, "$_([^_]+)$", "\1", "ALL");
127
// When the original filename already exists, add numbers (0), (1), (2), ... at the end of the filename.
128
if( compare( cffile.ServerFileName, fileName ) ) {
130
tmpFileName = fileName;
131
while( fileExists("#currentFolderPath##fileName#.#fileExt#") ) {
132
counter = counter + 1;
133
fileName = tmpFileName & '(#counter#)';
138
<!--- Rename the uploaded file, if neccessary --->
139
<cfif compare(cffile.ServerFileName,fileName)>
141
<cfset errorNumber = "201">
144
source="#currentFolderPath##cffile.ServerFileName#.#cffile.ServerFileExt#"
145
destination="#currentFolderPath##fileName#.#fileExt#"
155
<cfset errorNumber = "1">
156
<cfset customMsg = "An error occured: " & cfcatch.message & " - " & cfcatch.detail>
162
<cfif errorNumber EQ 0>
163
<!--- file was uploaded succesfully --->
164
<cfset SendResults(errorNumber, '#userFilesPath##url.type#/#fileName#.#fileExt#')>
165
<cfelseif errorNumber EQ 201>
166
<!--- file was changed (201), submit the new filename --->
167
<cfset SendResults(errorNumber, '#userFilesPath##url.type#/#fileName#.#fileExt#', replace( fileName & "." & fileExt, "'", "\'", "ALL"), customMsg)>
169
<!--- An error occured(202). Submit only the error code and a message (if available). --->
170
<cfset SendResults(errorNumber, '', '', customMsg)>
b'\\ No newline at end of file'