1
<cfsetting enablecfoutputonly="yes" showdebugoutput="no">
3
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
4
* Copyright (C) 2003-2010 Frederico Caldeira Knabben
8
* Licensed under the terms of any of the following licenses at your
11
* - GNU General Public License Version 2 or later (the "GPL")
12
* http://www.gnu.org/licenses/gpl.html
14
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
15
* http://www.gnu.org/licenses/lgpl.html
17
* - Mozilla Public License Version 1.1 or later (the "MPL")
18
* http://www.mozilla.org/MPL/MPL-1.1.html
22
* File Browser connector for ColdFusion 5.
23
* (based on the original CF connector by Hendrik Kramer - hk@lwd.de)
26
* FCKeditor requires that the connector responds with UTF-8 encoded XML.
27
* As ColdFusion 5 does not fully support UTF-8 encoding, we force ASCII
28
* file and folder names in this connector to allow CF5 send a UTF-8
29
* encoded response - code points under 127 in UTF-8 are stored using a
30
* single byte, using the same encoding as ASCII, which is damn handy.
31
* This is all grand for the English speakers, like meself, but I dunno
32
* how others are gonna take to it. Well, the previous version of this
33
* connector already did this with file names and nobody seemed to mind,
34
* so fingers-crossed nobody will mind their folder names being munged too.
38
<!--- disable connector for ColdFusion > CF5 --->
39
<cfif Left(SERVER.COLDFUSION.PRODUCTVERSION,Find(",",SERVER.COLDFUSION.PRODUCTVERSION)-1) gt 5>
43
<cfparam name="url.command">
44
<cfparam name="url.type">
45
<cfparam name="url.currentFolder">
46
<!--- note: no serverPath url parameter - see config.cfm if you need to set the serverPath manually --->
48
<cfinclude template="config.cfm">
49
<cfset REQUEST.Config = Config>
52
userFilesPath = config.userFilesPath;
54
if ( userFilesPath eq "" )
56
userFilesPath = "/userfiles/";
59
// make sure the user files path is correctly formatted
60
userFilesPath = replace(userFilesPath, "\", "/", "ALL");
61
userFilesPath = replace(userFilesPath, '//', '/', 'ALL');
62
if ( right(userFilesPath,1) NEQ "/" )
64
userFilesPath = userFilesPath & "/";
66
if ( left(userFilesPath,1) NEQ "/" )
68
userFilesPath = "/" & userFilesPath;
71
// make sure the current folder is correctly formatted
72
url.currentFolder = replace(url.currentFolder, "\", "/", "ALL");
73
url.currentFolder = replace(url.currentFolder, '//', '/', 'ALL');
74
if ( right(url.currentFolder,1) neq "/" )
76
url.currentFolder = url.currentFolder & "/";
78
if ( left(url.currentFolder,1) neq "/" )
80
url.currentFolder = "/" & url.currentFolder;
83
if ( find("/",getBaseTemplatePath()) neq 0 )
92
// Get the base physical path to the web root for this application. The code to determine the path automatically assumes that
93
// the "FCKeditor" directory in the http request path is directly off the web root for the application and that it's not a
94
// virtual directory or a symbolic link / junction. Use the serverPath config setting to force a physical path if necessary.
95
if ( len(config.serverPath) )
97
serverPath = config.serverPath;
99
if ( right(serverPath,1) neq fs )
101
serverPath = serverPath & fs;
106
serverPath = replaceNoCase(getBaseTemplatePath(),replace(cgi.script_name,"/",fs,"all"),"") & replace(userFilesPath,"/",fs,"all");
109
rootPath = left( serverPath, Len(serverPath) - Len(userFilesPath) ) ;
110
xmlContent = ""; // append to this string to build content
115
<cfif not config.enabled>
117
<cfset xmlContent = "<Error number=""1"" text=""This connector is disabled. Please check the 'editor/filemanager/connectors/cfm/config.cfm' file"" />">
119
<cfelseif find("..",url.currentFolder) or find("\",url.currentFolder) or REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', url.currentFolder)>
121
<cfset invalidName = true>
122
<cfset xmlContent = "<Error number=""102"" />">
124
<cfelseif isDefined("Config.ConfigAllowedCommands") and not ListFind(Config.ConfigAllowedCommands, url.command)>
126
<cfset invalidName = true>
127
<cfset xmlContent = '<Error number="1" text="The "' & HTMLEditFormat(url.command) & '" command isn''t allowed" />'>
129
<cfelseif isDefined("Config.ConfigAllowedTypes") and not ListFind(Config.ConfigAllowedTypes, url.type)>
131
<cfset invalidName = true>
132
<cfset xmlContent = '<Error number="1" text="Invalid type specified" />'>
136
<cfset resourceTypeUrl = "">
137
<cfif not len(xmlContent)>
138
<cfset resourceTypeUrl = rereplace( replace( Config.FileTypesPath[url.type], fs, "/", "all"), "/$", "") >
140
<cfif isDefined( "Config.FileTypesAbsolutePath" )
141
and structkeyexists( Config.FileTypesAbsolutePath, url.type )
142
and Len( Config.FileTypesAbsolutePath[url.type] )>
144
<cfset userFilesServerPath = Config.FileTypesAbsolutePath[url.type] & url.currentFolder>
147
<cfset userFilesServerPath = expandpath( resourceTypeUrl ) & url.currentFolder>
148
<!--- Catch: Parameter 1 of function ExpandPath must be a relative path --->
150
<cfset userFilesServerPath = rootPath & Config.FileTypesPath[url.type] & url.currentFolder>
155
<cfset userFilesServerPath = replace( userFilesServerPath, "/", fs, "all" ) >
156
<!--- get rid of double directory separators --->
157
<cfset userFilesServerPath = replace( userFilesServerPath, fs & fs, fs, "all") >
159
<cfset resourceTypeDirectory = left( userFilesServerPath, Len(userFilesServerPath) - Len(url.currentFolder) )>
162
<cfif not len(xmlContent) and not directoryexists(resourceTypeDirectory)>
163
<!--- create directories in physical path if they don't already exist --->
164
<cfset currentPath = "">
166
<cfloop list="#resourceTypeDirectory#" index="name" delimiters="#fs#">
167
<cfif currentPath eq "" and fs eq "\">
168
<!--- Without checking this, we would have in Windows \C:\ --->
169
<cfif not directoryExists(name)>
170
<cfdirectory action="create" directory="#name#" mode="755">
173
<cfif not directoryExists(currentPath & fs & name)>
174
<cfdirectory action="create" directory="#currentPath##fs##name#" mode="755">
178
<cfif fs eq "\" and currentPath eq "">
179
<cfset currentPath = name>
181
<cfset currentPath = currentPath & fs & name>
187
<!--- this should only occur as a result of a permissions problem --->
188
<cfset xmlContent = "<Error number=""103"" />">
195
<cfif not len(xmlContent)>
197
<!--- no errors thus far - run command --->
199
<!--- we need to know the physical path to the current folder for all commands --->
200
<cfset currentFolderPath = userFilesServerPath>
202
<cfswitch expression="#url.command#">
204
<cfcase value="FileUpload">
205
<cfset REQUEST.config_included = true>
206
<cfinclude template="cf5_upload.cfm">
211
<cfcase value="GetFolders">
213
<!--- Sort directories first, name ascending --->
216
directory="#currentFolderPath#"
223
while( i lte qDir.recordCount ) {
224
if( not compareNoCase( qDir.type[i], "FILE" ))
226
if( not listFind(".,..", qDir.name[i]) )
227
folders = folders & '<Folder name="#HTMLEditFormat( qDir.name[i] )#" />';
231
xmlContent = xmlContent & '<Folders>' & folders & '</Folders>';
237
<cfcase value="GetFoldersAndFiles">
239
<!--- Sort directories first, name ascending --->
242
directory="#currentFolderPath#"
250
while( i lte qDir.recordCount ) {
251
if( not compareNoCase( qDir.type[i], "DIR" ) and not listFind(".,..", qDir.name[i]) ) {
252
folders = folders & '<Folder name="#HTMLEditFormat(qDir.name[i])#" />';
253
} else if( not compareNoCase( qDir.type[i], "FILE" ) ) {
254
fileSizeKB = round(qDir.size[i] / 1024);
255
files = files & '<File name="#HTMLEditFormat(qDir.name[i])#" size="#IIf( fileSizeKB GT 0, DE( fileSizeKB ), 1)#" />';
260
xmlContent = xmlContent & '<Folders>' & folders & '</Folders>';
261
xmlContent = xmlContent & '<Files>' & files & '</Files>';
267
<cfcase value="CreateFolder">
269
<cfparam name="url.newFolderName" default="">
272
newFolderName = url.newFolderName;
273
if( reFind("[^A-Za-z0-9_\-\.]", newFolderName) ) {
274
// Munge folder name same way as we do the filename
275
// This means folder names are always US-ASCII so we don't have to worry about CF5 and UTF-8
276
newFolderName = reReplace(newFolderName, "[^A-Za-z0-9\-\.]", "_", "all");
277
newFolderName = reReplace(newFolderName, "_{2,}", "_", "all");
278
newFolderName = reReplace(newFolderName, "([^_]+)_+$", "\1", "all");
279
newFolderName = reReplace(newFolderName, "$_([^_]+)$", "\1", "all");
280
newFolderName = reReplace(newFolderName, '\.+', "_", "all" );
284
<cfif not len(newFolderName) or len(newFolderName) gt 255>
285
<cfset errorNumber = 102>
286
<cfelseif directoryExists(currentFolderPath & newFolderName)>
287
<cfset errorNumber = 101>
288
<cfelseif reFind("^\.\.",newFolderName)>
289
<cfset errorNumber = 102>
291
<cfset errorNumber = 0>
296
directory="#currentFolderPath##newFolderName#"
300
un-resolvable error numbers in ColdFusion:
301
* 102 : Invalid folder name.
302
* 103 : You have no permissions to create the folder.
304
<cfset errorNumber = 110>
309
<cfset xmlContent = xmlContent & '<Error number="#errorNumber#" />'>
314
<cfthrow type="fckeditor.connector" message="Illegal command: #url.command#">
321
xmlHeader = '<?xml version="1.0" encoding="utf-8" ?>';
323
xmlHeader = xmlHeader & '<Connector>';
326
xmlHeader = xmlHeader & '<Connector command="#url.command#" resourceType="#url.type#">';
327
xmlHeader = xmlHeader & '<CurrentFolder path="#url.currentFolder#" url="#resourceTypeUrl##url.currentFolder#" />';
329
xmlFooter = '</Connector>';
332
<cfheader name="Expires" value="#GetHttpTimeString(Now())#">
333
<cfheader name="Pragma" value="no-cache">
334
<cfheader name="Cache-Control" value="no-cache, no-store, must-revalidate">
335
<cfcontent reset="true" type="text/xml; charset=UTF-8">
336
<cfoutput>#xmlHeader##xmlContent##xmlFooter#</cfoutput>