3
This is the "File Uploader" for ColdFusion.
4
Based on connector.cfm by Mark Woods (mark@thickpaddy.com)
6
<Author name="Wim Lemmens" email="didgiman@gmail.com" />
9
<cfinclude template="config.cfm">
11
<cfparam name="url.type" default="File">
13
<cffunction name="SendResults">
14
<cfargument name="errorNumber" type="numeric" required="yes">
15
<cfargument name="fileUrl" type="string" required="no" default="">
16
<cfargument name="fileName" type="string" required="no" default="">
17
<cfargument name="customMsg" type="string" required="no" default="">
20
<script type="text/javascript">
21
window.parent.OnUploadCompleted(#errorNumber#, "#JSStringFormat(fileUrl)#", "#JSStringFormat(fileName)#", "#JSStringFormat(customMsg)#");
25
<cfabort><!--- Result sent, stop processing this page --->
28
<cfif NOT config.enabled>
29
<cfset SendResults(1, '', '', 'This file uploader is disabled. Please check the "editor/filemanager/upload/cfm/config.cfm" file')>
33
userFilesPath = config.userFilesPath;
34
lAllowedExtensions = config.allowedExtensions[url.type];
35
lDeniedExtensions = config.deniedExtensions[url.type];
36
customMsg = ''; // Can be overwritten. The last value will be sent with the result
38
// make sure the user files path is correctly formatted
39
userFilesPath = replace(userFilesPath, "\", "/", "ALL");
40
userFilesPath = replace(userFilesPath, '//', '/', 'ALL');
41
if ( right(userFilesPath,1) NEQ "/" ) {
42
userFilesPath = userFilesPath & "/";
44
if ( left(userFilesPath,1) NEQ "/" ) {
45
userFilesPath = "/" & userFilesPath;
48
if (find("/",getBaseTemplatePath())) {
54
// Get the base physical path to the web root for this application. The code to determine the path automatically assumes that
55
// the "FCKeditor" directory in the http request path is directly off the web root for the application and that it's not a
56
// virtual directory or a symbolic link / junction. Use the serverPath config setting to force a physical path if necessary.
57
if ( len(config.serverPath) ) {
58
serverPath = config.serverPath;
60
serverPath = replaceNoCase(getBaseTemplatePath(),replace(cgi.script_name,"/",fs,"all"),"");
63
// map the user files path to a physical directory
64
userFilesServerPath = serverPath & replace(userFilesPath,"/",fs,"all");
72
<!--- we need to know the physical path to the current folder for all commands --->
73
<cfset currentFolderPath = userFilesServerPath & url.type & fs>
75
<!--- TODO: upload to a temp directory and move file if extension is allowed --->
77
<!--- first upload the file with an unique filename --->
78
<cffile action="upload"
80
destination="#currentFolderPath#"
81
nameConflict="makeunique"
85
<cfif (Len(lAllowedExtensions) AND NOT listFindNoCase(lAllowedExtensions, cffile.ServerFileExt))
86
OR (Len(lDeniedExtensions) AND listFindNoCase(lDeniedExtensions, cffile.ServerFileExt))>
88
<!--- Extension of the uploaded file is not allowed --->
89
<cfset errorNumber = "202">
90
<cffile action="delete" file="#cffile.ServerDirectory##fs##cffile.ServerFile#">
96
fileName = cffile.ClientFileName;
97
fileExt = cffile.ServerFileExt;
99
// munge filename for html download. Only a-z, 0-9, _, - and . are allowed
100
if( reFind("[^A-Za-z0-9_\-\.]", fileName) ) {
101
fileName = reReplace(fileName, "[^A-Za-z0-9\-\.]", "_", "ALL");
102
fileName = reReplace(fileName, "_{2,}", "_", "ALL");
103
fileName = reReplace(fileName, "([^_]+)_+$", "\1", "ALL");
104
fileName = reReplace(fileName, "$_([^_]+)$", "\1", "ALL");
107
// When the original filename already exists, add numbers (0), (1), (2), ... at the end of the filename.
108
if( compare( cffile.ServerFileName, fileName ) ) {
110
tmpFileName = fileName;
111
while( fileExists("#currentFolderPath##fileName#.#fileExt#") ) {
112
counter = counter + 1;
113
fileName = tmpFileName & '(#counter#)';
118
<!--- Rename the uploaded file, if neccessary --->
119
<cfif compare(cffile.ServerFileName,fileName)>
121
<cfset errorNumber = "201">
124
source="#currentFolderPath##cffile.ServerFileName#.#cffile.ServerFileExt#"
125
destination="#currentFolderPath##fileName#.#fileExt#"
135
<cfset errorNumber = "1">
136
<cfset customMsg = "An error occured: " & cfcatch.message & " - " & cfcatch.detail>
142
<cfif errorNumber EQ 0>
143
<!--- file was uploaded succesfully --->
144
<cfset SendResults(errorNumber, '#userFilesPath##url.type#/#fileName#.#fileExt#')>
145
<cfelseif errorNumber EQ 201>
146
<!--- file was changed (201), submit the new filename --->
147
<cfset SendResults(errorNumber, '#userFilesPath##url.type#/#fileName#.#fileExt#', replace( fileName & "." & fileExt, "'", "\'", "ALL"), customMsg)>
149
<!--- An error occured(202). Submit only the error code and a message (if available). --->
150
<cfset SendResults(errorNumber, '', '', customMsg)>
b'\\ No newline at end of file'