← Back to branch summary

~ubuntu-branches/ubuntu/oneiric/moin/oneiric-security

« back to all changes in this revision

Viewing changes to MoinMoin/web/static/htdocs/applets/FCKeditor/editor/filemanager/connectors/cfm/cf5_connector.cfm

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2010-03-30 12:55:34 UTC
  • mfrom: (0.1.17 sid)
  • Revision ID: james.westby@ubuntu.com-20100330125534-4c2ufc1rok24447l
Tags: 1.9.2-2ubuntu1
https://launchpad.net/bugs/521834
* Merge from Debian testing (LP: #521834). Based on work by Stefan Ebner.
  Remaining changes:
 - Remove python-xml from Suggests field, the package isn't anymore in
   sys.path.
 - Demote fckeditor from Recommends to Suggests; the code was previously
   embedded in moin, but it was also disabled, so there's no reason for us
   to pull this in by default currently. Note: This isn't necessary anymore
   but needs a MIR for fckeditor, so postpone dropping this change until
   lucid+1
* debian/rules:
  - Replace hardcoded python2.5 with python* and hardcore python2.6 for ln
* debian/control.in: drop versioned depends on cdbs

Show diffs side-by-side

added added

removed removed

Lines of Context:
MoinMoin/web/static/htdocs/applets/FCKeditor/editor/filemanager/connectors/cfm/cf5_connector.cfm
 
1
<cfsetting enablecfoutputonly="yes" showdebugoutput="no">
 
2
<!---
 
3
 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
 
4
 * Copyright (C) 2003-2009 Frederico Caldeira Knabben
 
5
 *
 
6
 * == BEGIN LICENSE ==
 
7
 *
 
8
 * Licensed under the terms of any of the following licenses at your
 
9
 * choice:
 
10
 *
 
11
 *  - GNU General Public License Version 2 or later (the "GPL")
 
12
 *    http://www.gnu.org/licenses/gpl.html
 
13
 *
 
14
 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
 
15
 *    http://www.gnu.org/licenses/lgpl.html
 
16
 *
 
17
 *  - Mozilla Public License Version 1.1 or later (the "MPL")
 
18
 *    http://www.mozilla.org/MPL/MPL-1.1.html
 
19
 *
 
20
 * == END LICENSE ==
 
21
 *
 
22
 * File Browser connector for ColdFusion 5.
 
23
 * (based on the original CF connector by Hendrik Kramer - hk@lwd.de)
 
24
 *
 
25
 * Note:
 
26
 * FCKeditor requires that the connector responds with UTF-8 encoded XML.
 
27
 * As ColdFusion 5 does not fully support UTF-8 encoding, we force ASCII
 
28
 * file and folder names in this connector to allow CF5 send a UTF-8
 
29
 * encoded response - code points under 127 in UTF-8 are stored using a
 
30
 * single byte, using the same encoding as ASCII, which is damn handy.
 
31
 * This is all grand for the English speakers, like meself, but I dunno
 
32
 * how others are gonna take to it. Well, the previous version of this
 
33
 * connector already did this with file names and nobody seemed to mind,
 
34
 * so fingers-crossed nobody will mind their folder names being munged too.
 
35
 *
 
36
--->
 
37
 
 
38
<cfparam name="url.command">
 
39
<cfparam name="url.type">
 
40
<cfparam name="url.currentFolder">
 
41
<!--- note: no serverPath url parameter - see config.cfm if you need to set the serverPath manually --->
 
42
 
 
43
<cfinclude template="config.cfm">
 
44
 
 
45
<cfscript>
 
46
        userFilesPath = config.userFilesPath;
 
47
 
 
48
        if ( userFilesPath eq "" )
 
49
        {
 
50
                userFilesPath = "/userfiles/";
 
51
        }
 
52
 
 
53
        // make sure the user files path is correctly formatted
 
54
        userFilesPath = replace(userFilesPath, "\", "/", "ALL");
 
55
        userFilesPath = replace(userFilesPath, '//', '/', 'ALL');
 
56
        if ( right(userFilesPath,1) NEQ "/" )
 
57
        {
 
58
                userFilesPath = userFilesPath & "/";
 
59
        }
 
60
        if ( left(userFilesPath,1) NEQ "/" )
 
61
        {
 
62
                userFilesPath = "/" & userFilesPath;
 
63
        }
 
64
 
 
65
        // make sure the current folder is correctly formatted
 
66
        url.currentFolder = replace(url.currentFolder, "\", "/", "ALL");
 
67
        url.currentFolder = replace(url.currentFolder, '//', '/', 'ALL');
 
68
        if ( right(url.currentFolder,1) neq "/" )
 
69
        {
 
70
                url.currentFolder = url.currentFolder & "/";
 
71
        }
 
72
        if ( left(url.currentFolder,1) neq "/" )
 
73
        {
 
74
                url.currentFolder = "/" & url.currentFolder;
 
75
        }
 
76
 
 
77
        if ( find("/",getBaseTemplatePath()) neq 0 )
 
78
        {
 
79
                fs = "/";
 
80
        }
 
81
        else
 
82
        {
 
83
                fs = "\";
 
84
        }
 
85
 
 
86
        // Get the base physical path to the web root for this application. The code to determine the path automatically assumes that
 
87
        // the "FCKeditor" directory in the http request path is directly off the web root for the application and that it's not a
 
88
        // virtual directory or a symbolic link / junction. Use the serverPath config setting to force a physical path if necessary.
 
89
        if ( len(config.serverPath) )
 
90
        {
 
91
                serverPath = config.serverPath;
 
92
 
 
93
                if ( right(serverPath,1) neq fs )
 
94
                {
 
95
                        serverPath = serverPath & fs;
 
96
                }
 
97
        }
 
98
        else
 
99
        {
 
100
                serverPath = replaceNoCase(getBaseTemplatePath(),replace(cgi.script_name,"/",fs,"all"),"") & replace(userFilesPath,"/",fs,"all");
 
101
        }
 
102
 
 
103
        rootPath = left( serverPath, Len(serverPath) - Len(userFilesPath) ) ;
 
104
        xmlContent = ""; // append to this string to build content
 
105
        invalidName = false;
 
106
</cfscript>
 
107
 
 
108
 
 
109
<cfif not config.enabled>
 
110
 
 
111
        <cfset xmlContent = "<Error number=""1"" text=""This connector is disabled. Please check the 'editor/filemanager/connectors/cfm/config.cfm' file"" />">
 
112
 
 
113
<cfelseif find("..",url.currentFolder) or find("\",url.currentFolder) or REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', url.currentFolder)>
 
114
 
 
115
        <cfset invalidName = true>
 
116
        <cfset xmlContent = "<Error number=""102"" />">
 
117
 
 
118
<cfelseif isDefined("Config.ConfigAllowedCommands") and not ListFind(Config.ConfigAllowedCommands, url.command)>
 
119
 
 
120
        <cfset invalidName = true>
 
121
        <cfset xmlContent = '<Error number="1" text="The &quot;' & HTMLEditFormat(url.command) & '&quot; command isn''t allowed" />'>
 
122
 
 
123
<cfelseif isDefined("Config.ConfigAllowedTypes") and not ListFind(Config.ConfigAllowedTypes, url.type)>
 
124
 
 
125
        <cfset invalidName = true>
 
126
        <cfset xmlContent = '<Error number="1" text="Invalid type specified" />'>
 
127
 
 
128
</cfif>
 
129
 
 
130
<cfset resourceTypeUrl = "">
 
131
<cfif not len(xmlContent)>
 
132
<cfset resourceTypeUrl = rereplace( replace( Config.FileTypesPath[url.type], fs, "/", "all"), "/$", "") >
 
133
 
 
134
<cfif isDefined( "Config.FileTypesAbsolutePath" )
 
135
                and structkeyexists( Config.FileTypesAbsolutePath, url.type )
 
136
                and Len( Config.FileTypesAbsolutePath[url.type] )>
 
137
 
 
138
                        <cfset userFilesServerPath = Config.FileTypesAbsolutePath[url.type] & url.currentFolder>
 
139
<cfelse>
 
140
        <cftry>
 
141
        <cfset userFilesServerPath = expandpath( resourceTypeUrl ) & url.currentFolder>
 
142
        <!--- Catch: Parameter 1 of function ExpandPath must be a relative path --->
 
143
        <cfcatch type="any">
 
144
                <cfset userFilesServerPath = rootPath & Config.FileTypesPath[url.type] & url.currentFolder>
 
145
        </cfcatch>
 
146
        </cftry>
 
147
</cfif>
 
148
 
 
149
<cfset userFilesServerPath = replace( userFilesServerPath, "/", fs, "all" ) >
 
150
<!--- get rid of double directory separators --->
 
151
<cfset userFilesServerPath = replace( userFilesServerPath, fs & fs, fs, "all") >
 
152
 
 
153
<cfset resourceTypeDirectory = left( userFilesServerPath, Len(userFilesServerPath) - Len(url.currentFolder) )>
 
154
</cfif>
 
155
 
 
156
<cfif not len(xmlContent) and not directoryexists(resourceTypeDirectory)>
 
157
        <!--- create directories in physical path if they don't already exist --->
 
158
        <cfset currentPath = "">
 
159
        <cftry>
 
160
                <cfloop list="#resourceTypeDirectory#" index="name" delimiters="#fs#">
 
161
                        <cfif currentPath eq "" and fs eq "\">
 
162
                                <!--- Without checking this, we would have in Windows \C:\ --->
 
163
                                <cfif not directoryExists(name)>
 
164
                                        <cfdirectory action="create" directory="#name#" mode="755">
 
165
                                </cfif>
 
166
                        <cfelse>
 
167
                                <cfif not directoryExists(currentPath & fs & name)>
 
168
                                        <cfdirectory action="create" directory="#currentPath##fs##name#" mode="755">
 
169
                                </cfif>
 
170
                        </cfif>
 
171
 
 
172
                        <cfif fs eq "\" and currentPath eq "">
 
173
                                <cfset currentPath = name>
 
174
                        <cfelse>
 
175
                                <cfset currentPath = currentPath & fs & name>
 
176
                        </cfif>
 
177
                </cfloop>
 
178
 
 
179
        <cfcatch type="any">
 
180
 
 
181
                <!--- this should only occur as a result of a permissions problem --->
 
182
                <cfset xmlContent = "<Error number=""103"" />">
 
183
 
 
184
        </cfcatch>
 
185
 
 
186
        </cftry>
 
187
</cfif>
 
188
 
 
189
<cfif not len(xmlContent)>
 
190
 
 
191
        <!--- no errors thus far - run command --->
 
192
 
 
193
        <!--- we need to know the physical path to the current folder for all commands --->
 
194
        <cfset currentFolderPath = userFilesServerPath>
 
195
 
 
196
        <cfswitch expression="#url.command#">
 
197
 
 
198
                <cfcase value="FileUpload">
 
199
                        <cfset config_included = true >
 
200
                        <cfinclude template="cf5_upload.cfm">
 
201
                        <cfabort>
 
202
                </cfcase>
 
203
 
 
204
 
 
205
                <cfcase value="GetFolders">
 
206
 
 
207
                        <!--- Sort directories first, name ascending --->
 
208
                        <cfdirectory
 
209
                                action="list"
 
210
                                directory="#currentFolderPath#"
 
211
                                name="qDir"
 
212
                                sort="type,name">
 
213
 
 
214
                        <cfscript>
 
215
                                i=1;
 
216
                                folders = "";
 
217
                                while( i lte qDir.recordCount ) {
 
218
                                        if( not compareNoCase( qDir.type[i], "FILE" ))
 
219
                                                break;
 
220
                                        if( not listFind(".,..", qDir.name[i]) )
 
221
                                                folders = folders & '<Folder name="#HTMLEditFormat( qDir.name[i] )#" />';
 
222
                                        i=i+1;
 
223
                                }
 
224
 
 
225
                                xmlContent = xmlContent & '<Folders>' & folders & '</Folders>';
 
226
                        </cfscript>
 
227
 
 
228
                </cfcase>
 
229
 
 
230
 
 
231
                <cfcase value="GetFoldersAndFiles">
 
232
 
 
233
                        <!--- Sort directories first, name ascending --->
 
234
                        <cfdirectory
 
235
                                action="list"
 
236
                                directory="#currentFolderPath#"
 
237
                                name="qDir"
 
238
                                sort="type,name">
 
239
 
 
240
                        <cfscript>
 
241
                                i=1;
 
242
                                folders = "";
 
243
                                files = "";
 
244
                                while( i lte qDir.recordCount ) {
 
245
                                        if( not compareNoCase( qDir.type[i], "DIR" ) and not listFind(".,..", qDir.name[i]) ) {
 
246
                                                folders = folders & '<Folder name="#HTMLEditFormat(qDir.name[i])#" />';
 
247
                                        } else if( not compareNoCase( qDir.type[i], "FILE" ) ) {
 
248
                                                fileSizeKB = round(qDir.size[i] / 1024);
 
249
                                                files = files & '<File name="#HTMLEditFormat(qDir.name[i])#" size="#IIf( fileSizeKB GT 0, DE( fileSizeKB ), 1)#" />';
 
250
                                        }
 
251
                                        i=i+1;
 
252
                                }
 
253
 
 
254
                                xmlContent = xmlContent & '<Folders>' & folders & '</Folders>';
 
255
                                xmlContent = xmlContent & '<Files>' & files & '</Files>';
 
256
                        </cfscript>
 
257
 
 
258
                </cfcase>
 
259
 
 
260
 
 
261
                <cfcase value="CreateFolder">
 
262
 
 
263
                        <cfparam name="url.newFolderName" default="">
 
264
 
 
265
                        <cfscript>
 
266
                                newFolderName = url.newFolderName;
 
267
                                if( reFind("[^A-Za-z0-9_\-\.]", newFolderName) ) {
 
268
                                        // Munge folder name same way as we do the filename
 
269
                                        // This means folder names are always US-ASCII so we don't have to worry about CF5 and UTF-8
 
270
                                        newFolderName = reReplace(newFolderName, "[^A-Za-z0-9\-\.]", "_", "all");
 
271
                                        newFolderName = reReplace(newFolderName, "_{2,}", "_", "all");
 
272
                                        newFolderName = reReplace(newFolderName, "([^_]+)_+$", "\1", "all");
 
273
                                        newFolderName = reReplace(newFolderName, "$_([^_]+)$", "\1", "all");
 
274
                                        newFolderName = reReplace(newFolderName, '\.+', "_", "all" );
 
275
                                }
 
276
                        </cfscript>
 
277
 
 
278
                        <cfif not len(newFolderName) or len(newFolderName) gt 255>
 
279
                                <cfset errorNumber = 102>
 
280
                        <cfelseif directoryExists(currentFolderPath & newFolderName)>
 
281
                                <cfset errorNumber = 101>
 
282
                        <cfelseif reFind("^\.\.",newFolderName)>
 
283
                                <cfset errorNumber = 102>
 
284
                        <cfelse>
 
285
                                <cfset errorNumber = 0>
 
286
 
 
287
                                <cftry>
 
288
                                        <cfdirectory
 
289
                                                action="create"
 
290
                                                directory="#currentFolderPath##newFolderName#"
 
291
                                                mode="755">
 
292
                                        <cfcatch>
 
293
                                                <!---
 
294
                                                un-resolvable error numbers in ColdFusion:
 
295
                                                * 102 : Invalid folder name.
 
296
                                                * 103 : You have no permissions to create the folder.
 
297
                                                --->
 
298
                                                <cfset errorNumber = 110>
 
299
                                        </cfcatch>
 
300
                                </cftry>
 
301
                        </cfif>
 
302
 
 
303
                        <cfset xmlContent = xmlContent & '<Error number="#errorNumber#" />'>
 
304
 
 
305
                </cfcase>
 
306
 
 
307
                <cfdefaultcase>
 
308
                        <cfthrow type="fckeditor.connector" message="Illegal command: #url.command#">
 
309
                </cfdefaultcase>
 
310
 
 
311
        </cfswitch>
 
312
</cfif>
 
313
 
 
314
<cfscript>
 
315
        xmlHeader = '<?xml version="1.0" encoding="utf-8" ?>';
 
316
        if (invalidName) {
 
317
                xmlHeader = xmlHeader & '<Connector>';
 
318
        }
 
319
        else {
 
320
                xmlHeader = xmlHeader & '<Connector command="#url.command#" resourceType="#url.type#">';
 
321
                xmlHeader = xmlHeader & '<CurrentFolder path="#url.currentFolder#" url="#resourceTypeUrl##url.currentFolder#" />';
 
322
        }
 
323
        xmlFooter = '</Connector>';
 
324
</cfscript>
 
325
 
 
326
<cfheader name="Expires" value="#GetHttpTimeString(Now())#">
 
327
<cfheader name="Pragma" value="no-cache">
 
328
<cfheader name="Cache-Control" value="no-cache, no-store, must-revalidate">
 
329
<cfcontent reset="true" type="text/xml; charset=UTF-8">
 
330
<cfoutput>#xmlHeader##xmlContent##xmlFooter#</cfoutput>