From: <mja...@us...> - 2009-07-13 08:46:24
|
Revision: 922 http://zkforge.svn.sourceforge.net/zkforge/?rev=922&view=rev Author: mjablonski Date: 2009-07-13 08:46:19 +0000 (Mon, 13 Jul 2009) Log Message: ----------- Updated FCKEditor to 2.6.4.1 (important security update to FCKEditor when connector modules are used) Modified Paths: -------------- trunk/fckez/src/archive/META-INF/MANIFEST.MF trunk/fckez/src/archive/metainfo/zk/lang-addon.xml trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_about.html trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/basexml.asp trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/commands.asp trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/connector.asp trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/io.asp trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/upload.asp trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_connector.cfm trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_upload.cfm trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_basexml.cfm trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_commands.cfm trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_io.cfm trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_upload.cfm trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/config.cfm trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/connector.lasso trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/upload.lasso trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/basexml.pl trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/commands.pl trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/connector.cgi trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/io.pl trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/upload.cgi trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/upload_fck.pl trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/util.pl trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/php/basexml.php trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/php/commands.php trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/php/config.php trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/php/io.php trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/php/upload.php trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/py/connector.py trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/py/fckcommands.py trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/py/fckoutput.py trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/py/fckutil.py trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/py/upload.py trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/js/fckeditorcode_gecko.js trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/js/fckeditorcode_ie.js trunk/fckez/src/archive/web/js/ext/FCKeditor/fckeditor.js trunk/fckez/src/org/zkforge/fckez/Version.java trunk/fckez/version Added Paths: ----------- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/config.pl Modified: trunk/fckez/src/archive/META-INF/MANIFEST.MF =================================================================== --- trunk/fckez/src/archive/META-INF/MANIFEST.MF 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/META-INF/MANIFEST.MF 2009-07-13 08:46:19 UTC (rev 922) @@ -1,8 +1,8 @@ Manifest-Version: 1.0 Specification-Title: FCKeditor Components for ZK -Specification-Version: 2.6.4_1 +Specification-Version: 2.6.4.1 Specification-Vendor: Potix Corporation Implementation-Title: org.zkforge.fckez Implementation-URL: http://www.zkforge.org/fckez -Implementation-Version: 2.6.4_1 +Implementation-Version: 2.6.4.1 Implementation-Vendor: Potix Corporation Modified: trunk/fckez/src/archive/metainfo/zk/lang-addon.xml =================================================================== --- trunk/fckez/src/archive/metainfo/zk/lang-addon.xml 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/metainfo/zk/lang-addon.xml 2009-07-13 08:46:19 UTC (rev 922) @@ -20,7 +20,7 @@ <version> <version-class>org.zkforge.fckez.Version</version-class> - <version-uid>2.6.4_1</version-uid> + <version-uid>2.6.4.1</version-uid> <zk-version>2.4.0</zk-version><!-- or later --> </version> @@ -32,7 +32,7 @@ browsers will reload them. Note: It defines only the version. It doesn't cause ZK to load it. --> - <javascript-module name="fckez.fckez" version="2.6.4_1"/> + <javascript-module name="fckez.fckez" version="2.6.4.1"/> <zscript> import org.zkforge.fckez.*; Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_about.html =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_about.html 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_about.html 2009-07-13 08:46:19 UTC (rev 922) @@ -78,8 +78,8 @@ border-left: #000000 1px solid; border-bottom: #000000 1px solid"> <span fcklang="DlgAboutVersion">version</span> <br /> - <b>2.6.4</b><br /> - Build 21629</td> + <b>2.6.4.1</b><br /> + Build 23187</td> </tr> </table> </td> Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl 2009-07-13 08:46:19 UTC (rev 922) @@ -1,181 +1,181 @@ -#!/usr/bin/perl - -use CGI qw/ :standard /; -use File::Temp qw/ tempfile tempdir /; - -# my $spellercss = '/speller/spellerStyle.css'; # by FredCK -my $spellercss = '../spellerStyle.css'; # by FredCK -# my $wordWindowSrc = '/speller/wordWindow.js'; # by FredCK -my $wordWindowSrc = '../wordWindow.js'; # by FredCK -my @textinputs = param( 'textinputs[]' ); # array -# my $aspell_cmd = 'aspell'; # by FredCK (for Linux) -my $aspell_cmd = '"C:\Program Files\Aspell\bin\aspell.exe"'; # by FredCK (for Windows) -my $lang = 'en_US'; -# my $aspell_opts = "-a --lang=$lang --encoding=utf-8"; # by FredCK -my $aspell_opts = "-a --lang=$lang --encoding=utf-8 -H --rem-sgml-check=alt"; # by FredCK -my $input_separator = "A"; - -# set the 'wordtext' JavaScript variable to the submitted text. -sub printTextVar { - for( my $i = 0; $i <= $#textinputs; $i++ ) { - print "textinputs[$i] = decodeURIComponent('" . escapeQuote( $textinputs[$i] ) . "')\n"; - } -} - -sub printTextIdxDecl { - my $idx = shift; - print "words[$idx] = [];\n"; - print "suggs[$idx] = [];\n"; -} - -sub printWordsElem { - my( $textIdx, $wordIdx, $word ) = @_; - print "words[$textIdx][$wordIdx] = '" . escapeQuote( $word ) . "';\n"; -} - -sub printSuggsElem { - my( $textIdx, $wordIdx, @suggs ) = @_; - print "suggs[$textIdx][$wordIdx] = ["; - for my $i ( 0..$#suggs ) { - print "'" . escapeQuote( $suggs[$i] ) . "'"; - if( $i < $#suggs ) { - print ", "; - } - } - print "];\n"; -} - -sub printCheckerResults { - my $textInputIdx = -1; - my $wordIdx = 0; - my $unhandledText; - # create temp file - my $dir = tempdir( CLEANUP => 1 ); - my( $fh, $tmpfilename ) = tempfile( DIR => $dir ); - - # temp file was created properly? - - # open temp file, add the submitted text. - for( my $i = 0; $i <= $#textinputs; $i++ ) { - $text = url_decode( $textinputs[$i] ); - # Strip all tags for the text. (by FredCK - #339 / #681) - $text =~ s/<[^>]+>/ /g; - @lines = split( /\n/, $text ); - print $fh "\%\n"; # exit terse mode - print $fh "^$input_separator\n"; - print $fh "!\n"; # enter terse mode - for my $line ( @lines ) { - # use carat on each line to escape possible aspell commands - print $fh "^$line\n"; - } - - } - # exec aspell command - my $cmd = "$aspell_cmd $aspell_opts < $tmpfilename 2>&1"; - open ASPELL, "$cmd |" or handleError( "Could not execute `$cmd`\\n$!" ) and return; - # parse each line of aspell return - for my $ret ( <ASPELL> ) { - chomp( $ret ); - # if '&', then not in dictionary but has suggestions - # if '#', then not in dictionary and no suggestions - # if '*', then it is a delimiter between text inputs - if( $ret =~ /^\*/ ) { - $textInputIdx++; - printTextIdxDecl( $textInputIdx ); - $wordIdx = 0; - - } elsif( $ret =~ /^(&|#)/ ) { - my @tokens = split( " ", $ret, 5 ); - printWordsElem( $textInputIdx, $wordIdx, $tokens[1] ); - my @suggs = (); - if( $tokens[4] ) { - @suggs = split( ", ", $tokens[4] ); - } - printSuggsElem( $textInputIdx, $wordIdx, @suggs ); - $wordIdx++; - } else { - $unhandledText .= $ret; - } - } - close ASPELL or handleError( "Error executing `$cmd`\\n$unhandledText" ) and return; -} - -sub escapeQuote { - my $str = shift; - $str =~ s/'/\\'/g; - return $str; -} - -sub handleError { - my $err = shift; - print "error = '" . escapeQuote( $err ) . "';\n"; -} - -sub url_decode { - local $_ = @_ ? shift : $_; - defined or return; - # change + signs to spaces - tr/+/ /; - # change hex escapes to the proper characters - s/%([a-fA-F0-9]{2})/pack "H2", $1/eg; - return $_; -} - -# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # -# Display HTML -# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # - -print <<EOF; -Content-type: text/html; charset=utf-8 - -<html> -<head> -<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> -<link rel="stylesheet" type="text/css" href="$spellercss"/> -<script src="$wordWindowSrc"></script> -<script type="text/javascript"> -var suggs = new Array(); -var words = new Array(); -var textinputs = new Array(); -var error; -EOF - -printTextVar(); - -printCheckerResults(); - -print <<EOF; -var wordWindowObj = new wordWindow(); -wordWindowObj.originalSpellings = words; -wordWindowObj.suggestions = suggs; -wordWindowObj.textInputs = textinputs; - - -function init_spell() { - // check if any error occured during server-side processing - if( error ) { - alert( error ); - } else { - // call the init_spell() function in the parent frameset - if (parent.frames.length) { - parent.init_spell( wordWindowObj ); - } else { - error = "This page was loaded outside of a frameset. "; - error += "It might not display properly"; - alert( error ); - } - } -} - -</script> - -</head> -<body onLoad="init_spell();"> - -<script type="text/javascript"> -wordWindowObj.writeBody(); -</script> - -</body> -</html> -EOF +#!/usr/bin/perl + +use CGI qw/ :standard /; +use File::Temp qw/ tempfile tempdir /; + +# my $spellercss = '/speller/spellerStyle.css'; # by FredCK +my $spellercss = '../spellerStyle.css'; # by FredCK +# my $wordWindowSrc = '/speller/wordWindow.js'; # by FredCK +my $wordWindowSrc = '../wordWindow.js'; # by FredCK +my @textinputs = param( 'textinputs[]' ); # array +# my $aspell_cmd = 'aspell'; # by FredCK (for Linux) +my $aspell_cmd = '"C:\Program Files\Aspell\bin\aspell.exe"'; # by FredCK (for Windows) +my $lang = 'en_US'; +# my $aspell_opts = "-a --lang=$lang --encoding=utf-8"; # by FredCK +my $aspell_opts = "-a --lang=$lang --encoding=utf-8 -H --rem-sgml-check=alt"; # by FredCK +my $input_separator = "A"; + +# set the 'wordtext' JavaScript variable to the submitted text. +sub printTextVar { + for( my $i = 0; $i <= $#textinputs; $i++ ) { + print "textinputs[$i] = decodeURIComponent('" . escapeQuote( $textinputs[$i] ) . "')\n"; + } +} + +sub printTextIdxDecl { + my $idx = shift; + print "words[$idx] = [];\n"; + print "suggs[$idx] = [];\n"; +} + +sub printWordsElem { + my( $textIdx, $wordIdx, $word ) = @_; + print "words[$textIdx][$wordIdx] = '" . escapeQuote( $word ) . "';\n"; +} + +sub printSuggsElem { + my( $textIdx, $wordIdx, @suggs ) = @_; + print "suggs[$textIdx][$wordIdx] = ["; + for my $i ( 0..$#suggs ) { + print "'" . escapeQuote( $suggs[$i] ) . "'"; + if( $i < $#suggs ) { + print ", "; + } + } + print "];\n"; +} + +sub printCheckerResults { + my $textInputIdx = -1; + my $wordIdx = 0; + my $unhandledText; + # create temp file + my $dir = tempdir( CLEANUP => 1 ); + my( $fh, $tmpfilename ) = tempfile( DIR => $dir ); + + # temp file was created properly? + + # open temp file, add the submitted text. + for( my $i = 0; $i <= $#textinputs; $i++ ) { + $text = url_decode( $textinputs[$i] ); + # Strip all tags for the text. (by FredCK - #339 / #681) + $text =~ s/<[^>]+>/ /g; + @lines = split( /\n/, $text ); + print $fh "\%\n"; # exit terse mode + print $fh "^$input_separator\n"; + print $fh "!\n"; # enter terse mode + for my $line ( @lines ) { + # use carat on each line to escape possible aspell commands + print $fh "^$line\n"; + } + + } + # exec aspell command + my $cmd = "$aspell_cmd $aspell_opts < $tmpfilename 2>&1"; + open ASPELL, "$cmd |" or handleError( "Could not execute `$cmd`\\n$!" ) and return; + # parse each line of aspell return + for my $ret ( <ASPELL> ) { + chomp( $ret ); + # if '&', then not in dictionary but has suggestions + # if '#', then not in dictionary and no suggestions + # if '*', then it is a delimiter between text inputs + if( $ret =~ /^\*/ ) { + $textInputIdx++; + printTextIdxDecl( $textInputIdx ); + $wordIdx = 0; + + } elsif( $ret =~ /^(&|#)/ ) { + my @tokens = split( " ", $ret, 5 ); + printWordsElem( $textInputIdx, $wordIdx, $tokens[1] ); + my @suggs = (); + if( $tokens[4] ) { + @suggs = split( ", ", $tokens[4] ); + } + printSuggsElem( $textInputIdx, $wordIdx, @suggs ); + $wordIdx++; + } else { + $unhandledText .= $ret; + } + } + close ASPELL or handleError( "Error executing `$cmd`\\n$unhandledText" ) and return; +} + +sub escapeQuote { + my $str = shift; + $str =~ s/'/\\'/g; + return $str; +} + +sub handleError { + my $err = shift; + print "error = '" . escapeQuote( $err ) . "';\n"; +} + +sub url_decode { + local $_ = @_ ? shift : $_; + defined or return; + # change + signs to spaces + tr/+/ /; + # change hex escapes to the proper characters + s/%([a-fA-F0-9]{2})/pack "H2", $1/eg; + return $_; +} + +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # +# Display HTML +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # + +print <<EOF; +Content-type: text/html; charset=utf-8 + +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel="stylesheet" type="text/css" href="$spellercss"/> +<script src="$wordWindowSrc"></script> +<script type="text/javascript"> +var suggs = new Array(); +var words = new Array(); +var textinputs = new Array(); +var error; +EOF + +printTextVar(); + +printCheckerResults(); + +print <<EOF; +var wordWindowObj = new wordWindow(); +wordWindowObj.originalSpellings = words; +wordWindowObj.suggestions = suggs; +wordWindowObj.textInputs = textinputs; + + +function init_spell() { + // check if any error occured during server-side processing + if( error ) { + alert( error ); + } else { + // call the init_spell() function in the parent frameset + if (parent.frames.length) { + parent.init_spell( wordWindowObj ); + } else { + error = "This page was loaded outside of a frameset. "; + error += "It might not display properly"; + alert( error ); + } + } +} + +</script> + +</head> +<body onLoad="init_spell();"> + +<script type="text/javascript"> +wordWindowObj.writeBody(); +</script> + +</body> +</html> +EOF Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/basexml.asp =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/basexml.asp 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/basexml.asp 2009-07-13 08:46:19 UTC (rev 922) @@ -56,7 +56,11 @@ ' Create the XML document header. Response.Write "<?xml version=""1.0"" encoding=""utf-8"" ?>" + If text <> "" then Response.Write "<Connector><Error number=""" & number & """ text=""" & Server.HTMLEncode( text ) & """ /></Connector>" + else + Response.Write "<Connector><Error number=""" & number & """ /></Connector>" + end if Response.End End Sub Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/commands.asp =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/commands.asp 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/commands.asp 2009-07-13 08:46:19 UTC (rev 922) @@ -130,7 +130,7 @@ End If ' Create the "Error" node. - Response.Write "<Error number=""" & sErrorNumber & """ originalNumber=""" & iErrNumber & """ originalDescription=""" & ConvertToXmlAttribute( sErrDescription ) & """ />" + Response.Write "<Error number=""" & sErrorNumber & """ />" End Sub Sub FileUpload( resourceType, currentFolder, sCommand ) @@ -192,7 +192,11 @@ sFileUrl = CombinePaths( GetResourceTypePath( resourceType, sCommand ) , currentFolder ) sFileUrl = CombinePaths( sFileUrl, sFileName ) - SendUploadResults sErrorNumber, sFileUrl, sFileName, "" + If ( sErrorNumber = "0" or sErrorNumber = "201" ) then + SendUploadResults sErrorNumber, sFileUrl, sFileName, "" + Else + SendUploadResults sErrorNumber, "", "", "" + End If End Sub %> Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/connector.asp =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/connector.asp 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/connector.asp 2009-07-13 08:46:19 UTC (rev 922) @@ -57,7 +57,7 @@ ' Check if it is an allowed resource type. if ( Not IsAllowedType( sResourceType ) ) Then - SendError 1, "The """ & sResourceType & """ resource type isn't allowed" + SendError 1, "Invalid type specified" end if ' File Upload doesn't have to Return XML, so it must be intercepted before anything. Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/io.asp =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/io.asp 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/io.asp 2009-07-13 08:46:19 UTC (rev 922) @@ -175,6 +175,8 @@ function GetCurrentFolder() dim sCurrentFolder + dim oRegex + sCurrentFolder = Request.QueryString("CurrentFolder") If ( sCurrentFolder = "" ) Then sCurrentFolder = "/" @@ -187,6 +189,14 @@ SendError 102, "" End If + Set oRegex = New RegExp + oRegex.Global = True + oRegex.Pattern = "(/\.)|(//)|([\\:\*\?\""\<\>\|]|[\u0000-\u001F]|\u007F)" + + if (oRegex.Test(sCurrentFolder)) Then + SendError 102, "" + End If + GetCurrentFolder = sCurrentFolder end function Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/upload.asp =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/upload.asp 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/upload.asp 2009-07-13 08:46:19 UTC (rev 922) @@ -48,7 +48,7 @@ sResourceType = Request.QueryString("Type") If ( sResourceType = "" ) Then sResourceType = "File" - sCurrentFolder = GetCurrentFolder() + sCurrentFolder = "/" ' Is Upload enabled? if ( Not IsAllowedCommand( sCommand ) ) then Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_connector.cfm =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_connector.cfm 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_connector.cfm 2009-07-13 08:46:19 UTC (rev 922) @@ -102,8 +102,33 @@ rootPath = left( serverPath, Len(serverPath) - Len(userFilesPath) ) ; xmlContent = ""; // append to this string to build content + invalidName = false; </cfscript> + +<cfif not config.enabled> + + <cfset xmlContent = "<Error number=""1"" text=""This connector is disabled. Please check the 'editor/filemanager/connectors/cfm/config.cfm' file"" />"> + +<cfelseif find("..",url.currentFolder) or find("\",url.currentFolder) or REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', url.currentFolder)> + + <cfset invalidName = true> + <cfset xmlContent = "<Error number=""102"" />"> + +<cfelseif isDefined("Config.ConfigAllowedCommands") and not ListFind(Config.ConfigAllowedCommands, url.command)> + + <cfset invalidName = true> + <cfset xmlContent = '<Error number="1" text="The "' & HTMLEditFormat(url.command) & '" command isn''t allowed" />'> + +<cfelseif isDefined("Config.ConfigAllowedTypes") and not ListFind(Config.ConfigAllowedTypes, url.type)> + + <cfset invalidName = true> + <cfset xmlContent = '<Error number="1" text="Invalid type specified" />'> + +</cfif> + +<cfset resourceTypeUrl = ""> +<cfif not len(xmlContent)> <cfset resourceTypeUrl = rereplace( replace( Config.FileTypesPath[url.type], fs, "/", "all"), "/$", "") > <cfif isDefined( "Config.FileTypesAbsolutePath" ) @@ -125,26 +150,9 @@ <!--- get rid of double directory separators ---> <cfset userFilesServerPath = replace( userFilesServerPath, fs & fs, fs, "all") > -<cfif not config.enabled> - - <cfset xmlContent = "<Error number=""1"" text=""This connector is disabled. Please check the 'editor/filemanager/connectors/cfm/config.cfm' file"" />"> - -<cfelseif find("..",url.currentFolder) or find("\",url.currentFolder)> - - <cfset xmlContent = "<Error number=""102"" />"> - -<cfelseif isDefined("Config.ConfigAllowedCommands") and not ListFind(Config.ConfigAllowedCommands, url.command)> - - <cfset xmlContent = '<Error number="1" text="The "' & url.command & '" command isn''t allowed" />'> - -<cfelseif isDefined("Config.ConfigAllowedTypes") and not ListFind(Config.ConfigAllowedTypes, url.type)> - - <cfset xmlContent = '<Error number="1" text="The "' & url.type & '" type isn''t allowed" />'> - +<cfset resourceTypeDirectory = left( userFilesServerPath, Len(userFilesServerPath) - Len(url.currentFolder) )> </cfif> -<cfset resourceTypeDirectory = left( userFilesServerPath, Len(userFilesServerPath) - Len(url.currentFolder) )> - <cfif not len(xmlContent) and not directoryexists(resourceTypeDirectory)> <!--- create directories in physical path if they don't already exist ---> <cfset currentPath = ""> @@ -263,6 +271,7 @@ newFolderName = reReplace(newFolderName, "_{2,}", "_", "all"); newFolderName = reReplace(newFolderName, "([^_]+)_+$", "\1", "all"); newFolderName = reReplace(newFolderName, "$_([^_]+)$", "\1", "all"); + newFolderName = reReplace(newFolderName, '\.+', "_", "all" ); } </cfscript> @@ -271,7 +280,7 @@ <cfelseif directoryExists(currentFolderPath & newFolderName)> <cfset errorNumber = 101> <cfelseif reFind("^\.\.",newFolderName)> - <cfset errorNumber = 103> + <cfset errorNumber = 102> <cfelse> <cfset errorNumber = 0> @@ -303,8 +312,14 @@ </cfif> <cfscript> - xmlHeader = '<?xml version="1.0" encoding="utf-8" ?><Connector command="#url.command#" resourceType="#url.type#">'; - xmlHeader = xmlHeader & '<CurrentFolder path="#url.currentFolder#" url="#resourceTypeUrl##url.currentFolder#" />'; + xmlHeader = '<?xml version="1.0" encoding="utf-8" ?>'; + if (invalidName) { + xmlHeader = xmlHeader & '<Connector>'; + } + else { + xmlHeader = xmlHeader & '<Connector command="#url.command#" resourceType="#url.type#">'; + xmlHeader = xmlHeader & '<CurrentFolder path="#url.currentFolder#" url="#resourceTypeUrl##url.currentFolder#" />'; + } xmlFooter = '</Connector>'; </cfscript> Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_upload.cfm =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_upload.cfm 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_upload.cfm 2009-07-13 08:46:19 UTC (rev 922) @@ -39,6 +39,10 @@ <cfparam name="url.type" default="File"> <cfparam name="url.currentFolder" default="/"> +<cfif url.command eq "QuickUpload"> + <cfset url.currentFolder = "/"> +</cfif> + <cfif not isDefined("config_included")> <cfinclude template="config.cfm"> </cfif> @@ -75,6 +79,12 @@ <cfabort> </cfif> +<cfif REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', url.currentFolder)> + <cfset SendUploadResults(102)> + <cfabort> +</cfif> + + <cfscript> userFilesPath = config.userFilesPath; @@ -138,7 +148,7 @@ </cfcatch> </cftry> </cfif> -<cfelse> +<cfelseif url.command eq "FileUpload"> <cfset resourceTypeUrl = rereplace( replace( Config.FileTypesPath[url.type], fs, "/", "all"), "/$", "") > <cfif isDefined( "Config.FileTypesAbsolutePath" ) and structkeyexists( Config.FileTypesAbsolutePath, url.type ) @@ -286,7 +296,7 @@ <cfif errorNumber EQ 0> <!--- file was uploaded succesfully ---> - <cfset SendUploadResults(errorNumber, '#resourceTypeUrl##url.currentFolder##fileName#.#fileExt#', "", "")> + <cfset SendUploadResults(errorNumber, '#resourceTypeUrl##url.currentFolder##fileName#.#fileExt#', replace( fileName & "." & fileExt, "'", "\'", "ALL"), "")> <cfabort> <cfelseif errorNumber EQ 201> <!--- file was changed (201), submit the new filename ---> Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_basexml.cfm =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_basexml.cfm 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_basexml.cfm 2009-07-13 08:46:19 UTC (rev 922) @@ -64,5 +64,9 @@ <cffunction name="SendErrorNode" returntype="void" output="true"> <cfargument name="number" required="true" type="Numeric"> <cfargument name="text" required="true"> - <cfoutput><Error number="#ARGUMENTS.number#" text="#htmleditformat(ARGUMENTS.text)#" /></cfoutput> + <cfif Len(ARGUMENTS.text)> + <cfoutput><Error number="#ARGUMENTS.number#" text="#htmleditformat(ARGUMENTS.text)#" /></cfoutput> + <cfelse> + <cfoutput><Error number="#ARGUMENTS.number#" /></cfoutput> + </cfif> </cffunction> Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_commands.cfm =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_commands.cfm 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_commands.cfm 2009-07-13 08:46:19 UTC (rev 922) @@ -35,7 +35,7 @@ <cfset var sTempDir = ""> <cfset var sTempFilePath = ""> <cfset var errorNumber = 0> - <cfset var customMsg = 0> + <cfset var customMsg = ""> <cfset var counter = 0> <cfset var destination = ""> @@ -226,5 +226,5 @@ </cftry> </cfif> - <cfoutput><Error number="#errorNumber#" originalDescription="#HTMLEditFormat(sErrorMsg)#" /></cfoutput> + <cfoutput><Error number="#errorNumber#" /></cfoutput> </cffunction> Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_io.cfm =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_io.cfm 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_io.cfm 2009-07-13 08:46:19 UTC (rev 922) @@ -193,8 +193,12 @@ <!--- Ensure the folder path has no double-slashes, or mkdir may fail on certain platforms ---> <cfset sCurrentFolder = rereplace( sCurrentFolder, "//+", "/", "all" )> - <cfif find( "..", sCurrentFolder) or find( "\", sCurrentFolder) > - <cfset SendError( 102, "" )> + <cfif find( "..", sCurrentFolder) or find( "\", sCurrentFolder) or REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', sCurrentFolder)> + <cfif URL.Command eq "FileUpload" or URL.Command eq "QuickUpload"> + <cfset SendUploadResults( 102, "", "", "") > + <cfelse> + <cfset SendError( 102, "" )> + </cfif> </cfif> <cfreturn sCurrentFolder> @@ -265,6 +269,10 @@ <cfargument name="fileName" required="false" type="String" default=""> <cfargument name="customMsg" required="false" type="String" default=""> + <cfif errorNumber and errorNumber neq 201> + <cfset fileUrl = ""> + <cfset fileName = ""> + </cfif> <!--- Minified version of the document.domain automatic fix script (#1919). The original script can be found at _dev/domain_fix_template.js ---> <cfoutput> Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_upload.cfm =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_upload.cfm 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_upload.cfm 2009-07-13 08:46:19 UTC (rev 922) @@ -24,7 +24,6 @@ ---> <cfparam name="url.type" default="File"> -<cfparam name="url.currentFolder" default="/"> <!--- note: no serverPath url parameter - see config.cfm if you need to set the serverPath manually ---> @@ -36,7 +35,7 @@ <cffunction name="SendError" returntype="void" output="true"> <cfargument name="number" required="true" type="Numeric"> <cfargument name="text" required="true"> - <cfreturn SendUploadResults( "#ARGUMENTS.number#", "", "", "ARGUMENTS.text" )> + <cfreturn SendUploadResults( "#ARGUMENTS.number#", "", "", "#ARGUMENTS.text#" )> </cffunction> <cfset REQUEST.Config = Config> @@ -57,7 +56,7 @@ <cfset sType = URL.Type> </cfif> -<cfset sCurrentFolder = GetCurrentFolder()> +<cfset sCurrentFolder = "/"> <!--- Is enabled the upload? ---> <cfif not IsAllowedCommand( sCommand )> Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/config.cfm =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/config.cfm 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/config.cfm 2009-07-13 08:46:19 UTC (rev 922) @@ -28,7 +28,6 @@ // SECURITY: You must explicitly enable this "connector". (Set enabled to "true") Config.Enabled = false ; - // Path to uploaded files relative to the document root. Config.UserFilesPath = "/userfiles/" ; Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/connector.lasso =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/connector.lasso 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/connector.lasso 2009-07-13 08:46:19 UTC (rev 922) @@ -38,8 +38,8 @@ Convert query string parameters to variables and initialize output. */ var( - 'Command' = action_param('Command'), - 'Type' = action_param('Type'), + 'Command' = (Encode_HTML: action_param('Command')), + 'Type' = (Encode_HTML: action_param('Type')), 'CurrentFolder' = action_param('CurrentFolder'), 'ServerPath' = action_param('ServerPath'), 'NewFolderName' = action_param('NewFolderName'), @@ -70,45 +70,16 @@ ); $__html_reply__ = '\ <script type="text/javascript"> -(function() -{ - var d = document.domain ; - - while ( true ) - { - // Test if we can access a parent property. - try - { - var test = window.top.opener.document.domain ; - break ; - } - catch( e ) {} - - // Remove a domain part: www.mytest.example.com => mytest.example.com => example.com ... - d = d.replace( /.*?(?:\\.|$)/, "" ) ; - - if ( d.length == 0 ) - break ; // It was not able to detect the domain. - - try - { - document.domain = d ; - } - catch (e) - { - break ; - } - } -})() ; +(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\\.|$)/,\'\');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})(); '; if($uploadResult == '0' || $uploadResult == '201'); $__html_reply__ = $__html_reply__ + '\ - window.parent.OnUploadCompleted(' + $uploadResult + ',\'' + $NewFilePath + '\',\'' + $NewFilePath->split('/')->last + '\'); + window.parent.OnUploadCompleted(' + $uploadResult + ',"' + $NewFilePath + '","' + $NewFilePath->split('/')->last + '"); </script> '; else; $__html_reply__ = $__html_reply__ + '\ - window.parent.OnUploadCompleted(' + $uploadResult + '); + window.parent.OnUploadCompleted(' + $uploadResult + ',"",""); </script> '; /if; @@ -125,9 +96,22 @@ + $CurrentFolder ); - if($CurrentFolder->(Find: '..') || $CurrentFolder->(Find: '\\')); + $currentFolderURL = string_replace($currentFolderURL, -find='//', -replace='/'); + + if (!$config->find('Subdirectories')->find(action_param('Type'))); if($Command == 'FileUpload'); $responseType = 'html'; + $uploadResult = '1'; + fck_htmlreply( + -uploadResult=$uploadResult + ); + else; + $errorNumber = 1; + $commandData += '<Error number="' + $errorNumber + '" text="Invalid type specified" />\n'; + /if; + else if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\*\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]')); + if($Command == 'FileUpload'); + $responseType = 'html'; $uploadResult = '102'; fck_htmlreply( -uploadResult=$uploadResult @@ -142,7 +126,8 @@ Build the appropriate response per the 'Command' parameter. Wrap the entire process in an inline for file tag permissions. */ - inline($connection); + if($config->find('Enabled')); + inline($connection); select($Command); /*............................................................. List all subdirectories in the 'Current Folder' directory. @@ -166,7 +151,13 @@ if(#this->endswith('/')); $folders += '\t\t<Folder name="' + #this->removetrailing('/')& + '" />\n'; else; - local('size') = file_getsize($currentFolderURL + #this) / 1024; + local('size') = file_getsize($currentFolderURL + #this); + if($size>0); + $size = $size/1024; + if ($size==0); + $size = 1; + /if; + /if; $files += '\t\t<File name="' + #this + '" size="' + #size + '" />\n'; /if; /iterate; @@ -181,7 +172,7 @@ Create a directory 'NewFolderName' within the 'Current Folder.' */ case('CreateFolder'); - $NewFolderName = (String_ReplaceRegExp: $NewFolderName, -find='\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>', -replace='_'); + $NewFolderName = (String_ReplaceRegExp: $NewFolderName, -find='\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_'); var('newFolder' = $currentFolderURL + $NewFolderName + '/'); file_create($newFolder); @@ -233,19 +224,24 @@ files. (Test.txt, Test(1).txt, Test(2).txt, etc.) */ $NewFileName = $NewFile->find('OrigName'); - $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>', -replace='_'); + $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_'); + $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\.(?![^.]*$)', -replace='_'); $OrigFilePath = $currentFolderURL + $NewFileName; $NewFilePath = $OrigFilePath; local('fileExtension') = '.' + $NewFile->find('OrigExtension'); - #fileExtension = (String_ReplaceRegExp: #fileExtension, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>', -replace='_'); + #fileExtension = (String_ReplaceRegExp: #fileExtension, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_'); local('shortFileName') = $NewFileName->removetrailing(#fileExtension)&; /*..................................................... Make sure the file extension is allowed. */ - if($config->find('DeniedExtensions')->find($Type) >> $NewFile->find('OrigExtension')); + local('allowedExt') = $config->find('AllowedExtensions')->find($Type); + local('deniedExt') = $config->find('DeniedExtensions')->find($Type); + if($allowedExt->Size > 0 && $allowedExt !>> $NewFile->find('OrigExtension')); $uploadResult = '202'; + else($deniedExt->Size > 0 && $deniedExt >> $NewFile->find('OrigExtension')); + $uploadResult = '202'; else; /*................................................. Rename the target path until it is unique. @@ -277,8 +273,15 @@ -uploadResult=$uploadResult, -NewFilePath=$NewFilePath ); + case; + $errorNumber = 1; + $commandData += '<Error number="' + $errorNumber + '" text="Command isn\'t allowed" />\n'; /select; - /inline; + /inline; + else; + $errorNumber = 1; + $commandData += '<Error number="' + $errorNumber + '" text="This file uploader is disabled. Please check the editor/filemanager/upload/lasso/config.lasso file." />\n'; + /if; /if; /*..................................................................... @@ -309,13 +312,18 @@ Wrap the response as XML and output. */ $__html_reply__ = '\ -<?xml version="1.0" encoding="utf-8" ?> -<Connector command="' + $Command + '" resourceType="' + $Type + '">'; +<?xml version="1.0" encoding="utf-8" ?>'; if($errorNumber != '102'); - $__html_reply__ += '<CurrentFolder path="' + $CurrentFolder + '" url="' + $currentFolderURL + '" />'; + $__html_reply__ += '<Connector command="' + (Encode_HTML: $Command) + '" resourceType="' + (Encode_HTML: $Type) + '">'; + else; + $__html_reply__ += '<Connector>'; /if; + if($errorNumber != '102'); + $__html_reply__ += '<CurrentFolder path="' + (Encode_HTML: $CurrentFolder) + '" url="' + (Encode_HTML: $currentFolderURL) + '" />'; + /if; + $__html_reply__ += $commandData + ' </Connector>'; /if; Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/upload.lasso =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/upload.lasso 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/upload.lasso 2009-07-13 08:46:19 UTC (rev 922) @@ -32,8 +32,8 @@ Convert query string parameters to variables and initialize output. */ var( - 'Type' = action_param('Type'), - 'CurrentFolder' = action_param('CurrentFolder'), + 'Type' = (Encode_HTML: action_param('Type')), + 'CurrentFolder' = "/", 'ServerPath' = action_param('ServerPath'), 'NewFile' = null, 'NewFileName' = string, @@ -53,9 +53,11 @@ var('currentFolderURL' = $ServerPath + $config->find('Subdirectories')->find(action_param('Type')) - + action_param('CurrentFolder') + + $CurrentFolder ); + $currentFolderURL = string_replace($currentFolderURL, -find='//', -replace='/'); + /*..................................................................... Custom tag sets the HTML response. */ @@ -84,14 +86,14 @@ $__html_reply__ = $__html_reply__ + '\ window.parent.OnUploadCompleted(' + #errorNumber + ',"' - + string_replace(#fileUrl, -find='"', -replace='\\"') + '","' - + string_replace(#fileName, -find='"', -replace='\\"') + '","' - + string_replace(#customMsg, -find='"', -replace='\\"') + '"); + + string_replace((Encode_HTML: #fileUrl), -find='"', -replace='\\"') + '","' + + string_replace((Encode_HTML: #fileUrl->split('/')->last), -find='"', -replace='\\"') + '","' + + string_replace((Encode_HTML: #customMsg), -find='"', -replace='\\"') + '"); </script> '; /define_tag; - if($CurrentFolder->(Find: '..') || $CurrentFolder->(Find: '\\')); + if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\*\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]')); $errorNumber = 102; /if; @@ -114,6 +116,8 @@ files. (Test.txt, Test(1).txt, Test(2).txt, etc.) */ $NewFileName = $NewFile->find('OrigName'); + $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_'); + $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\.(?![^.]*$)', -replace='_'); $OrigFilePath = $currentFolderURL + $NewFileName; $NewFilePath = $OrigFilePath; local('fileExtension') = '.' + $NewFile->find('OrigExtension'); @@ -124,8 +128,12 @@ Make sure the file extension is allowed. */ - if($config->find('DeniedExtensions')->find($Type) >> $NewFile->find('OrigExtension')); + local('allowedExt') = $config->find('AllowedExtensions')->find($Type); + local('deniedExt') = $config->find('DeniedExtensions')->find($Type); + if($allowedExt->Size > 0 && $allowedExt !>> $NewFile->find('OrigExtension')); $errorNumber = 202; + else($deniedExt->Size > 0 && $deniedExt >> $NewFile->find('OrigExtension')); + $errorNumber = 202; else; /*..................................................... Rename the target path until it is unique. @@ -153,6 +161,9 @@ /select; /if; /if; + if ($errorNumber != 0 && $errorNumber != 201); + $NewFilePath = ""; + /if; /inline; else; $errorNumber = 1; @@ -162,7 +173,6 @@ fck_sendresults( -errorNumber=$errorNumber, -fileUrl=$NewFilePath, - -fileName=$NewFileName, -customMsg=$customMsg ); ] Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/basexml.pl =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/basexml.pl 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/basexml.pl 2009-07-13 08:46:19 UTC (rev 922) @@ -1,63 +1,68 @@ -##### -# FCKeditor - The text editor for Internet - http://www.fckeditor.net -# Copyright (C) 2003-2009 Frederico Caldeira Knabben -# -# == BEGIN LICENSE == -# -# Licensed under the terms of any of the following licenses at your -# choice: -# -# - GNU General Public License Version 2 or later (the "GPL") -# http://www.gnu.org/licenses/gpl.html -# -# - GNU Lesser General Public License Version 2.1 or later (the "LGPL") -# http://www.gnu.org/licenses/lgpl.html -# -# - Mozilla Public License Version 1.1 or later (the "MPL") -# http://www.mozilla.org/MPL/MPL-1.1.html -# -# == END LICENSE == -# -# This is the File Manager Connector for Perl. -##### - -sub CreateXmlHeader -{ - local($command,$resourceType,$currentFolder) = @_; - - # Create the XML document header. - print '<?xml version="1.0" encoding="utf-8" ?>'; - - # Create the main "Connector" node. - print '<Connector command="' . $command . '" resourceType="' . $resourceType . '">'; - - # Add the current folder node. - print '<CurrentFolder path="' . ConvertToXmlAttribute($currentFolder) . '" url="' . ConvertToXmlAttribute(GetUrlFromPath($resourceType,$currentFolder)) . '" />'; -} - -sub CreateXmlFooter -{ - print '</Connector>'; -} - -sub SendError -{ - local( $number, $text ) = @_; - - print << "_HTML_HEAD_"; -Content-Type:text/xml; charset=utf-8 -Pragma: no-cache -Cache-Control: no-cache -Expires: Thu, 01 Dec 1994 16:00:00 GMT - -_HTML_HEAD_ - - # Create the XML document header - print '<?xml version="1.0" encoding="utf-8" ?>' ; - - print '<Connector><Error number="' . $number . '" text="' . &specialchar_cnv( $text ) . '" /></Connector>' ; - - exit ; -} - -1; +##### +# FCKeditor - The text editor for Internet - http://www.fckeditor.net +# Copyright (C) 2003-2009 Frederico Caldeira Knabben +# +# == BEGIN LICENSE == +# +# Licensed under the terms of any of the following licenses at your +# choice: +# +# - GNU General Public License Version 2 or later (the "GPL") +# http://www.gnu.org/licenses/gpl.html +# +# - GNU Lesser General Public License Version 2.1 or later (the "LGPL") +# http://www.gnu.org/licenses/lgpl.html +# +# - Mozilla Public License Version 1.1 or later (the "MPL") +# http://www.mozilla.org/MPL/MPL-1.1.html +# +# == END LICENSE == +# +# This is the File Manager Connector for Perl. +##### + +sub CreateXmlHeader +{ + local($command,$resourceType,$currentFolder) = @_; + + # Create the XML document header. + print '<?xml version="1.0" encoding="utf-8" ?>'; + + # Create the main "Connector" node. + print '<Connector command="' . $command . '" resourceType="' . $resourceType . '">'; + + # Add the current folder node. + print '<CurrentFolder path="' . ConvertToXmlAttribute($currentFolder) . '" url="' . ConvertToXmlAttribute(GetUrlFromPath($resourceType,$currentFolder)) . '" />'; +} + +sub CreateXmlFooter +{ + print '</Connector>'; +} + +sub SendError +{ + local( $number, $text ) = @_; + + print << "_HTML_HEAD_"; +Content-Type:text/xml; charset=utf-8 +Pragma: no-cache +Cache-Control: no-cache +Expires: Thu, 01 Dec 1994 16:00:00 GMT + +_HTML_HEAD_ + + # Create the XML document header + print '<?xml version="1.0" encoding="utf-8" ?>' ; + + if ($text) { + print '<Connector><Error number="' . $number . '" text="' . &specialchar_cnv( $text ) . '" /></Connector>' ; + } + else { + print '<Connector><Error number="' . $number . '" /></Connector>' ; + } + + exit ; +} + +1; Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/commands.pl =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/commands.pl 2009-06-19 09:05:29 UTC (rev 921) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/commands.pl 2009-07-13 08:46:19 UTC (rev 922) @@ -1,187 +1,200 @@ -##### -# FCKeditor - The text editor for Internet - http://www.fckeditor.net -# Copyright (C) 2003-2009 Frederico Caldeira Knabben -# -# == BEGIN LICENSE == -# -# Licensed under the terms of any of the following licenses at your -# choice: -# -# - GNU General Public License Version 2 or later (the "GPL") -# http://www.gnu.org/licenses/gpl.html -# -# - GNU Lesser General Public License Version 2.1 or later (the "LGPL") -# http://www.gnu.org/licenses/lgpl.html -# -# - Mozilla Public License Version 1.1 or later (the "MPL") -# http://www.mozilla.org/MPL/MPL-1.1.html -# -# == END LICENSE == -# -# This is the File Manager Connector for Perl. -##### - -sub GetFolders -{ - - local($resourceType, $currentFolder) = @_; - - # Map the virtual path to the local server path. - $sServerDir = &ServerMapFolder($resourceType, $currentFolder); - print "<Folders>"; # Open the "Folders" node. - - opendir(DIR,"$sServerDir"); - @files = grep(!/^\.\.?$/,readdir(DIR)); - closedir(DIR); - - foreach $sFile (@files) { - if($sFile != '.' && $sFile != '..' && (-d "$sServerDir$sFile")) { - $cnv_filename = &ConvertToXmlAttribute($sFile); - print '<Folder name="' . $cnv_filename . '" />'; - } - } - print "</Folders>"; # Close the "Folders" node. -} - -sub GetFoldersAndFiles -{ - - local($resourceType, $currentFolder) = @_; - # Map the virtual path to the local server path. - $sServerDir = &ServerMapFolder($resourceType,$currentFolder); - - # Initialize the output buffers for "Folders" and "Files". - $sFolders = '<Folders>'; - $sFiles = '<Files>'; - - opendir(DIR,"$sServerDir"); - @files = grep(!/^\.\.?$/,readdir(DIR)); - closedir(DIR); - - foreach $sFile (@files) { - if($sFile ne '.' && $sFile ne '..') { - if(-d "$sServerDir$sFile") { - $cnv_filename = &ConvertToXmlAttribute($sFile); - $sFolders .= '<Folder name="' . $cnv_filename . '" />' ; - } else { - ($iFileSize,$refdate,$filedate,$fileperm) = (stat("$sServerDir$sFile"))[7,8,9,2]; - if($iFileSize > 0) { - $iFileSize = int($iFileSize / 1024); - if($iFileSize < 1) { - $iFileSize = 1; - } - } - $cnv_filename = &ConvertToXmlAttribute($sFile); - $sFiles .= '<File name="' . $cnv_filename . '" size="' . $iFileSize . '" />' ; - } - } - } - print $sFolders ; - print '</Folders>'; # Close the "Folders" node. - print $sFiles ; - print '</Files>'; # Close the "Files" node. -} - -sub CreateFolder -{ - - local($resourceType, $currentFolder) = @_; - $sErrorNumber = '0' ; - $sErrorMsg = '' ; - - if($FORM{'NewFolderName'} ne "") { - $sNewFolderName = $FORM{'NewFolderName'}; - $sNewFolderName =~ s/\.|\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g; - # Map the virtual path to the local server path of the current folder. - $sServerDir = &ServerMapFolder($resourceType, $currentFolder); - if(-w $sServerDir) { - $sServerDir .= $sNewFolderName; - $sErrorMsg = &CreateServerFolder($sServerDir); - if($sErrorMsg == 0) { - $sErrorNumber = '0'; - } elsif($sErrorMsg eq 'Invalid argument' || $sErrorMsg eq 'No such file or directory') { - $sErrorNumber = '102'; #// Path too long. - } else { - $sErrorNumber = '110'; - } - } else { - $sErrorNumber = '103'; - } - } else { - $sErrorNumber = '102' ; - } - # Create the "Error" node. - $cnv_errmsg = &ConvertToXmlAttribute($sErrorMsg); - print '<Error number="' . $sErrorNumber . '" originalDescription="' . $cnv_errmsg . '" />'; -} - -sub FileUpload -{ -eval("use File::Copy;"); - - local($resourceType, $currentFolder) = @_; - - $sErrorNumber = '0' ; - $sFileName = '' ; - if($new_fname) { - # Map the virtual path to the local server path. - $sServerDir = &ServerMapFolder($resourceType,$currentFolder); - - # Get the uploaded file name. - $sFileName = $new_fname; - $sFileName =~ s/\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g; - $sOriginalFileName = $sFileName; - - $iCounter = 0; - while(1) { - $sFilePath = $sServerDir . $sFileName; - if(-e $sFilePath) { - $iCounter++ ; - ($path,$BaseName,$ext) = &RemoveExtension($sOriginalFileName); - $sFileName = $BaseName . '(' . $iCounter . ').' . $ext; - $sErrorNumber = '201'; - } else { - copy("$img_dir/$new_fname","$sFilePath"); - if (defined $CHMOD_ON_UPLOAD) { - if ($CHMOD_ON_UPLOAD) { - umask(000); - chmod($CHMOD_ON_UPLOAD,$sFilePath); - } - } - else { - umask(000); - chmod(0777,$sFilePath); - } - unlink("$img_dir/$new_fname"); - last; - } - } - } else { - $sErrorNumber = '202' ; - } - $sFileName =~ s/"/\\"/g; - - SendUploadResults($sErrorNumber, $resourceType.$currentFolder.$sFileName, $sFileName, ''); -} - -sub SendUploadResults -{ - - local($sErrorNumber, $sFileUrl, $sFileName, $customMsg) = @_; - - # Minified version of the document.domain automatic fix script (#1919). - # The original script can be found at _dev/domain_fix_template.js - # Note: in Perl replace \ with \\ and $ with \$ - print <<EOF; -Content-type: text/html - -<script type="text/javascript"> -(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\\.|\$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})(); - -EOF - print 'window.parent.OnUploadCompleted(' . $sErrorNumber . ',"' . JS_cnv($sFileUrl) . '","' . JS_cnv($sFileName) . '","' . JS_cnv($customMsg) . '") ;'; - print '</script>'; - exit ; -} - -1; +##### +# FCKeditor - The text editor for Internet - http://www.fckeditor.net +# Copyright (C) 2003-2009 Frederico Caldeira Knabben +# +# == BEGIN LICENSE == +# +# Licensed under the terms of any of the following licenses at your +# choice: +# +# - GNU General Public License Version 2 or later (the "GPL") +# http://www.gnu.org/licenses/gpl.html +# +# - GNU Lesser General Public License Version 2.1 or later (the "LGPL") +# http://www.gnu.org/licenses/lgpl.html +# +# - Mozilla Public License Version 1.1 or later (the "MPL") +# http://www.mozilla.org/MPL/MPL-1.1.html +# +# == END LICENSE == +# +# This is the File Manager Connector for Perl. +##### + +sub GetFolders +{ + + local($resourceType, $currentFolder) = @_; + + # Map the virtual path to the local server path. + $sServerDir = &ServerMapFolder($resourceType, $currentFolder); + print "<Folders>"; # Open the "Folders" node. + + opendir(DIR,"$sServerDir"); + @files = grep(!/^\.\.?$/,readdir(DIR)); + closedir(DIR); + + foreach $sFile (@files) { + if($sFile != '.' && $sFile != '..' && (-d "$sServerDir$sFile")) { + $cnv_filename = &ConvertToXmlAttribute($sFile); + print '<Folder name="' . $cnv_filename . '" />'; + } + } + print "</Folders>"; # Close the "Folders" node. +} + +sub GetFoldersAndFiles +{ + + local($resourceType, $currentFolder) = @_; + # Map the virtual path to the local server path. + $sServerDir = &ServerMapFolder($resourceType,$currentFolder); + + # Initialize the output buffers for "Folders" and "Files". + $sFolders = '<Folders>'; + $sFiles = '<Files>'; + + opendir(DIR,"$sServerDir"); + @files = grep(!/^\.\.?$/,readdir(DIR)); + closedir(DIR); + + foreach $sFile (@files) { + if($sFile ne '.' && $sFile ne '..') { + if(-d "$sServerDir$sFile") { + $cnv_filename = &ConvertToXmlAttribute($sFile); + $sFolders .= '<Folder name="' . $cnv_filename . '" />' ; + } else { + ($iFileSize,$refdate,$filedate,$fileperm) = (stat("$sServerDir$sFile"))[7,8,9,2]; + if($iFileSize > 0) { + $iFileSize = int($iFileSize / 1024); + if($iFileSize < 1) { + $iFileSize = 1; + } + } + $cnv_filename = &ConvertToXmlAttribute($sFile); + $sFiles .= '<File name="' . $cnv_filename . '" size="' . $iFileSize . '" />' ; + } + } + } + print $sFolders ; + print '</Folders>'; # Close the "Folders" node. + print $sFiles ; + print '</Files>'; # Close the "Files" node. +} + +sub CreateFolder +{ + + local($resourceType, $currentFolder) = @_; + $sErrorNumber = '0' ; + $sErrorMsg = '' ; + + if($FORM{'NewFolderName'} ne "") { + $sNewFolderName = $FORM{'NewFolderName'}; + $sNewFolderName =~ s/\.|\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g; + # Map the virtual path to the local server path of the current folder. + $sServerDir = &ServerMapFolder($resourceType, $currentFolder); + if(-w $sServerDir) { + $sServerDir .= $sNewFolderName; + $sErrorMsg = &CreateServerFolder($sServerDir); + if($sErrorMsg == 0) { + $sErrorNumber = '0'; + } elsif($sErrorMsg eq 'Invalid argument' || $sErrorMsg eq 'No such file or directory') { + $sErrorNumber = '102'; #// Path too long. + } else { + $sErrorNumber = '110'; + } + } else { + $sErrorNumber = '103'; + } + } else { + $sErrorNumber = '102' ; + } + # Create the "Error" node. + $cnv_errmsg = &ConvertToXmlAttribute($sErrorMsg); + print '<Error number="' . $sErrorNumber . '" />'; +} + +sub FileUpload +{ +eval("use File::Copy;"); + + local($resourceType, $currentFolder) = @_; + $allowedExtensions = $allowedExtensions{$resourceType}; + + $sErrorNumber = '0' ; + $sFileName = '' ; + if($new_fname) { + # Map the virtual path to the local server path. + $sServerDir = &ServerMapFolder($resourceType,$currentFolder); + + # Get the uploaded file name. + $sFileName = $new_fname; + $sFileName =~ s/\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g; + $sFileName =~ s/\.(?![^.]*$)/_/g; + + $ext = ''; + if($sFileName =~ /([^\\\/]*)\.(.*)$/) { + $ext = $2; + } + + $allowedRegex = qr/^($allowedExtensions)$/i; + if (!($ext =~ $allowedRegex)) { + SendUploadResults('202', '', '', ''); + } + + $sOriginalFileName = $sFileName; + + $iCounter = 0; + while(1) { + $sFilePath = $sServerDir . $sFileName; + if(-e $sFilePath) { + $iCounter++ ; + ($path,$BaseName,$ext) = &RemoveExtension($sOriginalFileName); + $sFileName = $BaseName . '(' . $iCounter . ').' . $ext; + $sErrorNumber = '201'; + } else { + copy("$img_dir/$new_fname","$sFilePath"); + if (defined $CHMOD_ON_UPLOAD) { + if ($CHMOD_ON_UPLOAD) { + umask(000); + chmod($CHMOD_ON_UPLOAD,$sFilePath); + } + } + else { + umask(000); + chmod(0777,$sFilePath); + } + unlink("$img_dir/$new_fname"); + last; + } + } + } else { + $sErrorNumber = '202' ; + } + $sFileName =~ s/"/\\"/g; + + SendUploadResults($sErrorNumber, $GLOBALS{'UserFilesPath'}.$resourceType.$currentFolder.$sFileName, $sFileName, ''); +} + +sub SendUploadResults +{ + + local($sErrorNumber, $sFileUrl, $sFileName, $customMsg) = @_; + + # Minified version of the document.domain automatic fix script (#1919). + # The original script can be found at _dev/domain_fix_template.js + # Note: in Perl replace \ with \\ and $ with \$ + print <<EOF; +Content-type: text/html + +<script type="text/javascript"> +(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\\.|\$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})(); + +EOF + print 'window.parent.OnUploadCompleted(' . $sErrorNumber . ',"' . JS_cnv($sFileUrl) . '","' . JS_cnv($sFileName) . '","' . JS_cnv($customMsg) . '") ;'; + print '</script>'; + exit ; +} + +1; Added: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/config.pl =================================================================== --- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/config.pl (rev 0) +++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/config.pl 2009-07-13 08:46:19 UTC (rev 922) @@ -0,0 +1,39 @@ +##### +# FCKeditor - The text editor for Internet - http://www.fckeditor.net +# Copyright (C) 2003-2009 Frederico Caldeira Knabben +# +# == BEGIN LICENSE == +# +# Licensed under the terms of any of the following licenses at your +# choice: +# +# - GNU General Public License Version 2 or later (the "GPL") +# http://www.gnu.org/licenses/gpl.html +# +# - GNU Lesser General Public License Version 2.1 or later (the "LGPL") +# http://www.gnu.org/licenses/lgpl.html +# +# - Mozilla Public License Version 1.1 or later (the "MPL") +# http://www.mozilla.org/MPL/MPL-1.1.html +# +# == END LICENSE == +# +# This is the File Manager Connector for Perl. +##### + +## +# SECURITY: REMOVE/COMMENT THE FOLLOWING LINE TO ENABLE THIS CONNECTOR. +## +&SendError( 1, 'This connector is disabled. Please check the "editor/filemanager/connectors/perl/config.cgi" file' ) ; + +$GLOBALS{'UserFilesPath'} = '/userfiles/'; + +# Map the "UserFiles" path to a local directory. +$rootpath = &GetRootPath(); +$GLOBALS{'UserFilesDirectory'} = $rootpath . $GLOBALS{'UserFilesPath'}; + +%allowedExtensions = ("File", "7z|aiff|asf|avi|bmp|csv|doc|fla|flv|gif|gz|gzip|jpeg|jpg|... [truncated message content] |