Menu
▾
▴
[ZKforge-subversion-log] SF.net SVN: zkforge:[922] trunk/fckez
|
From: <mja...@us...> - 2009-07-13 08:46:24
|
Revision: 922
http://zkforge.svn.sourceforge.net/zkforge/?rev=922&view=rev
Author: mjablonski
Date: 2009-07-13 08:46:19 +0000 (Mon, 13 Jul 2009)
Log Message:
-----------
Updated FCKEditor to 2.6.4.1 (important security update to FCKEditor when connector modules are used)
Modified Paths:
--------------
trunk/fckez/src/archive/META-INF/MANIFEST.MF
trunk/fckez/src/archive/metainfo/zk/lang-addon.xml
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_about.html
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/basexml.asp
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/commands.asp
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/connector.asp
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/io.asp
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/upload.asp
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_connector.cfm
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_upload.cfm
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_basexml.cfm
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_commands.cfm
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_io.cfm
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_upload.cfm
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/config.cfm
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/connector.lasso
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/upload.lasso
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/basexml.pl
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/commands.pl
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/connector.cgi
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/io.pl
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/upload.cgi
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/upload_fck.pl
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/util.pl
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/php/basexml.php
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/php/commands.php
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/php/config.php
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/php/io.php
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/php/upload.php
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/py/connector.py
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/py/fckcommands.py
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/py/fckoutput.py
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/py/fckutil.py
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/py/upload.py
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/js/fckeditorcode_gecko.js
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/js/fckeditorcode_ie.js
trunk/fckez/src/archive/web/js/ext/FCKeditor/fckeditor.js
trunk/fckez/src/org/zkforge/fckez/Version.java
trunk/fckez/version
Added Paths:
-----------
trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/config.pl
Modified: trunk/fckez/src/archive/META-INF/MANIFEST.MF
===================================================================
--- trunk/fckez/src/archive/META-INF/MANIFEST.MF 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/META-INF/MANIFEST.MF 2009-07-13 08:46:19 UTC (rev 922)
@@ -1,8 +1,8 @@
Manifest-Version: 1.0
Specification-Title: FCKeditor Components for ZK
-Specification-Version: 2.6.4_1
+Specification-Version: 2.6.4.1
Specification-Vendor: Potix Corporation
Implementation-Title: org.zkforge.fckez
Implementation-URL: http://www.zkforge.org/fckez
-Implementation-Version: 2.6.4_1
+Implementation-Version: 2.6.4.1
Implementation-Vendor: Potix Corporation
Modified: trunk/fckez/src/archive/metainfo/zk/lang-addon.xml
===================================================================
--- trunk/fckez/src/archive/metainfo/zk/lang-addon.xml 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/metainfo/zk/lang-addon.xml 2009-07-13 08:46:19 UTC (rev 922)
@@ -20,7 +20,7 @@
<version>
<version-class>org.zkforge.fckez.Version</version-class>
- <version-uid>2.6.4_1</version-uid>
+ <version-uid>2.6.4.1</version-uid>
<zk-version>2.4.0</zk-version><!-- or later -->
</version>
@@ -32,7 +32,7 @@
browsers will reload them.
Note: It defines only the version. It doesn't cause ZK to load it.
-->
- <javascript-module name="fckez.fckez" version="2.6.4_1"/>
+ <javascript-module name="fckez.fckez" version="2.6.4.1"/>
<zscript>
import org.zkforge.fckez.*;
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_about.html
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_about.html 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_about.html 2009-07-13 08:46:19 UTC (rev 922)
@@ -78,8 +78,8 @@
border-left: #000000 1px solid; border-bottom: #000000 1px solid">
<span fcklang="DlgAboutVersion">version</span>
<br />
- <b>2.6.4</b><br />
- Build 21629</td>
+ <b>2.6.4.1</b><br />
+ Build 23187</td>
</tr>
</table>
</td>
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl 2009-07-13 08:46:19 UTC (rev 922)
@@ -1,181 +1,181 @@
-#!/usr/bin/perl
-
-use CGI qw/ :standard /;
-use File::Temp qw/ tempfile tempdir /;
-
-# my $spellercss = '/speller/spellerStyle.css'; # by FredCK
-my $spellercss = '../spellerStyle.css'; # by FredCK
-# my $wordWindowSrc = '/speller/wordWindow.js'; # by FredCK
-my $wordWindowSrc = '../wordWindow.js'; # by FredCK
-my @textinputs = param( 'textinputs[]' ); # array
-# my $aspell_cmd = 'aspell'; # by FredCK (for Linux)
-my $aspell_cmd = '"C:\Program Files\Aspell\bin\aspell.exe"'; # by FredCK (for Windows)
-my $lang = 'en_US';
-# my $aspell_opts = "-a --lang=$lang --encoding=utf-8"; # by FredCK
-my $aspell_opts = "-a --lang=$lang --encoding=utf-8 -H --rem-sgml-check=alt"; # by FredCK
-my $input_separator = "A";
-
-# set the 'wordtext' JavaScript variable to the submitted text.
-sub printTextVar {
- for( my $i = 0; $i <= $#textinputs; $i++ ) {
- print "textinputs[$i] = decodeURIComponent('" . escapeQuote( $textinputs[$i] ) . "')\n";
- }
-}
-
-sub printTextIdxDecl {
- my $idx = shift;
- print "words[$idx] = [];\n";
- print "suggs[$idx] = [];\n";
-}
-
-sub printWordsElem {
- my( $textIdx, $wordIdx, $word ) = @_;
- print "words[$textIdx][$wordIdx] = '" . escapeQuote( $word ) . "';\n";
-}
-
-sub printSuggsElem {
- my( $textIdx, $wordIdx, @suggs ) = @_;
- print "suggs[$textIdx][$wordIdx] = [";
- for my $i ( 0..$#suggs ) {
- print "'" . escapeQuote( $suggs[$i] ) . "'";
- if( $i < $#suggs ) {
- print ", ";
- }
- }
- print "];\n";
-}
-
-sub printCheckerResults {
- my $textInputIdx = -1;
- my $wordIdx = 0;
- my $unhandledText;
- # create temp file
- my $dir = tempdir( CLEANUP => 1 );
- my( $fh, $tmpfilename ) = tempfile( DIR => $dir );
-
- # temp file was created properly?
-
- # open temp file, add the submitted text.
- for( my $i = 0; $i <= $#textinputs; $i++ ) {
- $text = url_decode( $textinputs[$i] );
- # Strip all tags for the text. (by FredCK - #339 / #681)
- $text =~ s/<[^>]+>/ /g;
- @lines = split( /\n/, $text );
- print $fh "\%\n"; # exit terse mode
- print $fh "^$input_separator\n";
- print $fh "!\n"; # enter terse mode
- for my $line ( @lines ) {
- # use carat on each line to escape possible aspell commands
- print $fh "^$line\n";
- }
-
- }
- # exec aspell command
- my $cmd = "$aspell_cmd $aspell_opts < $tmpfilename 2>&1";
- open ASPELL, "$cmd |" or handleError( "Could not execute `$cmd`\\n$!" ) and return;
- # parse each line of aspell return
- for my $ret ( <ASPELL> ) {
- chomp( $ret );
- # if '&', then not in dictionary but has suggestions
- # if '#', then not in dictionary and no suggestions
- # if '*', then it is a delimiter between text inputs
- if( $ret =~ /^\*/ ) {
- $textInputIdx++;
- printTextIdxDecl( $textInputIdx );
- $wordIdx = 0;
-
- } elsif( $ret =~ /^(&|#)/ ) {
- my @tokens = split( " ", $ret, 5 );
- printWordsElem( $textInputIdx, $wordIdx, $tokens[1] );
- my @suggs = ();
- if( $tokens[4] ) {
- @suggs = split( ", ", $tokens[4] );
- }
- printSuggsElem( $textInputIdx, $wordIdx, @suggs );
- $wordIdx++;
- } else {
- $unhandledText .= $ret;
- }
- }
- close ASPELL or handleError( "Error executing `$cmd`\\n$unhandledText" ) and return;
-}
-
-sub escapeQuote {
- my $str = shift;
- $str =~ s/'/\\'/g;
- return $str;
-}
-
-sub handleError {
- my $err = shift;
- print "error = '" . escapeQuote( $err ) . "';\n";
-}
-
-sub url_decode {
- local $_ = @_ ? shift : $_;
- defined or return;
- # change + signs to spaces
- tr/+/ /;
- # change hex escapes to the proper characters
- s/%([a-fA-F0-9]{2})/pack "H2", $1/eg;
- return $_;
-}
-
-# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
-# Display HTML
-# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
-
-print <<EOF;
-Content-type: text/html; charset=utf-8
-
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-<link rel="stylesheet" type="text/css" href="$spellercss"/>
-<script src="$wordWindowSrc"></script>
-<script type="text/javascript">
-var suggs = new Array();
-var words = new Array();
-var textinputs = new Array();
-var error;
-EOF
-
-printTextVar();
-
-printCheckerResults();
-
-print <<EOF;
-var wordWindowObj = new wordWindow();
-wordWindowObj.originalSpellings = words;
-wordWindowObj.suggestions = suggs;
-wordWindowObj.textInputs = textinputs;
-
-
-function init_spell() {
- // check if any error occured during server-side processing
- if( error ) {
- alert( error );
- } else {
- // call the init_spell() function in the parent frameset
- if (parent.frames.length) {
- parent.init_spell( wordWindowObj );
- } else {
- error = "This page was loaded outside of a frameset. ";
- error += "It might not display properly";
- alert( error );
- }
- }
-}
-
-</script>
-
-</head>
-<body onLoad="init_spell();">
-
-<script type="text/javascript">
-wordWindowObj.writeBody();
-</script>
-
-</body>
-</html>
-EOF
+#!/usr/bin/perl
+
+use CGI qw/ :standard /;
+use File::Temp qw/ tempfile tempdir /;
+
+# my $spellercss = '/speller/spellerStyle.css'; # by FredCK
+my $spellercss = '../spellerStyle.css'; # by FredCK
+# my $wordWindowSrc = '/speller/wordWindow.js'; # by FredCK
+my $wordWindowSrc = '../wordWindow.js'; # by FredCK
+my @textinputs = param( 'textinputs[]' ); # array
+# my $aspell_cmd = 'aspell'; # by FredCK (for Linux)
+my $aspell_cmd = '"C:\Program Files\Aspell\bin\aspell.exe"'; # by FredCK (for Windows)
+my $lang = 'en_US';
+# my $aspell_opts = "-a --lang=$lang --encoding=utf-8"; # by FredCK
+my $aspell_opts = "-a --lang=$lang --encoding=utf-8 -H --rem-sgml-check=alt"; # by FredCK
+my $input_separator = "A";
+
+# set the 'wordtext' JavaScript variable to the submitted text.
+sub printTextVar {
+ for( my $i = 0; $i <= $#textinputs; $i++ ) {
+ print "textinputs[$i] = decodeURIComponent('" . escapeQuote( $textinputs[$i] ) . "')\n";
+ }
+}
+
+sub printTextIdxDecl {
+ my $idx = shift;
+ print "words[$idx] = [];\n";
+ print "suggs[$idx] = [];\n";
+}
+
+sub printWordsElem {
+ my( $textIdx, $wordIdx, $word ) = @_;
+ print "words[$textIdx][$wordIdx] = '" . escapeQuote( $word ) . "';\n";
+}
+
+sub printSuggsElem {
+ my( $textIdx, $wordIdx, @suggs ) = @_;
+ print "suggs[$textIdx][$wordIdx] = [";
+ for my $i ( 0..$#suggs ) {
+ print "'" . escapeQuote( $suggs[$i] ) . "'";
+ if( $i < $#suggs ) {
+ print ", ";
+ }
+ }
+ print "];\n";
+}
+
+sub printCheckerResults {
+ my $textInputIdx = -1;
+ my $wordIdx = 0;
+ my $unhandledText;
+ # create temp file
+ my $dir = tempdir( CLEANUP => 1 );
+ my( $fh, $tmpfilename ) = tempfile( DIR => $dir );
+
+ # temp file was created properly?
+
+ # open temp file, add the submitted text.
+ for( my $i = 0; $i <= $#textinputs; $i++ ) {
+ $text = url_decode( $textinputs[$i] );
+ # Strip all tags for the text. (by FredCK - #339 / #681)
+ $text =~ s/<[^>]+>/ /g;
+ @lines = split( /\n/, $text );
+ print $fh "\%\n"; # exit terse mode
+ print $fh "^$input_separator\n";
+ print $fh "!\n"; # enter terse mode
+ for my $line ( @lines ) {
+ # use carat on each line to escape possible aspell commands
+ print $fh "^$line\n";
+ }
+
+ }
+ # exec aspell command
+ my $cmd = "$aspell_cmd $aspell_opts < $tmpfilename 2>&1";
+ open ASPELL, "$cmd |" or handleError( "Could not execute `$cmd`\\n$!" ) and return;
+ # parse each line of aspell return
+ for my $ret ( <ASPELL> ) {
+ chomp( $ret );
+ # if '&', then not in dictionary but has suggestions
+ # if '#', then not in dictionary and no suggestions
+ # if '*', then it is a delimiter between text inputs
+ if( $ret =~ /^\*/ ) {
+ $textInputIdx++;
+ printTextIdxDecl( $textInputIdx );
+ $wordIdx = 0;
+
+ } elsif( $ret =~ /^(&|#)/ ) {
+ my @tokens = split( " ", $ret, 5 );
+ printWordsElem( $textInputIdx, $wordIdx, $tokens[1] );
+ my @suggs = ();
+ if( $tokens[4] ) {
+ @suggs = split( ", ", $tokens[4] );
+ }
+ printSuggsElem( $textInputIdx, $wordIdx, @suggs );
+ $wordIdx++;
+ } else {
+ $unhandledText .= $ret;
+ }
+ }
+ close ASPELL or handleError( "Error executing `$cmd`\\n$unhandledText" ) and return;
+}
+
+sub escapeQuote {
+ my $str = shift;
+ $str =~ s/'/\\'/g;
+ return $str;
+}
+
+sub handleError {
+ my $err = shift;
+ print "error = '" . escapeQuote( $err ) . "';\n";
+}
+
+sub url_decode {
+ local $_ = @_ ? shift : $_;
+ defined or return;
+ # change + signs to spaces
+ tr/+/ /;
+ # change hex escapes to the proper characters
+ s/%([a-fA-F0-9]{2})/pack "H2", $1/eg;
+ return $_;
+}
+
+# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
+# Display HTML
+# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
+
+print <<EOF;
+Content-type: text/html; charset=utf-8
+
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel="stylesheet" type="text/css" href="$spellercss"/>
+<script src="$wordWindowSrc"></script>
+<script type="text/javascript">
+var suggs = new Array();
+var words = new Array();
+var textinputs = new Array();
+var error;
+EOF
+
+printTextVar();
+
+printCheckerResults();
+
+print <<EOF;
+var wordWindowObj = new wordWindow();
+wordWindowObj.originalSpellings = words;
+wordWindowObj.suggestions = suggs;
+wordWindowObj.textInputs = textinputs;
+
+
+function init_spell() {
+ // check if any error occured during server-side processing
+ if( error ) {
+ alert( error );
+ } else {
+ // call the init_spell() function in the parent frameset
+ if (parent.frames.length) {
+ parent.init_spell( wordWindowObj );
+ } else {
+ error = "This page was loaded outside of a frameset. ";
+ error += "It might not display properly";
+ alert( error );
+ }
+ }
+}
+
+</script>
+
+</head>
+<body onLoad="init_spell();">
+
+<script type="text/javascript">
+wordWindowObj.writeBody();
+</script>
+
+</body>
+</html>
+EOF
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/basexml.asp
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/basexml.asp 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/basexml.asp 2009-07-13 08:46:19 UTC (rev 922)
@@ -56,7 +56,11 @@
' Create the XML document header.
Response.Write "<?xml version=""1.0"" encoding=""utf-8"" ?>"
+ If text <> "" then
Response.Write "<Connector><Error number=""" & number & """ text=""" & Server.HTMLEncode( text ) & """ /></Connector>"
+ else
+ Response.Write "<Connector><Error number=""" & number & """ /></Connector>"
+ end if
Response.End
End Sub
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/commands.asp
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/commands.asp 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/commands.asp 2009-07-13 08:46:19 UTC (rev 922)
@@ -130,7 +130,7 @@
End If
' Create the "Error" node.
- Response.Write "<Error number=""" & sErrorNumber & """ originalNumber=""" & iErrNumber & """ originalDescription=""" & ConvertToXmlAttribute( sErrDescription ) & """ />"
+ Response.Write "<Error number=""" & sErrorNumber & """ />"
End Sub
Sub FileUpload( resourceType, currentFolder, sCommand )
@@ -192,7 +192,11 @@
sFileUrl = CombinePaths( GetResourceTypePath( resourceType, sCommand ) , currentFolder )
sFileUrl = CombinePaths( sFileUrl, sFileName )
- SendUploadResults sErrorNumber, sFileUrl, sFileName, ""
+ If ( sErrorNumber = "0" or sErrorNumber = "201" ) then
+ SendUploadResults sErrorNumber, sFileUrl, sFileName, ""
+ Else
+ SendUploadResults sErrorNumber, "", "", ""
+ End If
End Sub
%>
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/connector.asp
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/connector.asp 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/connector.asp 2009-07-13 08:46:19 UTC (rev 922)
@@ -57,7 +57,7 @@
' Check if it is an allowed resource type.
if ( Not IsAllowedType( sResourceType ) ) Then
- SendError 1, "The """ & sResourceType & """ resource type isn't allowed"
+ SendError 1, "Invalid type specified"
end if
' File Upload doesn't have to Return XML, so it must be intercepted before anything.
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/io.asp
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/io.asp 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/io.asp 2009-07-13 08:46:19 UTC (rev 922)
@@ -175,6 +175,8 @@
function GetCurrentFolder()
dim sCurrentFolder
+ dim oRegex
+
sCurrentFolder = Request.QueryString("CurrentFolder")
If ( sCurrentFolder = "" ) Then sCurrentFolder = "/"
@@ -187,6 +189,14 @@
SendError 102, ""
End If
+ Set oRegex = New RegExp
+ oRegex.Global = True
+ oRegex.Pattern = "(/\.)|(//)|([\\:\*\?\""\<\>\|]|[\u0000-\u001F]|\u007F)"
+
+ if (oRegex.Test(sCurrentFolder)) Then
+ SendError 102, ""
+ End If
+
GetCurrentFolder = sCurrentFolder
end function
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/upload.asp
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/upload.asp 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/asp/upload.asp 2009-07-13 08:46:19 UTC (rev 922)
@@ -48,7 +48,7 @@
sResourceType = Request.QueryString("Type")
If ( sResourceType = "" ) Then sResourceType = "File"
- sCurrentFolder = GetCurrentFolder()
+ sCurrentFolder = "/"
' Is Upload enabled?
if ( Not IsAllowedCommand( sCommand ) ) then
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_connector.cfm
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_connector.cfm 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_connector.cfm 2009-07-13 08:46:19 UTC (rev 922)
@@ -102,8 +102,33 @@
rootPath = left( serverPath, Len(serverPath) - Len(userFilesPath) ) ;
xmlContent = ""; // append to this string to build content
+ invalidName = false;
</cfscript>
+
+<cfif not config.enabled>
+
+ <cfset xmlContent = "<Error number=""1"" text=""This connector is disabled. Please check the 'editor/filemanager/connectors/cfm/config.cfm' file"" />">
+
+<cfelseif find("..",url.currentFolder) or find("\",url.currentFolder) or REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', url.currentFolder)>
+
+ <cfset invalidName = true>
+ <cfset xmlContent = "<Error number=""102"" />">
+
+<cfelseif isDefined("Config.ConfigAllowedCommands") and not ListFind(Config.ConfigAllowedCommands, url.command)>
+
+ <cfset invalidName = true>
+ <cfset xmlContent = '<Error number="1" text="The "' & HTMLEditFormat(url.command) & '" command isn''t allowed" />'>
+
+<cfelseif isDefined("Config.ConfigAllowedTypes") and not ListFind(Config.ConfigAllowedTypes, url.type)>
+
+ <cfset invalidName = true>
+ <cfset xmlContent = '<Error number="1" text="Invalid type specified" />'>
+
+</cfif>
+
+<cfset resourceTypeUrl = "">
+<cfif not len(xmlContent)>
<cfset resourceTypeUrl = rereplace( replace( Config.FileTypesPath[url.type], fs, "/", "all"), "/$", "") >
<cfif isDefined( "Config.FileTypesAbsolutePath" )
@@ -125,26 +150,9 @@
<!--- get rid of double directory separators --->
<cfset userFilesServerPath = replace( userFilesServerPath, fs & fs, fs, "all") >
-<cfif not config.enabled>
-
- <cfset xmlContent = "<Error number=""1"" text=""This connector is disabled. Please check the 'editor/filemanager/connectors/cfm/config.cfm' file"" />">
-
-<cfelseif find("..",url.currentFolder) or find("\",url.currentFolder)>
-
- <cfset xmlContent = "<Error number=""102"" />">
-
-<cfelseif isDefined("Config.ConfigAllowedCommands") and not ListFind(Config.ConfigAllowedCommands, url.command)>
-
- <cfset xmlContent = '<Error number="1" text="The "' & url.command & '" command isn''t allowed" />'>
-
-<cfelseif isDefined("Config.ConfigAllowedTypes") and not ListFind(Config.ConfigAllowedTypes, url.type)>
-
- <cfset xmlContent = '<Error number="1" text="The "' & url.type & '" type isn''t allowed" />'>
-
+<cfset resourceTypeDirectory = left( userFilesServerPath, Len(userFilesServerPath) - Len(url.currentFolder) )>
</cfif>
-<cfset resourceTypeDirectory = left( userFilesServerPath, Len(userFilesServerPath) - Len(url.currentFolder) )>
-
<cfif not len(xmlContent) and not directoryexists(resourceTypeDirectory)>
<!--- create directories in physical path if they don't already exist --->
<cfset currentPath = "">
@@ -263,6 +271,7 @@
newFolderName = reReplace(newFolderName, "_{2,}", "_", "all");
newFolderName = reReplace(newFolderName, "([^_]+)_+$", "\1", "all");
newFolderName = reReplace(newFolderName, "$_([^_]+)$", "\1", "all");
+ newFolderName = reReplace(newFolderName, '\.+', "_", "all" );
}
</cfscript>
@@ -271,7 +280,7 @@
<cfelseif directoryExists(currentFolderPath & newFolderName)>
<cfset errorNumber = 101>
<cfelseif reFind("^\.\.",newFolderName)>
- <cfset errorNumber = 103>
+ <cfset errorNumber = 102>
<cfelse>
<cfset errorNumber = 0>
@@ -303,8 +312,14 @@
</cfif>
<cfscript>
- xmlHeader = '<?xml version="1.0" encoding="utf-8" ?><Connector command="#url.command#" resourceType="#url.type#">';
- xmlHeader = xmlHeader & '<CurrentFolder path="#url.currentFolder#" url="#resourceTypeUrl##url.currentFolder#" />';
+ xmlHeader = '<?xml version="1.0" encoding="utf-8" ?>';
+ if (invalidName) {
+ xmlHeader = xmlHeader & '<Connector>';
+ }
+ else {
+ xmlHeader = xmlHeader & '<Connector command="#url.command#" resourceType="#url.type#">';
+ xmlHeader = xmlHeader & '<CurrentFolder path="#url.currentFolder#" url="#resourceTypeUrl##url.currentFolder#" />';
+ }
xmlFooter = '</Connector>';
</cfscript>
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_upload.cfm
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_upload.cfm 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf5_upload.cfm 2009-07-13 08:46:19 UTC (rev 922)
@@ -39,6 +39,10 @@
<cfparam name="url.type" default="File">
<cfparam name="url.currentFolder" default="/">
+<cfif url.command eq "QuickUpload">
+ <cfset url.currentFolder = "/">
+</cfif>
+
<cfif not isDefined("config_included")>
<cfinclude template="config.cfm">
</cfif>
@@ -75,6 +79,12 @@
<cfabort>
</cfif>
+<cfif REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', url.currentFolder)>
+ <cfset SendUploadResults(102)>
+ <cfabort>
+</cfif>
+
+
<cfscript>
userFilesPath = config.userFilesPath;
@@ -138,7 +148,7 @@
</cfcatch>
</cftry>
</cfif>
-<cfelse>
+<cfelseif url.command eq "FileUpload">
<cfset resourceTypeUrl = rereplace( replace( Config.FileTypesPath[url.type], fs, "/", "all"), "/$", "") >
<cfif isDefined( "Config.FileTypesAbsolutePath" )
and structkeyexists( Config.FileTypesAbsolutePath, url.type )
@@ -286,7 +296,7 @@
<cfif errorNumber EQ 0>
<!--- file was uploaded succesfully --->
- <cfset SendUploadResults(errorNumber, '#resourceTypeUrl##url.currentFolder##fileName#.#fileExt#', "", "")>
+ <cfset SendUploadResults(errorNumber, '#resourceTypeUrl##url.currentFolder##fileName#.#fileExt#', replace( fileName & "." & fileExt, "'", "\'", "ALL"), "")>
<cfabort>
<cfelseif errorNumber EQ 201>
<!--- file was changed (201), submit the new filename --->
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_basexml.cfm
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_basexml.cfm 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_basexml.cfm 2009-07-13 08:46:19 UTC (rev 922)
@@ -64,5 +64,9 @@
<cffunction name="SendErrorNode" returntype="void" output="true">
<cfargument name="number" required="true" type="Numeric">
<cfargument name="text" required="true">
- <cfoutput><Error number="#ARGUMENTS.number#" text="#htmleditformat(ARGUMENTS.text)#" /></cfoutput>
+ <cfif Len(ARGUMENTS.text)>
+ <cfoutput><Error number="#ARGUMENTS.number#" text="#htmleditformat(ARGUMENTS.text)#" /></cfoutput>
+ <cfelse>
+ <cfoutput><Error number="#ARGUMENTS.number#" /></cfoutput>
+ </cfif>
</cffunction>
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_commands.cfm
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_commands.cfm 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_commands.cfm 2009-07-13 08:46:19 UTC (rev 922)
@@ -35,7 +35,7 @@
<cfset var sTempDir = "">
<cfset var sTempFilePath = "">
<cfset var errorNumber = 0>
- <cfset var customMsg = 0>
+ <cfset var customMsg = "">
<cfset var counter = 0>
<cfset var destination = "">
@@ -226,5 +226,5 @@
</cftry>
</cfif>
- <cfoutput><Error number="#errorNumber#" originalDescription="#HTMLEditFormat(sErrorMsg)#" /></cfoutput>
+ <cfoutput><Error number="#errorNumber#" /></cfoutput>
</cffunction>
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_io.cfm
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_io.cfm 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_io.cfm 2009-07-13 08:46:19 UTC (rev 922)
@@ -193,8 +193,12 @@
<!--- Ensure the folder path has no double-slashes, or mkdir may fail on certain platforms --->
<cfset sCurrentFolder = rereplace( sCurrentFolder, "//+", "/", "all" )>
- <cfif find( "..", sCurrentFolder) or find( "\", sCurrentFolder) >
- <cfset SendError( 102, "" )>
+ <cfif find( "..", sCurrentFolder) or find( "\", sCurrentFolder) or REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', sCurrentFolder)>
+ <cfif URL.Command eq "FileUpload" or URL.Command eq "QuickUpload">
+ <cfset SendUploadResults( 102, "", "", "") >
+ <cfelse>
+ <cfset SendError( 102, "" )>
+ </cfif>
</cfif>
<cfreturn sCurrentFolder>
@@ -265,6 +269,10 @@
<cfargument name="fileName" required="false" type="String" default="">
<cfargument name="customMsg" required="false" type="String" default="">
+ <cfif errorNumber and errorNumber neq 201>
+ <cfset fileUrl = "">
+ <cfset fileName = "">
+ </cfif>
<!--- Minified version of the document.domain automatic fix script (#1919).
The original script can be found at _dev/domain_fix_template.js --->
<cfoutput>
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_upload.cfm
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_upload.cfm 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/cf_upload.cfm 2009-07-13 08:46:19 UTC (rev 922)
@@ -24,7 +24,6 @@
--->
<cfparam name="url.type" default="File">
-<cfparam name="url.currentFolder" default="/">
<!--- note: no serverPath url parameter - see config.cfm if you need to set the serverPath manually --->
@@ -36,7 +35,7 @@
<cffunction name="SendError" returntype="void" output="true">
<cfargument name="number" required="true" type="Numeric">
<cfargument name="text" required="true">
- <cfreturn SendUploadResults( "#ARGUMENTS.number#", "", "", "ARGUMENTS.text" )>
+ <cfreturn SendUploadResults( "#ARGUMENTS.number#", "", "", "#ARGUMENTS.text#" )>
</cffunction>
<cfset REQUEST.Config = Config>
@@ -57,7 +56,7 @@
<cfset sType = URL.Type>
</cfif>
-<cfset sCurrentFolder = GetCurrentFolder()>
+<cfset sCurrentFolder = "/">
<!--- Is enabled the upload? --->
<cfif not IsAllowedCommand( sCommand )>
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/config.cfm
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/config.cfm 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/cfm/config.cfm 2009-07-13 08:46:19 UTC (rev 922)
@@ -28,7 +28,6 @@
// SECURITY: You must explicitly enable this "connector". (Set enabled to "true")
Config.Enabled = false ;
-
// Path to uploaded files relative to the document root.
Config.UserFilesPath = "/userfiles/" ;
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/connector.lasso
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/connector.lasso 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/connector.lasso 2009-07-13 08:46:19 UTC (rev 922)
@@ -38,8 +38,8 @@
Convert query string parameters to variables and initialize output.
*/
var(
- 'Command' = action_param('Command'),
- 'Type' = action_param('Type'),
+ 'Command' = (Encode_HTML: action_param('Command')),
+ 'Type' = (Encode_HTML: action_param('Type')),
'CurrentFolder' = action_param('CurrentFolder'),
'ServerPath' = action_param('ServerPath'),
'NewFolderName' = action_param('NewFolderName'),
@@ -70,45 +70,16 @@
);
$__html_reply__ = '\
<script type="text/javascript">
-(function()
-{
- var d = document.domain ;
-
- while ( true )
- {
- // Test if we can access a parent property.
- try
- {
- var test = window.top.opener.document.domain ;
- break ;
- }
- catch( e ) {}
-
- // Remove a domain part: www.mytest.example.com => mytest.example.com => example.com ...
- d = d.replace( /.*?(?:\\.|$)/, "" ) ;
-
- if ( d.length == 0 )
- break ; // It was not able to detect the domain.
-
- try
- {
- document.domain = d ;
- }
- catch (e)
- {
- break ;
- }
- }
-})() ;
+(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\\.|$)/,\'\');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})();
';
if($uploadResult == '0' || $uploadResult == '201');
$__html_reply__ = $__html_reply__ + '\
- window.parent.OnUploadCompleted(' + $uploadResult + ',\'' + $NewFilePath + '\',\'' + $NewFilePath->split('/')->last + '\');
+ window.parent.OnUploadCompleted(' + $uploadResult + ',"' + $NewFilePath + '","' + $NewFilePath->split('/')->last + '");
</script>
';
else;
$__html_reply__ = $__html_reply__ + '\
- window.parent.OnUploadCompleted(' + $uploadResult + ');
+ window.parent.OnUploadCompleted(' + $uploadResult + ',"","");
</script>
';
/if;
@@ -125,9 +96,22 @@
+ $CurrentFolder
);
- if($CurrentFolder->(Find: '..') || $CurrentFolder->(Find: '\\'));
+ $currentFolderURL = string_replace($currentFolderURL, -find='//', -replace='/');
+
+ if (!$config->find('Subdirectories')->find(action_param('Type')));
if($Command == 'FileUpload');
$responseType = 'html';
+ $uploadResult = '1';
+ fck_htmlreply(
+ -uploadResult=$uploadResult
+ );
+ else;
+ $errorNumber = 1;
+ $commandData += '<Error number="' + $errorNumber + '" text="Invalid type specified" />\n';
+ /if;
+ else if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\*\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]'));
+ if($Command == 'FileUpload');
+ $responseType = 'html';
$uploadResult = '102';
fck_htmlreply(
-uploadResult=$uploadResult
@@ -142,7 +126,8 @@
Build the appropriate response per the 'Command' parameter. Wrap the
entire process in an inline for file tag permissions.
*/
- inline($connection);
+ if($config->find('Enabled'));
+ inline($connection);
select($Command);
/*.............................................................
List all subdirectories in the 'Current Folder' directory.
@@ -166,7 +151,13 @@
if(#this->endswith('/'));
$folders += '\t\t<Folder name="' + #this->removetrailing('/')& + '" />\n';
else;
- local('size') = file_getsize($currentFolderURL + #this) / 1024;
+ local('size') = file_getsize($currentFolderURL + #this);
+ if($size>0);
+ $size = $size/1024;
+ if ($size==0);
+ $size = 1;
+ /if;
+ /if;
$files += '\t\t<File name="' + #this + '" size="' + #size + '" />\n';
/if;
/iterate;
@@ -181,7 +172,7 @@
Create a directory 'NewFolderName' within the 'Current Folder.'
*/
case('CreateFolder');
- $NewFolderName = (String_ReplaceRegExp: $NewFolderName, -find='\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>', -replace='_');
+ $NewFolderName = (String_ReplaceRegExp: $NewFolderName, -find='\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
var('newFolder' = $currentFolderURL + $NewFolderName + '/');
file_create($newFolder);
@@ -233,19 +224,24 @@
files. (Test.txt, Test(1).txt, Test(2).txt, etc.)
*/
$NewFileName = $NewFile->find('OrigName');
- $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>', -replace='_');
+ $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
+ $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\.(?![^.]*$)', -replace='_');
$OrigFilePath = $currentFolderURL + $NewFileName;
$NewFilePath = $OrigFilePath;
local('fileExtension') = '.' + $NewFile->find('OrigExtension');
- #fileExtension = (String_ReplaceRegExp: #fileExtension, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>', -replace='_');
+ #fileExtension = (String_ReplaceRegExp: #fileExtension, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
local('shortFileName') = $NewFileName->removetrailing(#fileExtension)&;
/*.....................................................
Make sure the file extension is allowed.
*/
- if($config->find('DeniedExtensions')->find($Type) >> $NewFile->find('OrigExtension'));
+ local('allowedExt') = $config->find('AllowedExtensions')->find($Type);
+ local('deniedExt') = $config->find('DeniedExtensions')->find($Type);
+ if($allowedExt->Size > 0 && $allowedExt !>> $NewFile->find('OrigExtension'));
$uploadResult = '202';
+ else($deniedExt->Size > 0 && $deniedExt >> $NewFile->find('OrigExtension'));
+ $uploadResult = '202';
else;
/*.................................................
Rename the target path until it is unique.
@@ -277,8 +273,15 @@
-uploadResult=$uploadResult,
-NewFilePath=$NewFilePath
);
+ case;
+ $errorNumber = 1;
+ $commandData += '<Error number="' + $errorNumber + '" text="Command isn\'t allowed" />\n';
/select;
- /inline;
+ /inline;
+ else;
+ $errorNumber = 1;
+ $commandData += '<Error number="' + $errorNumber + '" text="This file uploader is disabled. Please check the editor/filemanager/upload/lasso/config.lasso file." />\n';
+ /if;
/if;
/*.....................................................................
@@ -309,13 +312,18 @@
Wrap the response as XML and output.
*/
$__html_reply__ = '\
-<?xml version="1.0" encoding="utf-8" ?>
-<Connector command="' + $Command + '" resourceType="' + $Type + '">';
+<?xml version="1.0" encoding="utf-8" ?>';
if($errorNumber != '102');
- $__html_reply__ += '<CurrentFolder path="' + $CurrentFolder + '" url="' + $currentFolderURL + '" />';
+ $__html_reply__ += '<Connector command="' + (Encode_HTML: $Command) + '" resourceType="' + (Encode_HTML: $Type) + '">';
+ else;
+ $__html_reply__ += '<Connector>';
/if;
+ if($errorNumber != '102');
+ $__html_reply__ += '<CurrentFolder path="' + (Encode_HTML: $CurrentFolder) + '" url="' + (Encode_HTML: $currentFolderURL) + '" />';
+ /if;
+
$__html_reply__ += $commandData + '
</Connector>';
/if;
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/upload.lasso
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/upload.lasso 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/lasso/upload.lasso 2009-07-13 08:46:19 UTC (rev 922)
@@ -32,8 +32,8 @@
Convert query string parameters to variables and initialize output.
*/
var(
- 'Type' = action_param('Type'),
- 'CurrentFolder' = action_param('CurrentFolder'),
+ 'Type' = (Encode_HTML: action_param('Type')),
+ 'CurrentFolder' = "/",
'ServerPath' = action_param('ServerPath'),
'NewFile' = null,
'NewFileName' = string,
@@ -53,9 +53,11 @@
var('currentFolderURL' = $ServerPath
+ $config->find('Subdirectories')->find(action_param('Type'))
- + action_param('CurrentFolder')
+ + $CurrentFolder
);
+ $currentFolderURL = string_replace($currentFolderURL, -find='//', -replace='/');
+
/*.....................................................................
Custom tag sets the HTML response.
*/
@@ -84,14 +86,14 @@
$__html_reply__ = $__html_reply__ + '\
window.parent.OnUploadCompleted(' + #errorNumber + ',"'
- + string_replace(#fileUrl, -find='"', -replace='\\"') + '","'
- + string_replace(#fileName, -find='"', -replace='\\"') + '","'
- + string_replace(#customMsg, -find='"', -replace='\\"') + '");
+ + string_replace((Encode_HTML: #fileUrl), -find='"', -replace='\\"') + '","'
+ + string_replace((Encode_HTML: #fileUrl->split('/')->last), -find='"', -replace='\\"') + '","'
+ + string_replace((Encode_HTML: #customMsg), -find='"', -replace='\\"') + '");
</script>
';
/define_tag;
- if($CurrentFolder->(Find: '..') || $CurrentFolder->(Find: '\\'));
+ if($CurrentFolder->(Find: '..') || (String_FindRegExp: $CurrentFolder, -Find='(/\\.)|(//)|[\\\\:\\*\\?\\""\\<\\>\\|]|\\000|[\u007F]|[\u0001-\u001F]'));
$errorNumber = 102;
/if;
@@ -114,6 +116,8 @@
files. (Test.txt, Test(1).txt, Test(2).txt, etc.)
*/
$NewFileName = $NewFile->find('OrigName');
+ $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|\\000|[\u007F]|[\u0001-\u001F]', -replace='_');
+ $NewFileName = (String_ReplaceRegExp: $NewFileName, -find='\\.(?![^.]*$)', -replace='_');
$OrigFilePath = $currentFolderURL + $NewFileName;
$NewFilePath = $OrigFilePath;
local('fileExtension') = '.' + $NewFile->find('OrigExtension');
@@ -124,8 +128,12 @@
Make sure the file extension is allowed.
*/
- if($config->find('DeniedExtensions')->find($Type) >> $NewFile->find('OrigExtension'));
+ local('allowedExt') = $config->find('AllowedExtensions')->find($Type);
+ local('deniedExt') = $config->find('DeniedExtensions')->find($Type);
+ if($allowedExt->Size > 0 && $allowedExt !>> $NewFile->find('OrigExtension'));
$errorNumber = 202;
+ else($deniedExt->Size > 0 && $deniedExt >> $NewFile->find('OrigExtension'));
+ $errorNumber = 202;
else;
/*.....................................................
Rename the target path until it is unique.
@@ -153,6 +161,9 @@
/select;
/if;
/if;
+ if ($errorNumber != 0 && $errorNumber != 201);
+ $NewFilePath = "";
+ /if;
/inline;
else;
$errorNumber = 1;
@@ -162,7 +173,6 @@
fck_sendresults(
-errorNumber=$errorNumber,
-fileUrl=$NewFilePath,
- -fileName=$NewFileName,
-customMsg=$customMsg
);
]
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/basexml.pl
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/basexml.pl 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/basexml.pl 2009-07-13 08:46:19 UTC (rev 922)
@@ -1,63 +1,68 @@
-#####
-# FCKeditor - The text editor for Internet - http://www.fckeditor.net
-# Copyright (C) 2003-2009 Frederico Caldeira Knabben
-#
-# == BEGIN LICENSE ==
-#
-# Licensed under the terms of any of the following licenses at your
-# choice:
-#
-# - GNU General Public License Version 2 or later (the "GPL")
-# http://www.gnu.org/licenses/gpl.html
-#
-# - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
-# http://www.gnu.org/licenses/lgpl.html
-#
-# - Mozilla Public License Version 1.1 or later (the "MPL")
-# http://www.mozilla.org/MPL/MPL-1.1.html
-#
-# == END LICENSE ==
-#
-# This is the File Manager Connector for Perl.
-#####
-
-sub CreateXmlHeader
-{
- local($command,$resourceType,$currentFolder) = @_;
-
- # Create the XML document header.
- print '<?xml version="1.0" encoding="utf-8" ?>';
-
- # Create the main "Connector" node.
- print '<Connector command="' . $command . '" resourceType="' . $resourceType . '">';
-
- # Add the current folder node.
- print '<CurrentFolder path="' . ConvertToXmlAttribute($currentFolder) . '" url="' . ConvertToXmlAttribute(GetUrlFromPath($resourceType,$currentFolder)) . '" />';
-}
-
-sub CreateXmlFooter
-{
- print '</Connector>';
-}
-
-sub SendError
-{
- local( $number, $text ) = @_;
-
- print << "_HTML_HEAD_";
-Content-Type:text/xml; charset=utf-8
-Pragma: no-cache
-Cache-Control: no-cache
-Expires: Thu, 01 Dec 1994 16:00:00 GMT
-
-_HTML_HEAD_
-
- # Create the XML document header
- print '<?xml version="1.0" encoding="utf-8" ?>' ;
-
- print '<Connector><Error number="' . $number . '" text="' . &specialchar_cnv( $text ) . '" /></Connector>' ;
-
- exit ;
-}
-
-1;
+#####
+# FCKeditor - The text editor for Internet - http://www.fckeditor.net
+# Copyright (C) 2003-2009 Frederico Caldeira Knabben
+#
+# == BEGIN LICENSE ==
+#
+# Licensed under the terms of any of the following licenses at your
+# choice:
+#
+# - GNU General Public License Version 2 or later (the "GPL")
+# http://www.gnu.org/licenses/gpl.html
+#
+# - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
+# http://www.gnu.org/licenses/lgpl.html
+#
+# - Mozilla Public License Version 1.1 or later (the "MPL")
+# http://www.mozilla.org/MPL/MPL-1.1.html
+#
+# == END LICENSE ==
+#
+# This is the File Manager Connector for Perl.
+#####
+
+sub CreateXmlHeader
+{
+ local($command,$resourceType,$currentFolder) = @_;
+
+ # Create the XML document header.
+ print '<?xml version="1.0" encoding="utf-8" ?>';
+
+ # Create the main "Connector" node.
+ print '<Connector command="' . $command . '" resourceType="' . $resourceType . '">';
+
+ # Add the current folder node.
+ print '<CurrentFolder path="' . ConvertToXmlAttribute($currentFolder) . '" url="' . ConvertToXmlAttribute(GetUrlFromPath($resourceType,$currentFolder)) . '" />';
+}
+
+sub CreateXmlFooter
+{
+ print '</Connector>';
+}
+
+sub SendError
+{
+ local( $number, $text ) = @_;
+
+ print << "_HTML_HEAD_";
+Content-Type:text/xml; charset=utf-8
+Pragma: no-cache
+Cache-Control: no-cache
+Expires: Thu, 01 Dec 1994 16:00:00 GMT
+
+_HTML_HEAD_
+
+ # Create the XML document header
+ print '<?xml version="1.0" encoding="utf-8" ?>' ;
+
+ if ($text) {
+ print '<Connector><Error number="' . $number . '" text="' . &specialchar_cnv( $text ) . '" /></Connector>' ;
+ }
+ else {
+ print '<Connector><Error number="' . $number . '" /></Connector>' ;
+ }
+
+ exit ;
+}
+
+1;
Modified: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/commands.pl
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/commands.pl 2009-06-19 09:05:29 UTC (rev 921)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/commands.pl 2009-07-13 08:46:19 UTC (rev 922)
@@ -1,187 +1,200 @@
-#####
-# FCKeditor - The text editor for Internet - http://www.fckeditor.net
-# Copyright (C) 2003-2009 Frederico Caldeira Knabben
-#
-# == BEGIN LICENSE ==
-#
-# Licensed under the terms of any of the following licenses at your
-# choice:
-#
-# - GNU General Public License Version 2 or later (the "GPL")
-# http://www.gnu.org/licenses/gpl.html
-#
-# - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
-# http://www.gnu.org/licenses/lgpl.html
-#
-# - Mozilla Public License Version 1.1 or later (the "MPL")
-# http://www.mozilla.org/MPL/MPL-1.1.html
-#
-# == END LICENSE ==
-#
-# This is the File Manager Connector for Perl.
-#####
-
-sub GetFolders
-{
-
- local($resourceType, $currentFolder) = @_;
-
- # Map the virtual path to the local server path.
- $sServerDir = &ServerMapFolder($resourceType, $currentFolder);
- print "<Folders>"; # Open the "Folders" node.
-
- opendir(DIR,"$sServerDir");
- @files = grep(!/^\.\.?$/,readdir(DIR));
- closedir(DIR);
-
- foreach $sFile (@files) {
- if($sFile != '.' && $sFile != '..' && (-d "$sServerDir$sFile")) {
- $cnv_filename = &ConvertToXmlAttribute($sFile);
- print '<Folder name="' . $cnv_filename . '" />';
- }
- }
- print "</Folders>"; # Close the "Folders" node.
-}
-
-sub GetFoldersAndFiles
-{
-
- local($resourceType, $currentFolder) = @_;
- # Map the virtual path to the local server path.
- $sServerDir = &ServerMapFolder($resourceType,$currentFolder);
-
- # Initialize the output buffers for "Folders" and "Files".
- $sFolders = '<Folders>';
- $sFiles = '<Files>';
-
- opendir(DIR,"$sServerDir");
- @files = grep(!/^\.\.?$/,readdir(DIR));
- closedir(DIR);
-
- foreach $sFile (@files) {
- if($sFile ne '.' && $sFile ne '..') {
- if(-d "$sServerDir$sFile") {
- $cnv_filename = &ConvertToXmlAttribute($sFile);
- $sFolders .= '<Folder name="' . $cnv_filename . '" />' ;
- } else {
- ($iFileSize,$refdate,$filedate,$fileperm) = (stat("$sServerDir$sFile"))[7,8,9,2];
- if($iFileSize > 0) {
- $iFileSize = int($iFileSize / 1024);
- if($iFileSize < 1) {
- $iFileSize = 1;
- }
- }
- $cnv_filename = &ConvertToXmlAttribute($sFile);
- $sFiles .= '<File name="' . $cnv_filename . '" size="' . $iFileSize . '" />' ;
- }
- }
- }
- print $sFolders ;
- print '</Folders>'; # Close the "Folders" node.
- print $sFiles ;
- print '</Files>'; # Close the "Files" node.
-}
-
-sub CreateFolder
-{
-
- local($resourceType, $currentFolder) = @_;
- $sErrorNumber = '0' ;
- $sErrorMsg = '' ;
-
- if($FORM{'NewFolderName'} ne "") {
- $sNewFolderName = $FORM{'NewFolderName'};
- $sNewFolderName =~ s/\.|\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
- # Map the virtual path to the local server path of the current folder.
- $sServerDir = &ServerMapFolder($resourceType, $currentFolder);
- if(-w $sServerDir) {
- $sServerDir .= $sNewFolderName;
- $sErrorMsg = &CreateServerFolder($sServerDir);
- if($sErrorMsg == 0) {
- $sErrorNumber = '0';
- } elsif($sErrorMsg eq 'Invalid argument' || $sErrorMsg eq 'No such file or directory') {
- $sErrorNumber = '102'; #// Path too long.
- } else {
- $sErrorNumber = '110';
- }
- } else {
- $sErrorNumber = '103';
- }
- } else {
- $sErrorNumber = '102' ;
- }
- # Create the "Error" node.
- $cnv_errmsg = &ConvertToXmlAttribute($sErrorMsg);
- print '<Error number="' . $sErrorNumber . '" originalDescription="' . $cnv_errmsg . '" />';
-}
-
-sub FileUpload
-{
-eval("use File::Copy;");
-
- local($resourceType, $currentFolder) = @_;
-
- $sErrorNumber = '0' ;
- $sFileName = '' ;
- if($new_fname) {
- # Map the virtual path to the local server path.
- $sServerDir = &ServerMapFolder($resourceType,$currentFolder);
-
- # Get the uploaded file name.
- $sFileName = $new_fname;
- $sFileName =~ s/\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
- $sOriginalFileName = $sFileName;
-
- $iCounter = 0;
- while(1) {
- $sFilePath = $sServerDir . $sFileName;
- if(-e $sFilePath) {
- $iCounter++ ;
- ($path,$BaseName,$ext) = &RemoveExtension($sOriginalFileName);
- $sFileName = $BaseName . '(' . $iCounter . ').' . $ext;
- $sErrorNumber = '201';
- } else {
- copy("$img_dir/$new_fname","$sFilePath");
- if (defined $CHMOD_ON_UPLOAD) {
- if ($CHMOD_ON_UPLOAD) {
- umask(000);
- chmod($CHMOD_ON_UPLOAD,$sFilePath);
- }
- }
- else {
- umask(000);
- chmod(0777,$sFilePath);
- }
- unlink("$img_dir/$new_fname");
- last;
- }
- }
- } else {
- $sErrorNumber = '202' ;
- }
- $sFileName =~ s/"/\\"/g;
-
- SendUploadResults($sErrorNumber, $resourceType.$currentFolder.$sFileName, $sFileName, '');
-}
-
-sub SendUploadResults
-{
-
- local($sErrorNumber, $sFileUrl, $sFileName, $customMsg) = @_;
-
- # Minified version of the document.domain automatic fix script (#1919).
- # The original script can be found at _dev/domain_fix_template.js
- # Note: in Perl replace \ with \\ and $ with \$
- print <<EOF;
-Content-type: text/html
-
-<script type="text/javascript">
-(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\\.|\$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})();
-
-EOF
- print 'window.parent.OnUploadCompleted(' . $sErrorNumber . ',"' . JS_cnv($sFileUrl) . '","' . JS_cnv($sFileName) . '","' . JS_cnv($customMsg) . '") ;';
- print '</script>';
- exit ;
-}
-
-1;
+#####
+# FCKeditor - The text editor for Internet - http://www.fckeditor.net
+# Copyright (C) 2003-2009 Frederico Caldeira Knabben
+#
+# == BEGIN LICENSE ==
+#
+# Licensed under the terms of any of the following licenses at your
+# choice:
+#
+# - GNU General Public License Version 2 or later (the "GPL")
+# http://www.gnu.org/licenses/gpl.html
+#
+# - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
+# http://www.gnu.org/licenses/lgpl.html
+#
+# - Mozilla Public License Version 1.1 or later (the "MPL")
+# http://www.mozilla.org/MPL/MPL-1.1.html
+#
+# == END LICENSE ==
+#
+# This is the File Manager Connector for Perl.
+#####
+
+sub GetFolders
+{
+
+ local($resourceType, $currentFolder) = @_;
+
+ # Map the virtual path to the local server path.
+ $sServerDir = &ServerMapFolder($resourceType, $currentFolder);
+ print "<Folders>"; # Open the "Folders" node.
+
+ opendir(DIR,"$sServerDir");
+ @files = grep(!/^\.\.?$/,readdir(DIR));
+ closedir(DIR);
+
+ foreach $sFile (@files) {
+ if($sFile != '.' && $sFile != '..' && (-d "$sServerDir$sFile")) {
+ $cnv_filename = &ConvertToXmlAttribute($sFile);
+ print '<Folder name="' . $cnv_filename . '" />';
+ }
+ }
+ print "</Folders>"; # Close the "Folders" node.
+}
+
+sub GetFoldersAndFiles
+{
+
+ local($resourceType, $currentFolder) = @_;
+ # Map the virtual path to the local server path.
+ $sServerDir = &ServerMapFolder($resourceType,$currentFolder);
+
+ # Initialize the output buffers for "Folders" and "Files".
+ $sFolders = '<Folders>';
+ $sFiles = '<Files>';
+
+ opendir(DIR,"$sServerDir");
+ @files = grep(!/^\.\.?$/,readdir(DIR));
+ closedir(DIR);
+
+ foreach $sFile (@files) {
+ if($sFile ne '.' && $sFile ne '..') {
+ if(-d "$sServerDir$sFile") {
+ $cnv_filename = &ConvertToXmlAttribute($sFile);
+ $sFolders .= '<Folder name="' . $cnv_filename . '" />' ;
+ } else {
+ ($iFileSize,$refdate,$filedate,$fileperm) = (stat("$sServerDir$sFile"))[7,8,9,2];
+ if($iFileSize > 0) {
+ $iFileSize = int($iFileSize / 1024);
+ if($iFileSize < 1) {
+ $iFileSize = 1;
+ }
+ }
+ $cnv_filename = &ConvertToXmlAttribute($sFile);
+ $sFiles .= '<File name="' . $cnv_filename . '" size="' . $iFileSize . '" />' ;
+ }
+ }
+ }
+ print $sFolders ;
+ print '</Folders>'; # Close the "Folders" node.
+ print $sFiles ;
+ print '</Files>'; # Close the "Files" node.
+}
+
+sub CreateFolder
+{
+
+ local($resourceType, $currentFolder) = @_;
+ $sErrorNumber = '0' ;
+ $sErrorMsg = '' ;
+
+ if($FORM{'NewFolderName'} ne "") {
+ $sNewFolderName = $FORM{'NewFolderName'};
+ $sNewFolderName =~ s/\.|\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
+ # Map the virtual path to the local server path of the current folder.
+ $sServerDir = &ServerMapFolder($resourceType, $currentFolder);
+ if(-w $sServerDir) {
+ $sServerDir .= $sNewFolderName;
+ $sErrorMsg = &CreateServerFolder($sServerDir);
+ if($sErrorMsg == 0) {
+ $sErrorNumber = '0';
+ } elsif($sErrorMsg eq 'Invalid argument' || $sErrorMsg eq 'No such file or directory') {
+ $sErrorNumber = '102'; #// Path too long.
+ } else {
+ $sErrorNumber = '110';
+ }
+ } else {
+ $sErrorNumber = '103';
+ }
+ } else {
+ $sErrorNumber = '102' ;
+ }
+ # Create the "Error" node.
+ $cnv_errmsg = &ConvertToXmlAttribute($sErrorMsg);
+ print '<Error number="' . $sErrorNumber . '" />';
+}
+
+sub FileUpload
+{
+eval("use File::Copy;");
+
+ local($resourceType, $currentFolder) = @_;
+ $allowedExtensions = $allowedExtensions{$resourceType};
+
+ $sErrorNumber = '0' ;
+ $sFileName = '' ;
+ if($new_fname) {
+ # Map the virtual path to the local server path.
+ $sServerDir = &ServerMapFolder($resourceType,$currentFolder);
+
+ # Get the uploaded file name.
+ $sFileName = $new_fname;
+ $sFileName =~ s/\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
+ $sFileName =~ s/\.(?![^.]*$)/_/g;
+
+ $ext = '';
+ if($sFileName =~ /([^\\\/]*)\.(.*)$/) {
+ $ext = $2;
+ }
+
+ $allowedRegex = qr/^($allowedExtensions)$/i;
+ if (!($ext =~ $allowedRegex)) {
+ SendUploadResults('202', '', '', '');
+ }
+
+ $sOriginalFileName = $sFileName;
+
+ $iCounter = 0;
+ while(1) {
+ $sFilePath = $sServerDir . $sFileName;
+ if(-e $sFilePath) {
+ $iCounter++ ;
+ ($path,$BaseName,$ext) = &RemoveExtension($sOriginalFileName);
+ $sFileName = $BaseName . '(' . $iCounter . ').' . $ext;
+ $sErrorNumber = '201';
+ } else {
+ copy("$img_dir/$new_fname","$sFilePath");
+ if (defined $CHMOD_ON_UPLOAD) {
+ if ($CHMOD_ON_UPLOAD) {
+ umask(000);
+ chmod($CHMOD_ON_UPLOAD,$sFilePath);
+ }
+ }
+ else {
+ umask(000);
+ chmod(0777,$sFilePath);
+ }
+ unlink("$img_dir/$new_fname");
+ last;
+ }
+ }
+ } else {
+ $sErrorNumber = '202' ;
+ }
+ $sFileName =~ s/"/\\"/g;
+
+ SendUploadResults($sErrorNumber, $GLOBALS{'UserFilesPath'}.$resourceType.$currentFolder.$sFileName, $sFileName, '');
+}
+
+sub SendUploadResults
+{
+
+ local($sErrorNumber, $sFileUrl, $sFileName, $customMsg) = @_;
+
+ # Minified version of the document.domain automatic fix script (#1919).
+ # The original script can be found at _dev/domain_fix_template.js
+ # Note: in Perl replace \ with \\ and $ with \$
+ print <<EOF;
+Content-type: text/html
+
+<script type="text/javascript">
+(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\\.|\$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})();
+
+EOF
+ print 'window.parent.OnUploadCompleted(' . $sErrorNumber . ',"' . JS_cnv($sFileUrl) . '","' . JS_cnv($sFileName) . '","' . JS_cnv($customMsg) . '") ;';
+ print '</script>';
+ exit ;
+}
+
+1;
Added: trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/config.pl
===================================================================
--- trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/config.pl (rev 0)
+++ trunk/fckez/src/archive/web/js/ext/FCKeditor/editor/filemanager/connectors/perl/config.pl 2009-07-13 08:46:19 UTC (rev 922)
@@ -0,0 +1,39 @@
+#####
+# FCKeditor - The text editor for Internet - http://www.fckeditor.net
+# Copyright (C) 2003-2009 Frederico Caldeira Knabben
+#
+# == BEGIN LICENSE ==
+#
+# Licensed under the terms of any of the following licenses at your
+# choice:
+#
+# - GNU General Public License Version 2 or later (the "GPL")
+# http://www.gnu.org/licenses/gpl.html
+#
+# - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
+# http://www.gnu.org/licenses/lgpl.html
+#
+# - Mozilla Public License Version 1.1 or later (the "MPL")
+# http://www.mozilla.org/MPL/MPL-1.1.html
+#
+# == END LICENSE ==
+#
+# This is the File Manager Connector for Perl.
+#####
+
+##
+# SECURITY: REMOVE/COMMENT THE FOLLOWING LINE TO ENABLE THIS CONNECTOR.
+##
+&SendError( 1, 'This connector is disabled. Please check the "editor/filemanager/connectors/perl/config.cgi" file' ) ;
+
+$GLOBALS{'UserFilesPath'} = '/userfiles/';
+
+# Map the "UserFiles" path to a local directory.
+$rootpath = &GetRootPath();
+$GLOBALS{'UserFilesDirectory'} = $rootpath . $GLOBALS{'UserFilesPath'};
+
+%allowedExtensions = ("File", "7z|aiff|asf|avi|bmp|csv|doc|fla|flv|gif|gz|gzip|jpeg|jpg|...
[truncated message content] |