[geeklog-cvs] Geeklog-1.x/public_html/fckeditor/editor/filemanager/connectors/php basexml.php, 1.1, 1.2 commands.php, 1.1, 1.2 config.php, 1.1, 1.2 connector.php, 1.1, 1.2 io.php, 1.1, 1.2 upload.php, 1.1, 1.2 util.php, 1.1, 1.2
Blaine Lang
blaine at qs1489.pair.com
Sun May 4 20:35:29 EDT 2008
- Previous message (by thread): [geeklog-cvs] Geeklog-1.x/public_html/fckeditor/editor/filemanager/connectors/perl basexml.pl, 1.1, 1.2 commands.pl, 1.1, 1.2 connector.cgi, 1.1, 1.2 io.pl, 1.1, 1.2 upload.cgi, 1.1, 1.2 upload_fck.pl, 1.1, 1.2 util.pl, 1.1, 1.2
- Next message (by thread): [geeklog-cvs] Geeklog-1.x/public_html/fckeditor/editor/filemanager/connectors/py config.py, 1.1, 1.2 connector.py, 1.1, 1.2 fckcommands.py, 1.1, 1.2 fckconnector.py, 1.1, 1.2 fckoutput.py, 1.1, 1.2 fckutil.py, 1.1, 1.2 htaccess.txt, 1.1, 1.2 upload.py, 1.1, 1.2 wsgi.py, 1.1, 1.2 zope.py, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/fckeditor/editor/filemanager/connectors/php
In directory qs1489.pair.com:/tmp/cvs-serv85146/editor/filemanager/connectors/php
Modified Files:
basexml.php commands.php config.php connector.php io.php
upload.php util.php
Log Message:
Upgraded the FCKeditor to version 2.6 Final - latest release April 7/08
Index: connector.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/fckeditor/editor/filemanager/connectors/php/connector.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** connector.php 9 Feb 2008 12:53:59 -0000 1.1
--- connector.php 5 May 2008 00:35:25 -0000 1.2
***************
*** 2,6 ****
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
! * Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
--- 2,6 ----
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
! * Copyright (C) 2003-2008 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
***************
*** 50,55 ****
$sCurrentFolder = GetCurrentFolder() ;
! // Check if it is an allowed command
! if ( ! IsAllowedCommand( $sCommand ) )
SendError( 1, 'The "' . $sCommand . '" command isn\'t allowed' ) ;
--- 50,55 ----
$sCurrentFolder = GetCurrentFolder() ;
! // Check if it is an allowed command
! if ( ! IsAllowedCommand( $sCommand ) )
SendError( 1, 'The "' . $sCommand . '" command isn\'t allowed' ) ;
***************
*** 85,87 ****
exit ;
}
! ?>
\ No newline at end of file
--- 85,87 ----
exit ;
}
! ?>
Index: commands.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/fckeditor/editor/filemanager/connectors/php/commands.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** commands.php 9 Feb 2008 12:53:59 -0000 1.1
--- commands.php 5 May 2008 00:35:25 -0000 1.2
***************
*** 2,6 ****
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
! * Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
--- 2,6 ----
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
! * Copyright (C) 2003-2008 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
***************
*** 185,197 ****
if ( isset( $Config['SecureImageUploads'] ) )
{
! if ( !IsImageValid( $oFile['tmp_name'], $sExtension ) )
{
$sErrorNumber = '202' ;
}
}
!
if ( isset( $Config['HtmlExtensions'] ) )
{
! if ( !IsHtmlExtension( $sExtension, $Config['HtmlExtensions'] ) && DetectHtml( $oFile['tmp_name'] ) )
{
$sErrorNumber = '202' ;
--- 185,198 ----
if ( isset( $Config['SecureImageUploads'] ) )
{
! if ( ( $isImageValid = IsImageValid( $oFile['tmp_name'], $sExtension ) ) === false )
{
$sErrorNumber = '202' ;
}
}
!
if ( isset( $Config['HtmlExtensions'] ) )
{
! if ( !IsHtmlExtension( $sExtension, $Config['HtmlExtensions'] ) &&
! ( $detectHtml = DetectHtml( $oFile['tmp_name'] ) ) === true )
{
$sErrorNumber = '202' ;
***************
*** 220,225 ****
if ( is_file( $sFilePath ) )
{
$oldumask = umask(0) ;
! chmod( $sFilePath, 0777 ) ;
umask( $oldumask ) ;
}
--- 221,238 ----
if ( is_file( $sFilePath ) )
{
+ if ( isset( $Config['ChmodOnUpload'] ) && !$Config['ChmodOnUpload'] )
+ {
+ break ;
+ }
+
+ $permissions = 0777;
+
+ if ( isset( $Config['ChmodOnUpload'] ) && $Config['ChmodOnUpload'] )
+ {
+ $permissions = $Config['ChmodOnUpload'] ;
+ }
+
$oldumask = umask(0) ;
! chmod( $sFilePath, $permissions ) ;
umask( $oldumask ) ;
}
***************
*** 228,231 ****
--- 241,259 ----
}
}
+
+ if ( file_exists( $sFilePath ) )
+ {
+ //previous checks failed, try once again
+ if ( isset( $isImageValid ) && $isImageValid === -1 && IsImageValid( $sFilePath, $sExtension ) === false )
+ {
+ @unlink( $sFilePath ) ;
+ $sErrorNumber = '202' ;
+ }
+ else if ( isset( $detectHtml ) && $detectHtml === -1 && DetectHtml( $sFilePath ) === true )
+ {
+ @unlink( $sFilePath ) ;
+ $sErrorNumber = '202' ;
+ }
+ }
}
else
***************
*** 243,245 ****
exit ;
}
! ?>
\ No newline at end of file
--- 271,273 ----
exit ;
}
! ?>
Index: upload.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/fckeditor/editor/filemanager/connectors/php/upload.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** upload.php 9 Feb 2008 12:53:59 -0000 1.1
--- upload.php 5 May 2008 00:35:25 -0000 1.2
***************
*** 2,6 ****
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
! * Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
--- 2,6 ----
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
! * Copyright (C) 2003-2008 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
***************
*** 44,51 ****
$sType = isset( $_GET['Type'] ) ? $_GET['Type'] : 'File' ;
! $sCurrentFolder = GetCurrentFolder() ;
// Is enabled the upload?
! if ( ! IsAllowedCommand( $sCommand ) )
SendUploadResults( '1', '', '', 'The ""' . $sCommand . '"" command isn\'t allowed' ) ;
--- 44,51 ----
$sType = isset( $_GET['Type'] ) ? $_GET['Type'] : 'File' ;
! $sCurrentFolder = GetCurrentFolder() ;
// Is enabled the upload?
! if ( ! IsAllowedCommand( $sCommand ) )
SendUploadResults( '1', '', '', 'The ""' . $sCommand . '"" command isn\'t allowed' ) ;
***************
*** 57,59 ****
FileUpload( $sType, $sCurrentFolder, $sCommand )
! ?>
\ No newline at end of file
--- 57,59 ----
FileUpload( $sType, $sCurrentFolder, $sCommand )
! ?>
Index: basexml.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/fckeditor/editor/filemanager/connectors/php/basexml.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** basexml.php 9 Feb 2008 12:53:59 -0000 1.1
--- basexml.php 5 May 2008 00:35:25 -0000 1.2
***************
*** 2,6 ****
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
! * Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
--- 2,6 ----
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
! * Copyright (C) 2003-2008 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
***************
*** 67,71 ****
{
if ( isset( $GLOBALS['HeaderSent'] ) && $GLOBALS['HeaderSent'] )
! {
SendErrorNode( $number, $text ) ;
CreateXmlFooter() ;
--- 67,71 ----
{
if ( isset( $GLOBALS['HeaderSent'] ) && $GLOBALS['HeaderSent'] )
! {
SendErrorNode( $number, $text ) ;
CreateXmlFooter() ;
***************
*** 79,85 ****
echo '<Connector>' ;
!
SendErrorNode( $number, $text ) ;
!
echo '</Connector>' ;
}
--- 79,85 ----
echo '<Connector>' ;
!
SendErrorNode( $number, $text ) ;
!
echo '</Connector>' ;
}
***************
*** 91,93 ****
echo '<Error number="' . $number . '" text="' . htmlspecialchars( $text ) . '" />' ;
}
! ?>
\ No newline at end of file
--- 91,93 ----
echo '<Error number="' . $number . '" text="' . htmlspecialchars( $text ) . '" />' ;
}
! ?>
Index: config.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/fckeditor/editor/filemanager/connectors/php/config.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** config.php 9 Feb 2008 12:53:59 -0000 1.1
--- config.php 5 May 2008 00:35:25 -0000 1.2
***************
*** 2,6 ****
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
! * Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
--- 2,6 ----
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
! * Copyright (C) 2003-2008 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
***************
*** 49,60 ****
$Config['ForceSingleExtension'] = true ;
! // Perform additional checks for image files
! // if set to true, validate image size (using getimagesize)
$Config['SecureImageUploads'] = true;
! // What the user can do with this connector
$Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ;
! // Allowed Resource Types
$Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media') ;
--- 49,60 ----
$Config['ForceSingleExtension'] = true ;
! // Perform additional checks for image files.
! // If set to true, validate image size (using getimagesize).
$Config['SecureImageUploads'] = true;
! // What the user can do with this connector.
$Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ;
! // Allowed Resource Types.
$Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media') ;
***************
*** 63,66 ****
--- 63,77 ----
$Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ;
+ // After file is uploaded, sometimes it is required to change its permissions
+ // so that it was possible to access it at the later time.
+ // If possible, it is recommended to set more restrictive permissions, like 0755.
+ // Set to 0 to disable this feature.
+ // Note: not needed on Windows-based servers.
+ $Config['ChmodOnUpload'] = 0777 ;
+
+ // See comments above.
+ // Used when creating folders that does not exist.
+ $Config['ChmodOnFolderCreate'] = 0777 ;
+
/*
Configuration settings for each Resource Type
***************
*** 124,128 ****
$Config['AllowedExtensions']['Image'] = array('bmp','gif','jpeg','jpg','png') ;
$Config['DeniedExtensions']['Image'] = array() ;
! $Config['FileTypesPath']['Image'] = $Config['UserFilesPath'] . 'Image/' ;
$Config['FileTypesAbsolutePath']['Image']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'image/' ;
$Config['QuickUploadPath']['Image'] = $Config['UserFilesPath'] ;
--- 135,139 ----
$Config['AllowedExtensions']['Image'] = array('bmp','gif','jpeg','jpg','png') ;
$Config['DeniedExtensions']['Image'] = array() ;
! $Config['FileTypesPath']['Image'] = $Config['UserFilesPath'] . 'image/' ;
$Config['FileTypesAbsolutePath']['Image']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'image/' ;
$Config['QuickUploadPath']['Image'] = $Config['UserFilesPath'] ;
***************
*** 131,135 ****
$Config['AllowedExtensions']['Flash'] = array('swf','flv') ;
$Config['DeniedExtensions']['Flash'] = array() ;
! $Config['FileTypesPath']['Flash'] = $Config['UserFilesPath'] . 'Flash/' ;
$Config['FileTypesAbsolutePath']['Flash']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'flash/' ;
$Config['QuickUploadPath']['Flash'] = $Config['UserFilesPath'] ;
--- 142,146 ----
$Config['AllowedExtensions']['Flash'] = array('swf','flv') ;
$Config['DeniedExtensions']['Flash'] = array() ;
! $Config['FileTypesPath']['Flash'] = $Config['UserFilesPath'] . 'flash/' ;
$Config['FileTypesAbsolutePath']['Flash']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'flash/' ;
$Config['QuickUploadPath']['Flash'] = $Config['UserFilesPath'] ;
***************
*** 138,142 ****
$Config['AllowedExtensions']['Media'] = array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ;
$Config['DeniedExtensions']['Media'] = array() ;
! $Config['FileTypesPath']['Media'] = $Config['UserFilesPath'] . 'Media/' ;
$Config['FileTypesAbsolutePath']['Media']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'media/' ;
$Config['QuickUploadPath']['Media'] = $Config['UserFilesPath'] ;
--- 149,153 ----
$Config['AllowedExtensions']['Media'] = array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ;
$Config['DeniedExtensions']['Media'] = array() ;
! $Config['FileTypesPath']['Media'] = $Config['UserFilesPath'] . 'media/' ;
$Config['FileTypesAbsolutePath']['Media']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'media/' ;
$Config['QuickUploadPath']['Media'] = $Config['UserFilesPath'] ;
Index: util.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/fckeditor/editor/filemanager/connectors/php/util.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** util.php 9 Feb 2008 12:53:59 -0000 1.1
--- util.php 5 May 2008 00:35:25 -0000 1.2
***************
*** 2,6 ****
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
! * Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
--- 2,6 ----
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
! * Copyright (C) 2003-2008 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
***************
*** 35,41 ****
}
function ConvertToXmlAttribute( $value )
{
! if ( defined( 'PHP_OS' ) )
{
$os = PHP_OS ;
--- 35,64 ----
}
+ function FindBadUtf8( $string )
+ {
+ $regex =
+ '([\x00-\x7F]'.
+ '|[\xC2-\xDF][\x80-\xBF]'.
+ '|\xE0[\xA0-\xBF][\x80-\xBF]'.
+ '|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'.
+ '|\xED[\x80-\x9F][\x80-\xBF]'.
+ '|\xF0[\x90-\xBF][\x80-\xBF]{2}'.
+ '|[\xF1-\xF3][\x80-\xBF]{3}'.
+ '|\xF4[\x80-\x8F][\x80-\xBF]{2}'.
+ '|(.{1}))';
+
+ while (preg_match('/'.$regex.'/S', $string, $matches)) {
+ if ( isset($matches[2])) {
+ return true;
+ }
+ $string = substr($string, strlen($matches[0]));
+ }
+
+ return false;
+ }
+
function ConvertToXmlAttribute( $value )
{
! if ( defined( 'PHP_OS' ) )
{
$os = PHP_OS ;
***************
*** 45,57 ****
$os = php_uname() ;
}
!
! if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' )
{
return ( utf8_encode( htmlspecialchars( $value ) ) ) ;
! }
! else
{
return ( htmlspecialchars( $value ) ) ;
! }
}
--- 68,80 ----
$os = php_uname() ;
}
!
! if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' || FindBadUtf8( $value ) )
{
return ( utf8_encode( htmlspecialchars( $value ) ) ) ;
! }
! else
{
return ( htmlspecialchars( $value ) ) ;
! }
}
***************
*** 78,97 ****
/**
! * Detect HTML in the first KB to prevent against potential security issue with
* IE/Safari/Opera file type auto detection bug.
* Returns true if file contain insecure HTML code at the beginning.
! *
* @param string $filePath absolute path to file
* @return boolean
! */
function DetectHtml( $filePath )
{
! $fp = fopen( $filePath, 'rb' ) ;
$chunk = fread( $fp, 1024 ) ;
fclose( $fp ) ;
$chunk = strtolower( $chunk ) ;
! if (!$chunk)
{
return false ;
--- 101,128 ----
/**
! * Detect HTML in the first KB to prevent against potential security issue with
* IE/Safari/Opera file type auto detection bug.
* Returns true if file contain insecure HTML code at the beginning.
! *
* @param string $filePath absolute path to file
* @return boolean
! */
function DetectHtml( $filePath )
{
! $fp = @fopen( $filePath, 'rb' ) ;
!
! //open_basedir restriction, see #1906
! if ( $fp === false || !flock( $fp, LOCK_SH ) )
! {
! return -1 ;
! }
!
$chunk = fread( $fp, 1024 ) ;
+ flock( $fp, LOCK_UN ) ;
fclose( $fp ) ;
$chunk = strtolower( $chunk ) ;
! if (!$chunk)
{
return false ;
***************
*** 100,113 ****
$chunk = trim( $chunk ) ;
! if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) )
{
return true;
! }
$tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;
! foreach( $tags as $tag )
{
! if( false !== strpos( $chunk, $tag ) )
{
return true ;
--- 131,144 ----
$chunk = trim( $chunk ) ;
! if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) )
{
return true;
! }
$tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;
! foreach( $tags as $tag )
{
! if( false !== strpos( $chunk, $tag ) )
{
return true ;
***************
*** 116,120 ****
//type = javascript
! if ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) )
{
return true ;
--- 147,151 ----
//type = javascript
! if ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) )
{
return true ;
***************
*** 128,139 ****
return true ;
}
!
//url(javascript
! if ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
{
return true ;
! }
! return false ;
}
--- 159,170 ----
return true ;
}
!
//url(javascript
! if ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
{
return true ;
! }
! return false ;
}
***************
*** 142,153 ****
* Currently this function validates only image files.
* Returns false if file is invalid.
! *
* @param string $filePath absolute path to file
* @param string $extension file extension
* @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images
* @return boolean
! */
function IsImageValid( $filePath, $extension )
{
$imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');
--- 173,188 ----
* Currently this function validates only image files.
* Returns false if file is invalid.
! *
* @param string $filePath absolute path to file
* @param string $extension file extension
* @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images
* @return boolean
! */
function IsImageValid( $filePath, $extension )
{
+ if (!@is_readable($filePath)) {
+ return -1;
+ }
+
$imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');
***************
*** 171,185 ****
}
}
!
if ( !in_array( $extension, $imageCheckExtensions ) ) {
return true;
}
!
if ( @getimagesize( $filePath ) === false ) {
return false ;
! }
!
return true;
}
! ?>
\ No newline at end of file
--- 206,220 ----
}
}
!
if ( !in_array( $extension, $imageCheckExtensions ) ) {
return true;
}
!
if ( @getimagesize( $filePath ) === false ) {
return false ;
! }
!
return true;
}
! ?>
Index: io.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/fckeditor/editor/filemanager/connectors/php/io.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** io.php 9 Feb 2008 12:53:59 -0000 1.1
--- io.php 5 May 2008 00:35:25 -0000 1.2
***************
*** 2,6 ****
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
! * Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
--- 2,6 ----
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
! * Copyright (C) 2003-2008 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
***************
*** 30,34 ****
global $Config ;
! if ( $sCommand == "QuickUpload")
return $Config['QuickUploadPath'][$resourceType] ;
else
--- 30,34 ----
global $Config ;
! if ( $sCommand == "QuickUpload")
return $Config['QuickUploadPath'][$resourceType] ;
else
***************
*** 39,43 ****
{
global $Config ;
! if ( $sCommand == "QuickUpload")
{
if ( strlen( $Config['QuickUploadAbsolutePath'][$resourceType] ) > 0 )
--- 39,43 ----
{
global $Config ;
! if ( $sCommand == "QuickUpload")
{
if ( strlen( $Config['QuickUploadAbsolutePath'][$resourceType] ) > 0 )
***************
*** 89,92 ****
--- 89,93 ----
function CreateServerFolder( $folderPath, $lastFolder = null )
{
+ global $Config ;
$sParent = GetParentFolder( $folderPath ) ;
***************
*** 104,108 ****
return "Can't create $folderPath directory" ;
}
!
$sErrorMsg = CreateServerFolder( $sParent, $folderPath ) ;
if ( $sErrorMsg != '' )
--- 105,109 ----
return "Can't create $folderPath directory" ;
}
!
$sErrorMsg = CreateServerFolder( $sParent, $folderPath ) ;
if ( $sErrorMsg != '' )
***************
*** 119,126 ****
ini_set( 'track_errors', '1' ) ;
! // To create the folder with 0777 permissions, we need to set umask to zero.
! $oldumask = umask(0) ;
! mkdir( $folderPath, 0777 ) ;
! umask( $oldumask ) ;
$sErrorMsg = $php_errormsg ;
--- 120,139 ----
ini_set( 'track_errors', '1' ) ;
! if ( isset( $Config['ChmodOnFolderCreate'] ) && !$Config['ChmodOnFolderCreate'] )
! {
! mkdir( $folderPath ) ;
! }
! else
! {
! $permissions = 0777 ;
! if ( isset( $Config['ChmodOnFolderCreate'] ) )
! {
! $permissions = $Config['ChmodOnFolderCreate'] ;
! }
! // To create the folder with 0777 permissions, we need to set umask to zero.
! $oldumask = umask(0) ;
! mkdir( $folderPath, $permissions ) ;
! umask( $oldumask ) ;
! }
$sErrorMsg = $php_errormsg ;
***************
*** 138,144 ****
function GetRootPath()
{
! if (!isset($_SERVER)) {
! global $_SERVER;
! }
$sRealPath = realpath( './' ) ;
--- 151,157 ----
function GetRootPath()
{
! if (!isset($_SERVER)) {
! global $_SERVER;
! }
$sRealPath = realpath( './' ) ;
***************
*** 147,151 ****
$sSelfPath = str_replace( '/', DIRECTORY_SEPARATOR, $sSelfPath ) ;
!
$position = strpos( $sRealPath, $sSelfPath ) ;
--- 160,164 ----
$sSelfPath = str_replace( '/', DIRECTORY_SEPARATOR, $sSelfPath ) ;
!
$position = strpos( $sRealPath, $sSelfPath ) ;
***************
*** 181,188 ****
$arDenied = $Config['DeniedExtensions'][$resourceType] ;
! if ( count($arAllowed) > 0 && !in_array( $sExtension, $arAllowed ) )
return false ;
! if ( count($arDenied) > 0 && in_array( $sExtension, $arDenied ) )
return false ;
--- 194,201 ----
$arDenied = $Config['DeniedExtensions'][$resourceType] ;
! if ( count($arAllowed) > 0 && !in_array( $sExtension, $arAllowed ) )
return false ;
! if ( count($arDenied) > 0 && in_array( $sExtension, $arDenied ) )
return false ;
***************
*** 195,199 ****
if ( !in_array( $resourceType, $Config['ConfigAllowedTypes'] ) )
return false ;
!
return true ;
}
--- 208,212 ----
if ( !in_array( $resourceType, $Config['ConfigAllowedTypes'] ) )
return false ;
!
return true ;
}
***************
*** 205,209 ****
if ( !in_array( $sCommand, $Config['ConfigAllowedCommands'] ) )
return false ;
!
return true ;
}
--- 218,222 ----
if ( !in_array( $sCommand, $Config['ConfigAllowedCommands'] ) )
return false ;
!
return true ;
}
***************
*** 211,222 ****
function GetCurrentFolder()
{
! if (!isset($_GET)) {
! global $_GET;
! }
$sCurrentFolder = isset( $_GET['CurrentFolder'] ) ? $_GET['CurrentFolder'] : '/' ;
// Check the current folder syntax (must begin and start with a slash).
! if ( ! ereg( '/$', $sCurrentFolder ) ) $sCurrentFolder .= '/' ;
! if ( strpos( $sCurrentFolder, '/' ) !== 0 ) $sCurrentFolder = '/' . $sCurrentFolder ;
// Ensure the folder path has no double-slashes
--- 224,237 ----
function GetCurrentFolder()
{
! if (!isset($_GET)) {
! global $_GET;
! }
$sCurrentFolder = isset( $_GET['CurrentFolder'] ) ? $_GET['CurrentFolder'] : '/' ;
// Check the current folder syntax (must begin and start with a slash).
! if ( !preg_match( '|/$|', $sCurrentFolder ) )
! $sCurrentFolder .= '/' ;
! if ( strpos( $sCurrentFolder, '/' ) !== 0 )
! $sCurrentFolder = '/' . $sCurrentFolder ;
// Ensure the folder path has no double-slashes
***************
*** 226,230 ****
// Check for invalid folder paths (..)
! if ( strpos( $sCurrentFolder, '..' ) )
SendError( 102, '' ) ;
--- 241,245 ----
// Check for invalid folder paths (..)
! if ( strpos( $sCurrentFolder, '..' ) || strpos( $sCurrentFolder, "\\" ))
SendError( 102, '' ) ;
***************
*** 238,242 ****
// Remove . \ / | : ? * " < >
! $sNewFolderName = preg_replace( '/\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>/', '_', $sNewFolderName ) ;
return $sNewFolderName ;
--- 253,257 ----
// Remove . \ / | : ? * " < >
! $sNewFolderName = preg_replace( '/\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFolderName ) ;
return $sNewFolderName ;
***************
*** 255,259 ****
// Remove \ / | : ? * " < >
! $sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>/', '_', $sNewFileName ) ;
return $sNewFileName ;
--- 270,274 ----
// Remove \ / | : ? * " < >
! $sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName ) ;
return $sNewFileName ;
***************
*** 263,267 ****
function SendUploadResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' )
{
! echo '<script type="text/javascript">' ;
$rpl = array( '\\' => '\\\\', '"' => '\\"' ) ;
echo 'window.parent.OnUploadCompleted(' . $errorNumber . ',"' . strtr( $fileUrl, $rpl ) . '","' . strtr( $fileName, $rpl ) . '", "' . strtr( $customMsg, $rpl ) . '") ;' ;
--- 278,315 ----
function SendUploadResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' )
{
! echo <<<EOF
! <script type="text/javascript">
! (function()
! {
! var d = document.domain ;
!
! while ( true )
! {
! // Test if we can access a parent property.
! try
! {
! var test = window.top.opener.document.domain ;
! break ;
! }
! catch( e ) {}
!
! // Remove a domain part: www.mytest.example.com => mytest.example.com => example.com ...
! d = d.replace( /.*?(?:\.|$)/, '' ) ;
!
! if ( d.length == 0 )
! break ; // It was not able to detect the domain.
!
! try
! {
! document.domain = d ;
! }
! catch (e)
! {
! break ;
! }
! }
! })() ;
!
! EOF;
$rpl = array( '\\' => '\\\\', '"' => '\\"' ) ;
echo 'window.parent.OnUploadCompleted(' . $errorNumber . ',"' . strtr( $fileUrl, $rpl ) . '","' . strtr( $fileName, $rpl ) . '", "' . strtr( $customMsg, $rpl ) . '") ;' ;
***************
*** 270,272 ****
}
! ?>
\ No newline at end of file
--- 318,320 ----
}
! ?>
- Previous message (by thread): [geeklog-cvs] Geeklog-1.x/public_html/fckeditor/editor/filemanager/connectors/perl basexml.pl, 1.1, 1.2 commands.pl, 1.1, 1.2 connector.cgi, 1.1, 1.2 io.pl, 1.1, 1.2 upload.cgi, 1.1, 1.2 upload_fck.pl, 1.1, 1.2 util.pl, 1.1, 1.2
- Next message (by thread): [geeklog-cvs] Geeklog-1.x/public_html/fckeditor/editor/filemanager/connectors/py config.py, 1.1, 1.2 connector.py, 1.1, 1.2 fckcommands.py, 1.1, 1.2 fckconnector.py, 1.1, 1.2 fckoutput.py, 1.1, 1.2 fckutil.py, 1.1, 1.2 htaccess.txt, 1.1, 1.2 upload.py, 1.1, 1.2 wsgi.py, 1.1, 1.2 zope.py, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the geeklog-cvs
mailing list