|
1
|
<?php
|
|
2
|
/*
|
|
3
|
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
|
|
4
|
* Copyright (C) 2003-2010 Frederico Caldeira Knabben
|
|
5
|
*
|
|
6
|
* == BEGIN LICENSE ==
|
|
7
|
*
|
|
8
|
* Licensed under the terms of any of the following licenses at your
|
|
9
|
* choice:
|
|
10
|
*
|
|
11
|
* - GNU General Public License Version 2 or later (the "GPL")
|
|
12
|
* http://www.gnu.org/licenses/gpl.html
|
|
13
|
*
|
|
14
|
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
|
|
15
|
* http://www.gnu.org/licenses/lgpl.html
|
|
16
|
*
|
|
17
|
* - Mozilla Public License Version 1.1 or later (the "MPL")
|
|
18
|
* http://www.mozilla.org/MPL/MPL-1.1.html
|
|
19
|
*
|
|
20
|
* == END LICENSE ==
|
|
21
|
*
|
|
22
|
* Configuration file for the File Manager Connector for PHP.
|
|
23
|
*/
|
|
24
|
|
|
25
|
global $Config ;
|
|
26
|
|
|
27
|
// SECURITY: You must explicitly enable this "connector". (Set it to "true").
|
|
28
|
// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only
|
|
29
|
// authenticated users can access this file or use some kind of session checking.
|
|
30
|
$Config['Enabled'] = false ;
|
|
31
|
|
|
32
|
/**
|
|
33
|
* SECURITY PATCH FOR WEBSITEBAKER (doc)
|
|
34
|
* only enable PHP connector if user is authenticated to WB
|
|
35
|
* and has at least permissions to view the WB MEDIA folder
|
|
36
|
*/
|
|
37
|
// include WB config.php file and admin class
|
|
38
|
if(!defined('WB_PATH'))
|
|
39
|
{
|
|
40
|
$configFile = ( (dirname(dirname(dirname(dirname(dirname(dirname(__DIR__))))))).'/config.php' );
|
|
41
|
if(is_readable($configFile) )
|
|
42
|
{
|
|
43
|
require($configFile);
|
|
44
|
} else {
|
|
45
|
die('tried to read a nonexisting configFile ['.basename($configFile).']!! ');
|
|
46
|
}
|
|
47
|
}
|
|
48
|
//$oReg = WbAdaptor::getInstance();
|
|
49
|
|
|
50
|
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
|
|
51
|
|
|
52
|
$wb_path = str_replace('\\','/', WB_PATH);
|
|
53
|
$wb_path = str_replace('//','/', WB_PATH);
|
|
54
|
|
|
55
|
// check if user is authenticated if WB and has permission to view MEDIA folder
|
|
56
|
$admin = new admin('Media', 'media_view', false, false);
|
|
57
|
if(($admin->get_permission('media_view') === true))
|
|
58
|
{
|
|
59
|
// user allowed to view MEDIA folder -> enable PHP connector
|
|
60
|
$Config['Enabled'] = true ;
|
|
61
|
// allow actions to list folders and files
|
|
62
|
$Config['ConfigAllowedCommands'] = array('GetFolders', 'GetFoldersAndFiles') ;
|
|
63
|
}
|
|
64
|
|
|
65
|
// Path to user files relative to the document root.
|
|
66
|
// $Config['UserFilesPath'] = '/userfiles/' ;
|
|
67
|
$Config['UserFilesPath'] = WB_URL.MEDIA_DIRECTORY.'/' ;
|
|
68
|
// use home folder of current user as document root if available
|
|
69
|
if(isset($_SESSION['HOME_FOLDER']) && file_exists($wb_path .MEDIA_DIRECTORY .$_SESSION['HOME_FOLDER'])){
|
|
70
|
$Config['UserFilesPath'] = $Config['UserFilesPath'].$_SESSION['HOME_FOLDER'];
|
|
71
|
}
|
|
72
|
|
|
73
|
// Fill the following value it you prefer to specify the absolute path for the
|
|
74
|
// user files directory. Useful if you are using a virtual directory, symbolic
|
|
75
|
// link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
|
|
76
|
// Attention: The above 'UserFilesPath' must point to the same directory.
|
|
77
|
// $Config['UserFilesAbsolutePath'] = '' ;
|
|
78
|
|
|
79
|
$Config['UserFilesAbsolutePath'] = $wb_path .MEDIA_DIRECTORY.'/' ;
|
|
80
|
// use home folder of current user as document root if available
|
|
81
|
if(isset($_SESSION['HOME_FOLDER']) && file_exists($wb_path .MEDIA_DIRECTORY .$_SESSION['HOME_FOLDER'])){
|
|
82
|
$Config['UserFilesAbsolutePath'] = $Config['UserFilesAbsolutePath'].$_SESSION['HOME_FOLDER'].'/';
|
|
83
|
}
|
|
84
|
// Due to security issues with Apache modules, it is recommended to leave the
|
|
85
|
// following setting enabled.
|
|
86
|
$Config['ForceSingleExtension'] = true ;
|
|
87
|
|
|
88
|
// Perform additional checks for image files.
|
|
89
|
// If set to true, validate image size (using getimagesize).
|
|
90
|
$Config['SecureImageUploads'] = true;
|
|
91
|
|
|
92
|
// What the user can do with this connector.
|
|
93
|
// $Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ;
|
|
94
|
|
|
95
|
/**
|
|
96
|
Check WB permissions of the user/group for the MEDIA folder and
|
|
97
|
enable only those FCKEditor commands the user has permissions for
|
|
98
|
*/
|
|
99
|
// check if user is allowed to upload files to the media directory
|
|
100
|
if(($admin->get_permission('media_upload') === true)) {
|
|
101
|
// add actions to upload files to the MEDIA folder
|
|
102
|
array_push($Config['ConfigAllowedCommands'], 'FileUpload', 'QuickUpload');
|
|
103
|
}
|
|
104
|
|
|
105
|
// check if user is allowed to create new folders in the media directory
|
|
106
|
if(($admin->get_permission('media_create') === true)) {
|
|
107
|
// add action to create new folders in the MEDIA folder
|
|
108
|
array_push($Config['ConfigAllowedCommands'], 'CreateFolder');
|
|
109
|
}
|
|
110
|
|
|
111
|
// Allowed Resource Types.
|
|
112
|
$Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media') ;
|
|
113
|
|
|
114
|
// For security, HTML is allowed in the first Kb of data for files having the
|
|
115
|
// following extensions only.
|
|
116
|
$Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ;
|
|
117
|
|
|
118
|
// After file is uploaded, sometimes it is required to change its permissions
|
|
119
|
// so that it was possible to access it at the later time.
|
|
120
|
// If possible, it is recommended to set more restrictive permissions, like 0755.
|
|
121
|
// Set to 0 to disable this feature.
|
|
122
|
// Note: not needed on Windows-based servers.
|
|
123
|
$Config['ChmodOnUpload'] = defined('OCTAL_FILE_MODE') ? OCTAL_FILE_MODE : 0777 ;
|
|
124
|
|
|
125
|
// See comments above.
|
|
126
|
// Used when creating folders that does not exist.
|
|
127
|
$Config['ChmodOnFolderCreate'] = defined('OCTAL_DIR_MODE') ? OCTAL_DIR_MODE : 0777 ;
|
|
128
|
|
|
129
|
/*
|
|
130
|
Configuration settings for each Resource Type
|
|
131
|
|
|
132
|
- AllowedExtensions: the possible extensions that can be allowed.
|
|
133
|
If it is empty then any file type can be uploaded.
|
|
134
|
- DeniedExtensions: The extensions that won't be allowed.
|
|
135
|
If it is empty then no restrictions are done here.
|
|
136
|
|
|
137
|
For a file to be uploaded it has to fulfill both the AllowedExtensions
|
|
138
|
and DeniedExtensions (that's it: not being denied) conditions.
|
|
139
|
|
|
140
|
- FileTypesPath: the virtual folder relative to the document root where
|
|
141
|
these resources will be located.
|
|
142
|
Attention: It must start and end with a slash: '/'
|
|
143
|
|
|
144
|
- FileTypesAbsolutePath: the physical path to the above folder. It must be
|
|
145
|
an absolute path.
|
|
146
|
If it's an empty string then it will be autocalculated.
|
|
147
|
Useful if you are using a virtual directory, symbolic link or alias.
|
|
148
|
Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
|
|
149
|
Attention: The above 'FileTypesPath' must point to the same directory.
|
|
150
|
Attention: It must end with a slash: '/'
|
|
151
|
|
|
152
|
- QuickUploadPath: the virtual folder relative to the document root where
|
|
153
|
these resources will be uploaded using the Upload tab in the resources
|
|
154
|
dialogs.
|
|
155
|
Attention: It must start and end with a slash: '/'
|
|
156
|
|
|
157
|
- QuickUploadAbsolutePath: the physical path to the above folder. It must be
|
|
158
|
an absolute path.
|
|
159
|
If it's an empty string then it will be autocalculated.
|
|
160
|
Useful if you are using a virtual directory, symbolic link or alias.
|
|
161
|
Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
|
|
162
|
Attention: The above 'QuickUploadPath' must point to the same directory.
|
|
163
|
Attention: It must end with a slash: '/'
|
|
164
|
|
|
165
|
NOTE: by default, QuickUploadPath and QuickUploadAbsolutePath point to
|
|
166
|
"userfiles" directory to maintain backwards compatibility with older versions of FCKeditor.
|
|
167
|
This is fine, but you in some cases you will be not able to browse uploaded files using file browser.
|
|
168
|
Example: if you click on "image button", select "Upload" tab and send image
|
|
169
|
to the server, image will appear in FCKeditor correctly, but because it is placed
|
|
170
|
directly in /userfiles/ directory, you'll be not able to see it in built-in file browser.
|
|
171
|
The more expected behaviour would be to send images directly to "image" subfolder.
|
|
172
|
To achieve that, simply change
|
|
173
|
$Config['QuickUploadPath']['Image'] = $Config['UserFilesPath'] ;
|
|
174
|
$Config['QuickUploadAbsolutePath']['Image'] = $Config['UserFilesAbsolutePath'] ;
|
|
175
|
into:
|
|
176
|
$Config['QuickUploadPath']['Image'] = $Config['FileTypesPath']['Image'] ;
|
|
177
|
$Config['QuickUploadAbsolutePath']['Image'] = $Config['FileTypesAbsolutePath']['Image'] ;
|
|
178
|
|
|
179
|
*/
|
|
180
|
|
|
181
|
/**
|
|
182
|
APPLY MORE RESTRICTIVE SETTINGS FOR WEBSITE BAKER
|
|
183
|
+ only allow file types: only textfiles (no PHP, Javascript or HTML files per default)
|
|
184
|
+ only allows images type: bmp, gif, jpges, jpg and png
|
|
185
|
+ only allows flash types: swf, flv (no fla ... flash action script per default)
|
|
186
|
+ only allows media types: swf, flv, jpg, gif, jpeg, png, avi, mgp, mpeg
|
|
187
|
*/
|
|
188
|
$Config['AllowedExtensions']['File'] = array();
|
|
189
|
$Config['DeniedExtensions']['File'] = array('html','htm','php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi','htaccess','asis') ;
|
|
190
|
$Config['FileTypesPath']['File'] = $Config['UserFilesPath'];
|
|
191
|
$Config['FileTypesAbsolutePath']['File'] = $Config['UserFilesAbsolutePath'] ;
|
|
192
|
$Config['QuickUploadPath']['File'] = $Config['UserFilesPath'] ;
|
|
193
|
$Config['QuickUploadAbsolutePath']['File'] = $Config['UserFilesAbsolutePath'] ;
|
|
194
|
|
|
195
|
$Config['AllowedExtensions']['Image'] = array('bmp','gif','jpeg','jpg','png') ;
|
|
196
|
$Config['DeniedExtensions']['Image'] = array() ;
|
|
197
|
$Config['FileTypesPath']['Image'] = $Config['UserFilesPath'] ;
|
|
198
|
$Config['FileTypesAbsolutePath']['Image'] = $Config['UserFilesAbsolutePath'];
|
|
199
|
$Config['QuickUploadPath']['Image'] = $Config['UserFilesPath'] ;
|
|
200
|
$Config['QuickUploadAbsolutePath']['Image'] = $Config['UserFilesAbsolutePath'] ;
|
|
201
|
|
|
202
|
$Config['AllowedExtensions']['Flash'] = array('swf','flv') ;
|
|
203
|
$Config['DeniedExtensions']['Flash'] = array() ;
|
|
204
|
$Config['FileTypesPath']['Flash'] = $Config['UserFilesPath'];
|
|
205
|
$Config['FileTypesAbsolutePath']['Flash'] = $Config['UserFilesAbsolutePath'];
|
|
206
|
$Config['QuickUploadPath']['Flash'] = $Config['UserFilesPath'] ;
|
|
207
|
$Config['QuickUploadAbsolutePath']['Flash'] = $Config['UserFilesAbsolutePath'] ;
|
|
208
|
|
|
209
|
$Config['AllowedExtensions']['Media'] = array('swf','flv','jpg','gif','jpeg','png','avi','mpg','mpeg') ;
|
|
210
|
$Config['DeniedExtensions']['Media'] = array() ;
|
|
211
|
$Config['FileTypesPath']['Media'] = $Config['UserFilesPath'] . '' ;
|
|
212
|
$Config['FileTypesAbsolutePath']['Media'] = $Config['UserFilesAbsolutePath'];
|
|
213
|
$Config['QuickUploadPath']['Media'] = $Config['UserFilesPath'] ;
|
|
214
|
$Config['QuickUploadAbsolutePath']['Media'] = $Config['UserFilesAbsolutePath'] ;
|
|
215
|
|
|
216
|
?>
|