|
1
|
<%
|
|
2
|
' FCKeditor - The text editor for Internet - http://www.fckeditor.net
|
|
3
|
' Copyright (C) 2003-2009 Frederico Caldeira Knabben
|
|
4
|
'
|
|
5
|
' == BEGIN LICENSE ==
|
|
6
|
'
|
|
7
|
' Licensed under the terms of any of the following licenses at your
|
|
8
|
' choice:
|
|
9
|
'
|
|
10
|
' - GNU General Public License Version 2 or later (the "GPL")
|
|
11
|
' http://www.gnu.org/licenses/gpl.html
|
|
12
|
'
|
|
13
|
' - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
|
|
14
|
' http://www.gnu.org/licenses/lgpl.html
|
|
15
|
'
|
|
16
|
' - Mozilla Public License Version 1.1 or later (the "MPL")
|
|
17
|
' http://www.mozilla.org/MPL/MPL-1.1.html
|
|
18
|
'
|
|
19
|
' == END LICENSE ==
|
|
20
|
'
|
|
21
|
' This file include IO specific functions used by the ASP Connector.
|
|
22
|
%>
|
|
23
|
<%
|
|
24
|
function CombinePaths( sBasePath, sFolder)
|
|
25
|
sFolder = replace(sFolder, "\", "/")
|
|
26
|
CombinePaths = RemoveFromEnd( sBasePath, "/" ) & "/" & RemoveFromStart( sFolder, "/" )
|
|
27
|
end function
|
|
28
|
|
|
29
|
function CombineLocalPaths( sBasePath, sFolder)
|
|
30
|
sFolder = replace(sFolder, "/", "\")
|
|
31
|
' The RemoveFrom* functions use RegExp, so we must escape the \
|
|
32
|
CombineLocalPaths = RemoveFromEnd( sBasePath, "\\" ) & "\" & RemoveFromStart( sFolder, "\\" )
|
|
33
|
end function
|
|
34
|
|
|
35
|
Function GetResourceTypePath( resourceType, sCommand )
|
|
36
|
if ( sCommand = "QuickUpload") then
|
|
37
|
GetResourceTypePath = ConfigQuickUploadPath.Item( resourceType )
|
|
38
|
else
|
|
39
|
GetResourceTypePath = ConfigFileTypesPath.Item( resourceType )
|
|
40
|
end if
|
|
41
|
end Function
|
|
42
|
|
|
43
|
Function GetResourceTypeDirectory( resourceType, sCommand )
|
|
44
|
if ( sCommand = "QuickUpload") then
|
|
45
|
|
|
46
|
if ( ConfigQuickUploadAbsolutePath.Item( resourceType ) <> "" ) then
|
|
47
|
GetResourceTypeDirectory = ConfigQuickUploadAbsolutePath.Item( resourceType )
|
|
48
|
else
|
|
49
|
' Map the "UserFiles" path to a local directory.
|
|
50
|
GetResourceTypeDirectory = Server.MapPath( ConfigQuickUploadPath.Item( resourceType ) )
|
|
51
|
end if
|
|
52
|
else
|
|
53
|
if ( ConfigFileTypesAbsolutePath.Item( resourceType ) <> "" ) then
|
|
54
|
GetResourceTypeDirectory = ConfigFileTypesAbsolutePath.Item( resourceType )
|
|
55
|
else
|
|
56
|
' Map the "UserFiles" path to a local directory.
|
|
57
|
GetResourceTypeDirectory = Server.MapPath( ConfigFileTypesPath.Item( resourceType ) )
|
|
58
|
end if
|
|
59
|
end if
|
|
60
|
end Function
|
|
61
|
|
|
62
|
Function GetUrlFromPath( resourceType, folderPath, sCommand )
|
|
63
|
GetUrlFromPath = CombinePaths( GetResourceTypePath( resourceType, sCommand ), folderPath )
|
|
64
|
End Function
|
|
65
|
|
|
66
|
Function RemoveExtension( fileName )
|
|
67
|
RemoveExtension = Left( fileName, InStrRev( fileName, "." ) - 1 )
|
|
68
|
End Function
|
|
69
|
|
|
70
|
Function ServerMapFolder( resourceType, folderPath, sCommand )
|
|
71
|
Dim sResourceTypePath
|
|
72
|
' Get the resource type directory.
|
|
73
|
sResourceTypePath = GetResourceTypeDirectory( resourceType, sCommand )
|
|
74
|
|
|
75
|
' Ensure that the directory exists.
|
|
76
|
CreateServerFolder sResourceTypePath
|
|
77
|
|
|
78
|
' Return the resource type directory combined with the required path.
|
|
79
|
ServerMapFolder = CombineLocalPaths( sResourceTypePath, folderPath )
|
|
80
|
End Function
|
|
81
|
|
|
82
|
Sub CreateServerFolder( folderPath )
|
|
83
|
Dim oFSO
|
|
84
|
Set oFSO = Server.CreateObject( "Scripting.FileSystemObject" )
|
|
85
|
|
|
86
|
Dim sParent
|
|
87
|
sParent = oFSO.GetParentFolderName( folderPath )
|
|
88
|
|
|
89
|
' If folderPath is a network path (\\server\folder\) then sParent is an empty string.
|
|
90
|
' Get out.
|
|
91
|
if (sParent = "") then exit sub
|
|
92
|
|
|
93
|
' Check if the parent exists, or create it.
|
|
94
|
If ( NOT oFSO.FolderExists( sParent ) ) Then CreateServerFolder( sParent )
|
|
95
|
|
|
96
|
If ( oFSO.FolderExists( folderPath ) = False ) Then
|
|
97
|
On Error resume next
|
|
98
|
oFSO.CreateFolder( folderPath )
|
|
99
|
|
|
100
|
if err.number<>0 then
|
|
101
|
dim sErrorNumber
|
|
102
|
Dim iErrNumber, sErrDescription
|
|
103
|
iErrNumber = err.number
|
|
104
|
sErrDescription = err.Description
|
|
105
|
|
|
106
|
On Error Goto 0
|
|
107
|
|
|
108
|
Select Case iErrNumber
|
|
109
|
Case 52
|
|
110
|
sErrorNumber = "102" ' Invalid Folder Name.
|
|
111
|
Case 70
|
|
112
|
sErrorNumber = "103" ' Security Error.
|
|
113
|
Case 76
|
|
114
|
sErrorNumber = "102" ' Path too long.
|
|
115
|
Case Else
|
|
116
|
sErrorNumber = "110"
|
|
117
|
End Select
|
|
118
|
|
|
119
|
SendError sErrorNumber, "CreateServerFolder(" & folderPath & ") : " & sErrDescription
|
|
120
|
end if
|
|
121
|
|
|
122
|
End If
|
|
123
|
|
|
124
|
Set oFSO = Nothing
|
|
125
|
End Sub
|
|
126
|
|
|
127
|
Function IsAllowedExt( extension, resourceType )
|
|
128
|
Dim oRE
|
|
129
|
Set oRE = New RegExp
|
|
130
|
oRE.IgnoreCase = True
|
|
131
|
oRE.Global = True
|
|
132
|
|
|
133
|
Dim sAllowed, sDenied
|
|
134
|
sAllowed = ConfigAllowedExtensions.Item( resourceType )
|
|
135
|
sDenied = ConfigDeniedExtensions.Item( resourceType )
|
|
136
|
|
|
137
|
IsAllowedExt = True
|
|
138
|
|
|
139
|
If sDenied <> "" Then
|
|
140
|
oRE.Pattern = sDenied
|
|
141
|
IsAllowedExt = Not oRE.Test( extension )
|
|
142
|
End If
|
|
143
|
|
|
144
|
If IsAllowedExt And sAllowed <> "" Then
|
|
145
|
oRE.Pattern = sAllowed
|
|
146
|
IsAllowedExt = oRE.Test( extension )
|
|
147
|
End If
|
|
148
|
|
|
149
|
Set oRE = Nothing
|
|
150
|
End Function
|
|
151
|
|
|
152
|
Function IsAllowedType( resourceType )
|
|
153
|
Dim oRE
|
|
154
|
Set oRE = New RegExp
|
|
155
|
oRE.IgnoreCase = False
|
|
156
|
oRE.Global = True
|
|
157
|
oRE.Pattern = "^(" & ConfigAllowedTypes & ")$"
|
|
158
|
|
|
159
|
IsAllowedType = oRE.Test( resourceType )
|
|
160
|
|
|
161
|
Set oRE = Nothing
|
|
162
|
End Function
|
|
163
|
|
|
164
|
Function IsAllowedCommand( sCommand )
|
|
165
|
Dim oRE
|
|
166
|
Set oRE = New RegExp
|
|
167
|
oRE.IgnoreCase = True
|
|
168
|
oRE.Global = True
|
|
169
|
oRE.Pattern = "^(" & ConfigAllowedCommands & ")$"
|
|
170
|
|
|
171
|
IsAllowedCommand = oRE.Test( sCommand )
|
|
172
|
|
|
173
|
Set oRE = Nothing
|
|
174
|
End Function
|
|
175
|
|
|
176
|
function GetCurrentFolder()
|
|
177
|
dim sCurrentFolder
|
|
178
|
dim oRegex
|
|
179
|
|
|
180
|
sCurrentFolder = Request.QueryString("CurrentFolder")
|
|
181
|
If ( sCurrentFolder = "" ) Then sCurrentFolder = "/"
|
|
182
|
|
|
183
|
' Check the current folder syntax (must begin and start with a slash).
|
|
184
|
If ( Right( sCurrentFolder, 1 ) <> "/" ) Then sCurrentFolder = sCurrentFolder & "/"
|
|
185
|
If ( Left( sCurrentFolder, 1 ) <> "/" ) Then sCurrentFolder = "/" & sCurrentFolder
|
|
186
|
|
|
187
|
' Check for invalid folder paths (..)
|
|
188
|
If ( InStr( 1, sCurrentFolder, ".." ) <> 0 OR InStr( 1, sCurrentFolder, "\" ) <> 0) Then
|
|
189
|
SendError 102, ""
|
|
190
|
End If
|
|
191
|
|
|
192
|
Set oRegex = New RegExp
|
|
193
|
oRegex.Global = True
|
|
194
|
oRegex.Pattern = "(/\.)|(//)|([\\:\*\?\""\<\>\|]|[\u0000-\u001F]|\u007F)"
|
|
195
|
|
|
196
|
if (oRegex.Test(sCurrentFolder)) Then
|
|
197
|
SendError 102, ""
|
|
198
|
End If
|
|
199
|
|
|
200
|
GetCurrentFolder = sCurrentFolder
|
|
201
|
end function
|
|
202
|
|
|
203
|
' Do a cleanup of the folder name to avoid possible problems
|
|
204
|
function SanitizeFolderName( sNewFolderName )
|
|
205
|
Dim oRegex
|
|
206
|
Set oRegex = New RegExp
|
|
207
|
oRegex.Global = True
|
|
208
|
|
|
209
|
' remove . \ / | : ? * " < > and control characters
|
|
210
|
oRegex.Pattern = "(\.|\\|\/|\||:|\?|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
|
|
211
|
SanitizeFolderName = oRegex.Replace( sNewFolderName, "_" )
|
|
212
|
|
|
213
|
Set oRegex = Nothing
|
|
214
|
end function
|
|
215
|
|
|
216
|
' Do a cleanup of the file name to avoid possible problems
|
|
217
|
function SanitizeFileName( sNewFileName )
|
|
218
|
Dim oRegex
|
|
219
|
Set oRegex = New RegExp
|
|
220
|
oRegex.Global = True
|
|
221
|
|
|
222
|
if ( ConfigForceSingleExtension = True ) then
|
|
223
|
oRegex.Pattern = "\.(?![^.]*$)"
|
|
224
|
sNewFileName = oRegex.Replace( sNewFileName, "_" )
|
|
225
|
end if
|
|
226
|
|
|
227
|
' remove \ / | : ? * " < > and control characters
|
|
228
|
oRegex.Pattern = "(\\|\/|\||:|\?|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
|
|
229
|
SanitizeFileName = oRegex.Replace( sNewFileName, "_" )
|
|
230
|
|
|
231
|
Set oRegex = Nothing
|
|
232
|
end function
|
|
233
|
|
|
234
|
' This is the function that sends the results of the uploading process.
|
|
235
|
Sub SendUploadResults( errorNumber, fileUrl, fileName, customMsg )
|
|
236
|
Response.Clear
|
|
237
|
Response.Write "<script type=""text/javascript"">"
|
|
238
|
' Minified version of the document.domain automatic fix script (#1919).
|
|
239
|
' The original script can be found at _dev/domain_fix_template.js
|
|
240
|
Response.Write "(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\.|$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})();"
|
|
241
|
|
|
242
|
Response.Write "window.parent.OnUploadCompleted(" & errorNumber & ",""" & Replace( fileUrl, """", "\""" ) & """,""" & Replace( fileName, """", "\""" ) & """,""" & Replace( customMsg , """", "\""" ) & """) ;"
|
|
243
|
Response.Write "</script>"
|
|
244
|
Response.End
|
|
245
|
End Sub
|
|
246
|
|
|
247
|
%>
|