1
|
<cfsetting enablecfoutputonly="yes" showdebugoutput="no">
|
2
|
<!---
|
3
|
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
|
4
|
* Copyright (C) 2003-2009 Frederico Caldeira Knabben
|
5
|
*
|
6
|
* == BEGIN LICENSE ==
|
7
|
*
|
8
|
* Licensed under the terms of any of the following licenses at your
|
9
|
* choice:
|
10
|
*
|
11
|
* - GNU General Public License Version 2 or later (the "GPL")
|
12
|
* http://www.gnu.org/licenses/gpl.html
|
13
|
*
|
14
|
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
|
15
|
* http://www.gnu.org/licenses/lgpl.html
|
16
|
*
|
17
|
* - Mozilla Public License Version 1.1 or later (the "MPL")
|
18
|
* http://www.mozilla.org/MPL/MPL-1.1.html
|
19
|
*
|
20
|
* == END LICENSE ==
|
21
|
*
|
22
|
* File Browser connector for ColdFusion 5.
|
23
|
* (based on the original CF connector by Hendrik Kramer - hk@lwd.de)
|
24
|
*
|
25
|
* Note:
|
26
|
* FCKeditor requires that the connector responds with UTF-8 encoded XML.
|
27
|
* As ColdFusion 5 does not fully support UTF-8 encoding, we force ASCII
|
28
|
* file and folder names in this connector to allow CF5 send a UTF-8
|
29
|
* encoded response - code points under 127 in UTF-8 are stored using a
|
30
|
* single byte, using the same encoding as ASCII, which is damn handy.
|
31
|
* This is all grand for the English speakers, like meself, but I dunno
|
32
|
* how others are gonna take to it. Well, the previous version of this
|
33
|
* connector already did this with file names and nobody seemed to mind,
|
34
|
* so fingers-crossed nobody will mind their folder names being munged too.
|
35
|
*
|
36
|
--->
|
37
|
|
38
|
<!--- disable connector for ColdFusion > CF5 --->
|
39
|
<cfif Left(SERVER.COLDFUSION.PRODUCTVERSION,Find(",",SERVER.COLDFUSION.PRODUCTVERSION)-1) gt 5>
|
40
|
<cfabort>
|
41
|
</cfif>
|
42
|
|
43
|
<cfparam name="url.command">
|
44
|
<cfparam name="url.type">
|
45
|
<cfparam name="url.currentFolder">
|
46
|
<!--- note: no serverPath url parameter - see config.cfm if you need to set the serverPath manually --->
|
47
|
|
48
|
<cfinclude template="config.cfm">
|
49
|
<cfset REQUEST.Config = Config>
|
50
|
|
51
|
<cfscript>
|
52
|
userFilesPath = config.userFilesPath;
|
53
|
|
54
|
if ( userFilesPath eq "" )
|
55
|
{
|
56
|
userFilesPath = "/userfiles/";
|
57
|
}
|
58
|
|
59
|
// make sure the user files path is correctly formatted
|
60
|
userFilesPath = replace(userFilesPath, "\", "/", "ALL");
|
61
|
userFilesPath = replace(userFilesPath, '//', '/', 'ALL');
|
62
|
if ( right(userFilesPath,1) NEQ "/" )
|
63
|
{
|
64
|
userFilesPath = userFilesPath & "/";
|
65
|
}
|
66
|
if ( left(userFilesPath,1) NEQ "/" )
|
67
|
{
|
68
|
userFilesPath = "/" & userFilesPath;
|
69
|
}
|
70
|
|
71
|
// make sure the current folder is correctly formatted
|
72
|
url.currentFolder = replace(url.currentFolder, "\", "/", "ALL");
|
73
|
url.currentFolder = replace(url.currentFolder, '//', '/', 'ALL');
|
74
|
if ( right(url.currentFolder,1) neq "/" )
|
75
|
{
|
76
|
url.currentFolder = url.currentFolder & "/";
|
77
|
}
|
78
|
if ( left(url.currentFolder,1) neq "/" )
|
79
|
{
|
80
|
url.currentFolder = "/" & url.currentFolder;
|
81
|
}
|
82
|
|
83
|
if ( find("/",getBaseTemplatePath()) neq 0 )
|
84
|
{
|
85
|
fs = "/";
|
86
|
}
|
87
|
else
|
88
|
{
|
89
|
fs = "\";
|
90
|
}
|
91
|
|
92
|
// Get the base physical path to the web root for this application. The code to determine the path automatically assumes that
|
93
|
// the "FCKeditor" directory in the http request path is directly off the web root for the application and that it's not a
|
94
|
// virtual directory or a symbolic link / junction. Use the serverPath config setting to force a physical path if necessary.
|
95
|
if ( len(config.serverPath) )
|
96
|
{
|
97
|
serverPath = config.serverPath;
|
98
|
|
99
|
if ( right(serverPath,1) neq fs )
|
100
|
{
|
101
|
serverPath = serverPath & fs;
|
102
|
}
|
103
|
}
|
104
|
else
|
105
|
{
|
106
|
serverPath = replaceNoCase(getBaseTemplatePath(),replace(cgi.script_name,"/",fs,"all"),"") & replace(userFilesPath,"/",fs,"all");
|
107
|
}
|
108
|
|
109
|
rootPath = left( serverPath, Len(serverPath) - Len(userFilesPath) ) ;
|
110
|
xmlContent = ""; // append to this string to build content
|
111
|
invalidName = false;
|
112
|
</cfscript>
|
113
|
|
114
|
|
115
|
<cfif not config.enabled>
|
116
|
|
117
|
<cfset xmlContent = "<Error number=""1"" text=""This connector is disabled. Please check the 'editor/filemanager/connectors/cfm/config.cfm' file"" />">
|
118
|
|
119
|
<cfelseif find("..",url.currentFolder) or find("\",url.currentFolder) or REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', url.currentFolder)>
|
120
|
|
121
|
<cfset invalidName = true>
|
122
|
<cfset xmlContent = "<Error number=""102"" />">
|
123
|
|
124
|
<cfelseif isDefined("Config.ConfigAllowedCommands") and not ListFind(Config.ConfigAllowedCommands, url.command)>
|
125
|
|
126
|
<cfset invalidName = true>
|
127
|
<cfset xmlContent = '<Error number="1" text="The "' & HTMLEditFormat(url.command) & '" command isn''t allowed" />'>
|
128
|
|
129
|
<cfelseif isDefined("Config.ConfigAllowedTypes") and not ListFind(Config.ConfigAllowedTypes, url.type)>
|
130
|
|
131
|
<cfset invalidName = true>
|
132
|
<cfset xmlContent = '<Error number="1" text="Invalid type specified" />'>
|
133
|
|
134
|
</cfif>
|
135
|
|
136
|
<cfset resourceTypeUrl = "">
|
137
|
<cfif not len(xmlContent)>
|
138
|
<cfset resourceTypeUrl = rereplace( replace( Config.FileTypesPath[url.type], fs, "/", "all"), "/$", "") >
|
139
|
|
140
|
<cfif isDefined( "Config.FileTypesAbsolutePath" )
|
141
|
and structkeyexists( Config.FileTypesAbsolutePath, url.type )
|
142
|
and Len( Config.FileTypesAbsolutePath[url.type] )>
|
143
|
|
144
|
<cfset userFilesServerPath = Config.FileTypesAbsolutePath[url.type] & url.currentFolder>
|
145
|
<cfelse>
|
146
|
<cftry>
|
147
|
<cfset userFilesServerPath = expandpath( resourceTypeUrl ) & url.currentFolder>
|
148
|
<!--- Catch: Parameter 1 of function ExpandPath must be a relative path --->
|
149
|
<cfcatch type="any">
|
150
|
<cfset userFilesServerPath = rootPath & Config.FileTypesPath[url.type] & url.currentFolder>
|
151
|
</cfcatch>
|
152
|
</cftry>
|
153
|
</cfif>
|
154
|
|
155
|
<cfset userFilesServerPath = replace( userFilesServerPath, "/", fs, "all" ) >
|
156
|
<!--- get rid of double directory separators --->
|
157
|
<cfset userFilesServerPath = replace( userFilesServerPath, fs & fs, fs, "all") >
|
158
|
|
159
|
<cfset resourceTypeDirectory = left( userFilesServerPath, Len(userFilesServerPath) - Len(url.currentFolder) )>
|
160
|
</cfif>
|
161
|
|
162
|
<cfif not len(xmlContent) and not directoryexists(resourceTypeDirectory)>
|
163
|
<!--- create directories in physical path if they don't already exist --->
|
164
|
<cfset currentPath = "">
|
165
|
<cftry>
|
166
|
<cfloop list="#resourceTypeDirectory#" index="name" delimiters="#fs#">
|
167
|
<cfif currentPath eq "" and fs eq "\">
|
168
|
<!--- Without checking this, we would have in Windows \C:\ --->
|
169
|
<cfif not directoryExists(name)>
|
170
|
<cfdirectory action="create" directory="#name#" mode="755">
|
171
|
</cfif>
|
172
|
<cfelse>
|
173
|
<cfif not directoryExists(currentPath & fs & name)>
|
174
|
<cfdirectory action="create" directory="#currentPath##fs##name#" mode="755">
|
175
|
</cfif>
|
176
|
</cfif>
|
177
|
|
178
|
<cfif fs eq "\" and currentPath eq "">
|
179
|
<cfset currentPath = name>
|
180
|
<cfelse>
|
181
|
<cfset currentPath = currentPath & fs & name>
|
182
|
</cfif>
|
183
|
</cfloop>
|
184
|
|
185
|
<cfcatch type="any">
|
186
|
|
187
|
<!--- this should only occur as a result of a permissions problem --->
|
188
|
<cfset xmlContent = "<Error number=""103"" />">
|
189
|
|
190
|
</cfcatch>
|
191
|
|
192
|
</cftry>
|
193
|
</cfif>
|
194
|
|
195
|
<cfif not len(xmlContent)>
|
196
|
|
197
|
<!--- no errors thus far - run command --->
|
198
|
|
199
|
<!--- we need to know the physical path to the current folder for all commands --->
|
200
|
<cfset currentFolderPath = userFilesServerPath>
|
201
|
|
202
|
<cfswitch expression="#url.command#">
|
203
|
|
204
|
<cfcase value="FileUpload">
|
205
|
<cfset REQUEST.config_included = true>
|
206
|
<cfinclude template="cf5_upload.cfm">
|
207
|
<cfabort>
|
208
|
</cfcase>
|
209
|
|
210
|
|
211
|
<cfcase value="GetFolders">
|
212
|
|
213
|
<!--- Sort directories first, name ascending --->
|
214
|
<cfdirectory
|
215
|
action="list"
|
216
|
directory="#currentFolderPath#"
|
217
|
name="qDir"
|
218
|
sort="type,name">
|
219
|
|
220
|
<cfscript>
|
221
|
i=1;
|
222
|
folders = "";
|
223
|
while( i lte qDir.recordCount ) {
|
224
|
if( not compareNoCase( qDir.type[i], "FILE" ))
|
225
|
break;
|
226
|
if( not listFind(".,..", qDir.name[i]) )
|
227
|
folders = folders & '<Folder name="#HTMLEditFormat( qDir.name[i] )#" />';
|
228
|
i=i+1;
|
229
|
}
|
230
|
|
231
|
xmlContent = xmlContent & '<Folders>' & folders & '</Folders>';
|
232
|
</cfscript>
|
233
|
|
234
|
</cfcase>
|
235
|
|
236
|
|
237
|
<cfcase value="GetFoldersAndFiles">
|
238
|
|
239
|
<!--- Sort directories first, name ascending --->
|
240
|
<cfdirectory
|
241
|
action="list"
|
242
|
directory="#currentFolderPath#"
|
243
|
name="qDir"
|
244
|
sort="type,name">
|
245
|
|
246
|
<cfscript>
|
247
|
i=1;
|
248
|
folders = "";
|
249
|
files = "";
|
250
|
while( i lte qDir.recordCount ) {
|
251
|
if( not compareNoCase( qDir.type[i], "DIR" ) and not listFind(".,..", qDir.name[i]) ) {
|
252
|
folders = folders & '<Folder name="#HTMLEditFormat(qDir.name[i])#" />';
|
253
|
} else if( not compareNoCase( qDir.type[i], "FILE" ) ) {
|
254
|
fileSizeKB = round(qDir.size[i] / 1024);
|
255
|
files = files & '<File name="#HTMLEditFormat(qDir.name[i])#" size="#IIf( fileSizeKB GT 0, DE( fileSizeKB ), 1)#" />';
|
256
|
}
|
257
|
i=i+1;
|
258
|
}
|
259
|
|
260
|
xmlContent = xmlContent & '<Folders>' & folders & '</Folders>';
|
261
|
xmlContent = xmlContent & '<Files>' & files & '</Files>';
|
262
|
</cfscript>
|
263
|
|
264
|
</cfcase>
|
265
|
|
266
|
|
267
|
<cfcase value="CreateFolder">
|
268
|
|
269
|
<cfparam name="url.newFolderName" default="">
|
270
|
|
271
|
<cfscript>
|
272
|
newFolderName = url.newFolderName;
|
273
|
if( reFind("[^A-Za-z0-9_\-\.]", newFolderName) ) {
|
274
|
// Munge folder name same way as we do the filename
|
275
|
// This means folder names are always US-ASCII so we don't have to worry about CF5 and UTF-8
|
276
|
newFolderName = reReplace(newFolderName, "[^A-Za-z0-9\-\.]", "_", "all");
|
277
|
newFolderName = reReplace(newFolderName, "_{2,}", "_", "all");
|
278
|
newFolderName = reReplace(newFolderName, "([^_]+)_+$", "\1", "all");
|
279
|
newFolderName = reReplace(newFolderName, "$_([^_]+)$", "\1", "all");
|
280
|
newFolderName = reReplace(newFolderName, '\.+', "_", "all" );
|
281
|
}
|
282
|
</cfscript>
|
283
|
|
284
|
<cfif not len(newFolderName) or len(newFolderName) gt 255>
|
285
|
<cfset errorNumber = 102>
|
286
|
<cfelseif directoryExists(currentFolderPath & newFolderName)>
|
287
|
<cfset errorNumber = 101>
|
288
|
<cfelseif reFind("^\.\.",newFolderName)>
|
289
|
<cfset errorNumber = 102>
|
290
|
<cfelse>
|
291
|
<cfset errorNumber = 0>
|
292
|
|
293
|
<cftry>
|
294
|
<cfdirectory
|
295
|
action="create"
|
296
|
directory="#currentFolderPath##newFolderName#"
|
297
|
mode="755">
|
298
|
<cfcatch>
|
299
|
<!---
|
300
|
un-resolvable error numbers in ColdFusion:
|
301
|
* 102 : Invalid folder name.
|
302
|
* 103 : You have no permissions to create the folder.
|
303
|
--->
|
304
|
<cfset errorNumber = 110>
|
305
|
</cfcatch>
|
306
|
</cftry>
|
307
|
</cfif>
|
308
|
|
309
|
<cfset xmlContent = xmlContent & '<Error number="#errorNumber#" />'>
|
310
|
|
311
|
</cfcase>
|
312
|
|
313
|
<cfdefaultcase>
|
314
|
<cfthrow type="fckeditor.connector" message="Illegal command: #url.command#">
|
315
|
</cfdefaultcase>
|
316
|
|
317
|
</cfswitch>
|
318
|
</cfif>
|
319
|
|
320
|
<cfscript>
|
321
|
xmlHeader = '<?xml version="1.0" encoding="utf-8" ?>';
|
322
|
if (invalidName) {
|
323
|
xmlHeader = xmlHeader & '<Connector>';
|
324
|
}
|
325
|
else {
|
326
|
xmlHeader = xmlHeader & '<Connector command="#url.command#" resourceType="#url.type#">';
|
327
|
xmlHeader = xmlHeader & '<CurrentFolder path="#url.currentFolder#" url="#resourceTypeUrl##url.currentFolder#" />';
|
328
|
}
|
329
|
xmlFooter = '</Connector>';
|
330
|
</cfscript>
|
331
|
|
332
|
<cfheader name="Expires" value="#GetHttpTimeString(Now())#">
|
333
|
<cfheader name="Pragma" value="no-cache">
|
334
|
<cfheader name="Cache-Control" value="no-cache, no-store, must-revalidate">
|
335
|
<cfcontent reset="true" type="text/xml; charset=UTF-8">
|
336
|
<cfoutput>#xmlHeader##xmlContent##xmlFooter#</cfoutput>
|