Project

General

Profile

« Previous | Next » 

Revision 1289

Added by kweitzel over 14 years ago

Branch 2.8.1 merged back into Trunk

View differences:

config.php
29 29 
//		authenticated users can access this file or use some kind of session checking.
30 30 
$Config['Enabled'] = false ;
31 31 

  		




  32
  
  
    
/** 


  		




  
  32
  
    
/**


  		




  33
  33
  
    
	SECURITY PATCH FOR WEBSITE BAKER (doc)


  		




  34
  34
  
    
	only enable PHP connector if user is authenticated to WB


  		




  35
  35
  
    
	and has at least permissions to view the WB MEDIA folder


  		




  ......




  38
  38
  
    
require_once('../../../../../../../config.php');


  		




  39
  39
  
    
require_once(WB_PATH .'/framework/class.admin.php');


  		




  40
  40
  
    

  		




  
  41
  
    
$wb_path = str_replace('\\','/', WB_PATH);


  		




  
  42
  
    
$wb_path = str_replace('//','/', WB_PATH);


  		




  
  43
  
    

  		




  41
  44
  
    
// check if user is authenticated if WB and has permission to view MEDIA folder


  		




  42
  45
  
    
$admin = new admin('Media', 'media_view', false, false);


  		




  43
  
  
    
if(($admin->get_permission('media_view') === true)) {


  		




  
  46
  
    
if(($admin->get_permission('media_view') === true))


  		




  
  47
  
    
{


  		




  44
  48
  
    
	// user allowed to view MEDIA folder -> enable PHP connector


  		




  45
  49
  
    
	$Config['Enabled'] = true ;


  		




  46
  50
  
    
	// allow actions to list folders and files


  		




  ......




  49
  53
  
    

  		




  50
  54
  
    
// Path to user files relative to the document root.


  		




  51
  55
  
    
// $Config['UserFilesPath'] = '/userfiles/' ;


  		




  52
  
  
    
$Config['UserFilesPath'] = WB_URL .MEDIA_DIRECTORY ;


  		




  
  56
  
    
$Config['UserFilesPath'] = WB_URL.MEDIA_DIRECTORY.'/' ;


  		




  53
  57
  
    
// use home folder of current user as document root if available


  		




  54
  
  
    
if(isset($_SESSION['HOME_FOLDER']) && file_exists(WB_PATH .MEDIA_DIRECTORY .$_SESSION['HOME_FOLDER'])){


  		




  
  58
  
    
if(isset($_SESSION['HOME_FOLDER']) && file_exists($wb_path .MEDIA_DIRECTORY .$_SESSION['HOME_FOLDER'])){


  		




  55
  59
  
    
   $Config['UserFilesPath'] = $Config['UserFilesPath'].$_SESSION['HOME_FOLDER'];


  		




  56
  60
  
    
}


  		




  57
  61
  
    

  		




  ......




  60
  64
  
    
// link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.


  		




  61
  65
  
    
// Attention: The above 'UserFilesPath' must point to the same directory.


  		




  62
  66
  
    
// $Config['UserFilesAbsolutePath'] = '' ;


  		




  63
  
  
    
$Config['UserFilesAbsolutePath'] = WB_PATH .MEDIA_DIRECTORY ;


  		




  
  67
  
    

  		




  
  68
  
    
$Config['UserFilesAbsolutePath'] = $wb_path .MEDIA_DIRECTORY.'/' ;


  		




  64
  69
  
    
// use home folder of current user as document root if available


  		




  65
  
  
    
if(isset($_SESSION['HOME_FOLDER']) && file_exists(WB_PATH .MEDIA_DIRECTORY .$_SESSION['HOME_FOLDER'])){


  		




  66
  
  
    
   $Config['UserFilesAbsolutePath'] = $Config['UserFilesAbsolutePath'].$_SESSION['HOME_FOLDER'];


  		




  
  70
  
    
if(isset($_SESSION['HOME_FOLDER']) && file_exists($wb_path .MEDIA_DIRECTORY .$_SESSION['HOME_FOLDER'])){


  		




  
  71
  
    
   $Config['UserFilesAbsolutePath'] = $Config['UserFilesAbsolutePath'].$_SESSION['HOME_FOLDER'].'/';


  		




  67
  72
  
    
}


  		




  68
  73
  
    
// Due to security issues with Apache modules, it is recommended to leave the


  		




  69
  74
  
    
// following setting enabled.


  		




  ......




  76
  81
  
    
// What the user can do with this connector.


  		




  77
  82
  
    
// $Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ;


  		




  78
  83
  
    

  		




  79
  
  
    
/** 


  		




  80
  
  
    
   Check WB permissions of the user/group for the MEDIA folder and 


  		




  81
  
  
    
	enable only those FCKEditor commands the user has permissions for 


  		




  
  84
  
    
/**


  		




  
  85
  
    
   Check WB permissions of the user/group for the MEDIA folder and


  		




  
  86
  
    
	enable only those FCKEditor commands the user has permissions for


  		




  82
  87
  
    
*/


  		




  83
  88
  
    
// check if user is allowed to upload files to the media directory


  		




  84
  89
  
    
if(($admin->get_permission('media_upload') === true)) {


  		




  ......




  104
  109
  
    
// If possible, it is recommended to set more restrictive permissions, like 0755.


  		




  105
  110
  
    
// Set to 0 to disable this feature.


  		




  106
  111
  
    
// Note: not needed on Windows-based servers.


  		




  107
  
  
    
$Config['ChmodOnUpload'] = 0777 ;


  		




  
  112
  
    
$Config['ChmodOnUpload'] = defined('OCTAL_FILE_MODE') ? OCTAL_FILE_MODE : 0777 ;


  		




  108
  113
  
    

  		




  109
  114
  
    
// See comments above.


  		




  110
  115
  
    
// Used when creating folders that does not exist.


  		




  111
  
  
    
$Config['ChmodOnFolderCreate'] = 0777 ;


  		




  
  116
  
    
$Config['ChmodOnFolderCreate'] = defined('OCTAL_DIR_MODE') ? OCTAL_DIR_MODE : 0777 ;


  		




  112
  117
  
    

  		




  113
  118
  
    
/*


  		




  114
  119
  
    
	Configuration settings for each Resource Type


  		




  ......




  227
  232
  
    
$Config['QuickUploadPath']['Media']				= $Config['UserFilesPath'] ;


  		




  228
  233
  
    
$Config['QuickUploadAbsolutePath']['Media']	= $Config['UserFilesAbsolutePath'] ;


  		




  229
  234
  
    

  		




  230
  
  
    
?>



  		




  
  235
  
    
?>


  		












Also available in:  Unified diff