Revision 1289
Added by kweitzel over 14 years ago
config.php | ||
---|---|---|
29 | 29 |
// authenticated users can access this file or use some kind of session checking. |
30 | 30 |
$Config['Enabled'] = false ; |
31 | 31 |
|
32 |
/**
|
|
32 |
/** |
|
33 | 33 |
SECURITY PATCH FOR WEBSITE BAKER (doc) |
34 | 34 |
only enable PHP connector if user is authenticated to WB |
35 | 35 |
and has at least permissions to view the WB MEDIA folder |
... | ... | |
38 | 38 |
require_once('../../../../../../../config.php'); |
39 | 39 |
require_once(WB_PATH .'/framework/class.admin.php'); |
40 | 40 |
|
41 |
$wb_path = str_replace('\\','/', WB_PATH); |
|
42 |
$wb_path = str_replace('//','/', WB_PATH); |
|
43 |
|
|
41 | 44 |
// check if user is authenticated if WB and has permission to view MEDIA folder |
42 | 45 |
$admin = new admin('Media', 'media_view', false, false); |
43 |
if(($admin->get_permission('media_view') === true)) { |
|
46 |
if(($admin->get_permission('media_view') === true)) |
|
47 |
{ |
|
44 | 48 |
// user allowed to view MEDIA folder -> enable PHP connector |
45 | 49 |
$Config['Enabled'] = true ; |
46 | 50 |
// allow actions to list folders and files |
... | ... | |
49 | 53 |
|
50 | 54 |
// Path to user files relative to the document root. |
51 | 55 |
// $Config['UserFilesPath'] = '/userfiles/' ; |
52 |
$Config['UserFilesPath'] = WB_URL .MEDIA_DIRECTORY ;
|
|
56 |
$Config['UserFilesPath'] = WB_URL.MEDIA_DIRECTORY.'/' ;
|
|
53 | 57 |
// use home folder of current user as document root if available |
54 |
if(isset($_SESSION['HOME_FOLDER']) && file_exists(WB_PATH .MEDIA_DIRECTORY .$_SESSION['HOME_FOLDER'])){
|
|
58 |
if(isset($_SESSION['HOME_FOLDER']) && file_exists($wb_path .MEDIA_DIRECTORY .$_SESSION['HOME_FOLDER'])){
|
|
55 | 59 |
$Config['UserFilesPath'] = $Config['UserFilesPath'].$_SESSION['HOME_FOLDER']; |
56 | 60 |
} |
57 | 61 |
|
... | ... | |
60 | 64 |
// link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'. |
61 | 65 |
// Attention: The above 'UserFilesPath' must point to the same directory. |
62 | 66 |
// $Config['UserFilesAbsolutePath'] = '' ; |
63 |
$Config['UserFilesAbsolutePath'] = WB_PATH .MEDIA_DIRECTORY ; |
|
67 |
|
|
68 |
$Config['UserFilesAbsolutePath'] = $wb_path .MEDIA_DIRECTORY.'/' ; |
|
64 | 69 |
// use home folder of current user as document root if available |
65 |
if(isset($_SESSION['HOME_FOLDER']) && file_exists(WB_PATH .MEDIA_DIRECTORY .$_SESSION['HOME_FOLDER'])){
|
|
66 |
$Config['UserFilesAbsolutePath'] = $Config['UserFilesAbsolutePath'].$_SESSION['HOME_FOLDER']; |
|
70 |
if(isset($_SESSION['HOME_FOLDER']) && file_exists($wb_path .MEDIA_DIRECTORY .$_SESSION['HOME_FOLDER'])){
|
|
71 |
$Config['UserFilesAbsolutePath'] = $Config['UserFilesAbsolutePath'].$_SESSION['HOME_FOLDER'].'/';
|
|
67 | 72 |
} |
68 | 73 |
// Due to security issues with Apache modules, it is recommended to leave the |
69 | 74 |
// following setting enabled. |
... | ... | |
76 | 81 |
// What the user can do with this connector. |
77 | 82 |
// $Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ; |
78 | 83 |
|
79 |
/**
|
|
80 |
Check WB permissions of the user/group for the MEDIA folder and
|
|
81 |
enable only those FCKEditor commands the user has permissions for
|
|
84 |
/** |
|
85 |
Check WB permissions of the user/group for the MEDIA folder and |
|
86 |
enable only those FCKEditor commands the user has permissions for |
|
82 | 87 |
*/ |
83 | 88 |
// check if user is allowed to upload files to the media directory |
84 | 89 |
if(($admin->get_permission('media_upload') === true)) { |
... | ... | |
104 | 109 |
// If possible, it is recommended to set more restrictive permissions, like 0755. |
105 | 110 |
// Set to 0 to disable this feature. |
106 | 111 |
// Note: not needed on Windows-based servers. |
107 |
$Config['ChmodOnUpload'] = 0777 ; |
|
112 |
$Config['ChmodOnUpload'] = defined('OCTAL_FILE_MODE') ? OCTAL_FILE_MODE : 0777 ;
|
|
108 | 113 |
|
109 | 114 |
// See comments above. |
110 | 115 |
// Used when creating folders that does not exist. |
111 |
$Config['ChmodOnFolderCreate'] = 0777 ; |
|
116 |
$Config['ChmodOnFolderCreate'] = defined('OCTAL_DIR_MODE') ? OCTAL_DIR_MODE : 0777 ;
|
|
112 | 117 |
|
113 | 118 |
/* |
114 | 119 |
Configuration settings for each Resource Type |
... | ... | |
227 | 232 |
$Config['QuickUploadPath']['Media'] = $Config['UserFilesPath'] ; |
228 | 233 |
$Config['QuickUploadAbsolutePath']['Media'] = $Config['UserFilesAbsolutePath'] ; |
229 | 234 |
|
230 |
?>
|
|
235 |
?> |
Also available in: Unified diff
Branch 2.8.1 merged back into Trunk