| 1 |
816
|
doc
|
<?php
|
| 2 |
|
|
/*
|
| 3 |
|
|
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
|
| 4 |
918
|
Ruebenwurz
|
* Copyright (C) 2003-2009 Frederico Caldeira Knabben
|
| 5 |
816
|
doc
|
*
|
| 6 |
|
|
* == BEGIN LICENSE ==
|
| 7 |
|
|
*
|
| 8 |
|
|
* Licensed under the terms of any of the following licenses at your
|
| 9 |
|
|
* choice:
|
| 10 |
|
|
*
|
| 11 |
|
|
* - GNU General Public License Version 2 or later (the "GPL")
|
| 12 |
|
|
* http://www.gnu.org/licenses/gpl.html
|
| 13 |
|
|
*
|
| 14 |
|
|
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
|
| 15 |
|
|
* http://www.gnu.org/licenses/lgpl.html
|
| 16 |
|
|
*
|
| 17 |
|
|
* - Mozilla Public License Version 1.1 or later (the "MPL")
|
| 18 |
|
|
* http://www.mozilla.org/MPL/MPL-1.1.html
|
| 19 |
|
|
*
|
| 20 |
|
|
* == END LICENSE ==
|
| 21 |
|
|
*
|
| 22 |
|
|
* Configuration file for the File Manager Connector for PHP.
|
| 23 |
|
|
*/
|
| 24 |
|
|
|
| 25 |
|
|
global $Config ;
|
| 26 |
|
|
|
| 27 |
|
|
// SECURITY: You must explicitly enable this "connector". (Set it to "true").
|
| 28 |
|
|
// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only
|
| 29 |
|
|
// authenticated users can access this file or use some kind of session checking.
|
| 30 |
|
|
$Config['Enabled'] = false ;
|
| 31 |
|
|
|
| 32 |
1161
|
Luisehahne
|
/**
|
| 33 |
816
|
doc
|
SECURITY PATCH FOR WEBSITE BAKER (doc)
|
| 34 |
|
|
only enable PHP connector if user is authenticated to WB
|
| 35 |
|
|
and has at least permissions to view the WB MEDIA folder
|
| 36 |
|
|
*/
|
| 37 |
|
|
// include WB config.php file and admin class
|
| 38 |
|
|
require_once('../../../../../../../config.php');
|
| 39 |
|
|
require_once(WB_PATH .'/framework/class.admin.php');
|
| 40 |
|
|
|
| 41 |
|
|
// check if user is authenticated if WB and has permission to view MEDIA folder
|
| 42 |
|
|
$admin = new admin('Media', 'media_view', false, false);
|
| 43 |
|
|
if(($admin->get_permission('media_view') === true)) {
|
| 44 |
|
|
// user allowed to view MEDIA folder -> enable PHP connector
|
| 45 |
|
|
$Config['Enabled'] = true ;
|
| 46 |
|
|
// allow actions to list folders and files
|
| 47 |
|
|
$Config['ConfigAllowedCommands'] = array('GetFolders', 'GetFoldersAndFiles') ;
|
| 48 |
|
|
}
|
| 49 |
|
|
|
| 50 |
|
|
// Path to user files relative to the document root.
|
| 51 |
|
|
// $Config['UserFilesPath'] = '/userfiles/' ;
|
| 52 |
|
|
$Config['UserFilesPath'] = WB_URL .MEDIA_DIRECTORY ;
|
| 53 |
|
|
// use home folder of current user as document root if available
|
| 54 |
|
|
if(isset($_SESSION['HOME_FOLDER']) && file_exists(WB_PATH .MEDIA_DIRECTORY .$_SESSION['HOME_FOLDER'])){
|
| 55 |
|
|
$Config['UserFilesPath'] = $Config['UserFilesPath'].$_SESSION['HOME_FOLDER'];
|
| 56 |
|
|
}
|
| 57 |
|
|
|
| 58 |
|
|
// Fill the following value it you prefer to specify the absolute path for the
|
| 59 |
|
|
// user files directory. Useful if you are using a virtual directory, symbolic
|
| 60 |
|
|
// link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
|
| 61 |
|
|
// Attention: The above 'UserFilesPath' must point to the same directory.
|
| 62 |
|
|
// $Config['UserFilesAbsolutePath'] = '' ;
|
| 63 |
|
|
$Config['UserFilesAbsolutePath'] = WB_PATH .MEDIA_DIRECTORY ;
|
| 64 |
|
|
// use home folder of current user as document root if available
|
| 65 |
|
|
if(isset($_SESSION['HOME_FOLDER']) && file_exists(WB_PATH .MEDIA_DIRECTORY .$_SESSION['HOME_FOLDER'])){
|
| 66 |
|
|
$Config['UserFilesAbsolutePath'] = $Config['UserFilesAbsolutePath'].$_SESSION['HOME_FOLDER'];
|
| 67 |
|
|
}
|
| 68 |
|
|
// Due to security issues with Apache modules, it is recommended to leave the
|
| 69 |
|
|
// following setting enabled.
|
| 70 |
|
|
$Config['ForceSingleExtension'] = true ;
|
| 71 |
|
|
|
| 72 |
|
|
// Perform additional checks for image files.
|
| 73 |
|
|
// If set to true, validate image size (using getimagesize).
|
| 74 |
|
|
$Config['SecureImageUploads'] = true;
|
| 75 |
|
|
|
| 76 |
|
|
// What the user can do with this connector.
|
| 77 |
|
|
// $Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ;
|
| 78 |
|
|
|
| 79 |
1161
|
Luisehahne
|
/**
|
| 80 |
|
|
Check WB permissions of the user/group for the MEDIA folder and
|
| 81 |
|
|
enable only those FCKEditor commands the user has permissions for
|
| 82 |
816
|
doc
|
*/
|
| 83 |
|
|
// check if user is allowed to upload files to the media directory
|
| 84 |
|
|
if(($admin->get_permission('media_upload') === true)) {
|
| 85 |
|
|
// add actions to upload files to the MEDIA folder
|
| 86 |
|
|
array_push($Config['ConfigAllowedCommands'], 'FileUpload', 'QuickUpload');
|
| 87 |
|
|
}
|
| 88 |
|
|
|
| 89 |
|
|
// check if user is allowed to create new folders in the media directory
|
| 90 |
|
|
if(($admin->get_permission('media_create') === true)) {
|
| 91 |
|
|
// add action to create new folders in the MEDIA folder
|
| 92 |
|
|
array_push($Config['ConfigAllowedCommands'], 'CreateFolder');
|
| 93 |
|
|
}
|
| 94 |
|
|
|
| 95 |
|
|
// Allowed Resource Types.
|
| 96 |
|
|
$Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media') ;
|
| 97 |
|
|
|
| 98 |
|
|
// For security, HTML is allowed in the first Kb of data for files having the
|
| 99 |
|
|
// following extensions only.
|
| 100 |
|
|
$Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ;
|
| 101 |
|
|
|
| 102 |
|
|
// After file is uploaded, sometimes it is required to change its permissions
|
| 103 |
|
|
// so that it was possible to access it at the later time.
|
| 104 |
|
|
// If possible, it is recommended to set more restrictive permissions, like 0755.
|
| 105 |
|
|
// Set to 0 to disable this feature.
|
| 106 |
|
|
// Note: not needed on Windows-based servers.
|
| 107 |
|
|
$Config['ChmodOnUpload'] = 0777 ;
|
| 108 |
|
|
|
| 109 |
|
|
// See comments above.
|
| 110 |
|
|
// Used when creating folders that does not exist.
|
| 111 |
|
|
$Config['ChmodOnFolderCreate'] = 0777 ;
|
| 112 |
|
|
|
| 113 |
|
|
/*
|
| 114 |
|
|
Configuration settings for each Resource Type
|
| 115 |
|
|
|
| 116 |
|
|
- AllowedExtensions: the possible extensions that can be allowed.
|
| 117 |
|
|
If it is empty then any file type can be uploaded.
|
| 118 |
|
|
- DeniedExtensions: The extensions that won't be allowed.
|
| 119 |
|
|
If it is empty then no restrictions are done here.
|
| 120 |
|
|
|
| 121 |
|
|
For a file to be uploaded it has to fulfill both the AllowedExtensions
|
| 122 |
|
|
and DeniedExtensions (that's it: not being denied) conditions.
|
| 123 |
|
|
|
| 124 |
|
|
- FileTypesPath: the virtual folder relative to the document root where
|
| 125 |
|
|
these resources will be located.
|
| 126 |
|
|
Attention: It must start and end with a slash: '/'
|
| 127 |
|
|
|
| 128 |
|
|
- FileTypesAbsolutePath: the physical path to the above folder. It must be
|
| 129 |
|
|
an absolute path.
|
| 130 |
|
|
If it's an empty string then it will be autocalculated.
|
| 131 |
|
|
Useful if you are using a virtual directory, symbolic link or alias.
|
| 132 |
|
|
Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
|
| 133 |
|
|
Attention: The above 'FileTypesPath' must point to the same directory.
|
| 134 |
|
|
Attention: It must end with a slash: '/'
|
| 135 |
|
|
|
| 136 |
|
|
- QuickUploadPath: the virtual folder relative to the document root where
|
| 137 |
|
|
these resources will be uploaded using the Upload tab in the resources
|
| 138 |
|
|
dialogs.
|
| 139 |
|
|
Attention: It must start and end with a slash: '/'
|
| 140 |
|
|
|
| 141 |
|
|
- QuickUploadAbsolutePath: the physical path to the above folder. It must be
|
| 142 |
|
|
an absolute path.
|
| 143 |
|
|
If it's an empty string then it will be autocalculated.
|
| 144 |
|
|
Useful if you are using a virtual directory, symbolic link or alias.
|
| 145 |
|
|
Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
|
| 146 |
|
|
Attention: The above 'QuickUploadPath' must point to the same directory.
|
| 147 |
|
|
Attention: It must end with a slash: '/'
|
| 148 |
|
|
|
| 149 |
|
|
NOTE: by default, QuickUploadPath and QuickUploadAbsolutePath point to
|
| 150 |
|
|
"userfiles" directory to maintain backwards compatibility with older versions of FCKeditor.
|
| 151 |
|
|
This is fine, but you in some cases you will be not able to browse uploaded files using file browser.
|
| 152 |
|
|
Example: if you click on "image button", select "Upload" tab and send image
|
| 153 |
|
|
to the server, image will appear in FCKeditor correctly, but because it is placed
|
| 154 |
|
|
directly in /userfiles/ directory, you'll be not able to see it in built-in file browser.
|
| 155 |
|
|
The more expected behaviour would be to send images directly to "image" subfolder.
|
| 156 |
|
|
To achieve that, simply change
|
| 157 |
|
|
$Config['QuickUploadPath']['Image'] = $Config['UserFilesPath'] ;
|
| 158 |
|
|
$Config['QuickUploadAbsolutePath']['Image'] = $Config['UserFilesAbsolutePath'] ;
|
| 159 |
|
|
into:
|
| 160 |
|
|
$Config['QuickUploadPath']['Image'] = $Config['FileTypesPath']['Image'] ;
|
| 161 |
|
|
$Config['QuickUploadAbsolutePath']['Image'] = $Config['FileTypesAbsolutePath']['Image'] ;
|
| 162 |
|
|
|
| 163 |
|
|
*/
|
| 164 |
|
|
|
| 165 |
|
|
/*
|
| 166 |
|
|
$Config['AllowedExtensions']['File'] = array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ;
|
| 167 |
|
|
$Config['DeniedExtensions']['File'] = array() ;
|
| 168 |
|
|
$Config['FileTypesPath']['File'] = $Config['UserFilesPath'] . 'file/' ;
|
| 169 |
|
|
$Config['FileTypesAbsolutePath']['File']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'file/' ;
|
| 170 |
|
|
$Config['QuickUploadPath']['File'] = $Config['UserFilesPath'] ;
|
| 171 |
|
|
$Config['QuickUploadAbsolutePath']['File']= $Config['UserFilesAbsolutePath'] ;
|
| 172 |
|
|
|
| 173 |
|
|
$Config['AllowedExtensions']['Image'] = array('bmp','gif','jpeg','jpg','png') ;
|
| 174 |
|
|
$Config['DeniedExtensions']['Image'] = array() ;
|
| 175 |
|
|
$Config['FileTypesPath']['Image'] = $Config['UserFilesPath'] . 'image/' ;
|
| 176 |
|
|
$Config['FileTypesAbsolutePath']['Image']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'image/' ;
|
| 177 |
|
|
$Config['QuickUploadPath']['Image'] = $Config['UserFilesPath'] ;
|
| 178 |
|
|
$Config['QuickUploadAbsolutePath']['Image']= $Config['UserFilesAbsolutePath'] ;
|
| 179 |
|
|
|
| 180 |
|
|
$Config['AllowedExtensions']['Flash'] = array('swf','flv') ;
|
| 181 |
|
|
$Config['DeniedExtensions']['Flash'] = array() ;
|
| 182 |
|
|
$Config['FileTypesPath']['Flash'] = $Config['UserFilesPath'] . 'flash/' ;
|
| 183 |
|
|
$Config['FileTypesAbsolutePath']['Flash']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'flash/' ;
|
| 184 |
|
|
$Config['QuickUploadPath']['Flash'] = $Config['UserFilesPath'] ;
|
| 185 |
|
|
$Config['QuickUploadAbsolutePath']['Flash']= $Config['UserFilesAbsolutePath'] ;
|
| 186 |
|
|
|
| 187 |
|
|
$Config['AllowedExtensions']['Media'] = array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ;
|
| 188 |
|
|
$Config['DeniedExtensions']['Media'] = array() ;
|
| 189 |
|
|
$Config['FileTypesPath']['Media'] = $Config['UserFilesPath'] . 'media/' ;
|
| 190 |
|
|
$Config['FileTypesAbsolutePath']['Media']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'media/' ;
|
| 191 |
|
|
$Config['QuickUploadPath']['Media'] = $Config['UserFilesPath'] ;
|
| 192 |
|
|
$Config['QuickUploadAbsolutePath']['Media']= $Config['UserFilesAbsolutePath'] ;
|
| 193 |
|
|
*/
|
| 194 |
|
|
|
| 195 |
|
|
/**
|
| 196 |
|
|
APPLY MORE RESTRICTIVE SETTINGS FOR WEBSITE BAKER
|
| 197 |
|
|
+ only allow file types: only textfiles (no PHP, Javascript or HTML files per default)
|
| 198 |
|
|
+ only allows images type: bmp, gif, jpges, jpg and png
|
| 199 |
|
|
+ only allows flash types: swf, flv (no fla ... flash action script per default)
|
| 200 |
|
|
+ only allows media types: swf, flv, jpg, gif, jpeg, png, avi, mgp, mpeg
|
| 201 |
|
|
*/
|
| 202 |
|
|
$Config['AllowedExtensions']['File'] = array();
|
| 203 |
|
|
$Config['DeniedExtensions']['File'] = array('html','htm','php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi','htaccess','asis') ;
|
| 204 |
|
|
$Config['FileTypesPath']['File'] = $Config['UserFilesPath'];
|
| 205 |
|
|
$Config['FileTypesAbsolutePath']['File'] = $Config['UserFilesAbsolutePath'] ;
|
| 206 |
|
|
$Config['QuickUploadPath']['File'] = $Config['UserFilesPath'] ;
|
| 207 |
|
|
$Config['QuickUploadAbsolutePath']['File'] = $Config['UserFilesAbsolutePath'] ;
|
| 208 |
|
|
|
| 209 |
|
|
$Config['AllowedExtensions']['Image'] = array('bmp','gif','jpeg','jpg','png') ;
|
| 210 |
|
|
$Config['DeniedExtensions']['Image'] = array() ;
|
| 211 |
|
|
$Config['FileTypesPath']['Image'] = $Config['UserFilesPath'] ;
|
| 212 |
|
|
$Config['FileTypesAbsolutePath']['Image'] = $Config['UserFilesAbsolutePath'];
|
| 213 |
|
|
$Config['QuickUploadPath']['Image'] = $Config['UserFilesPath'] ;
|
| 214 |
|
|
$Config['QuickUploadAbsolutePath']['Image'] = $Config['UserFilesAbsolutePath'] ;
|
| 215 |
|
|
|
| 216 |
|
|
$Config['AllowedExtensions']['Flash'] = array('swf','flv') ;
|
| 217 |
|
|
$Config['DeniedExtensions']['Flash'] = array() ;
|
| 218 |
|
|
$Config['FileTypesPath']['Flash'] = $Config['UserFilesPath'];
|
| 219 |
|
|
$Config['FileTypesAbsolutePath']['Flash'] = $Config['UserFilesAbsolutePath'];
|
| 220 |
|
|
$Config['QuickUploadPath']['Flash'] = $Config['UserFilesPath'] ;
|
| 221 |
|
|
$Config['QuickUploadAbsolutePath']['Flash'] = $Config['UserFilesAbsolutePath'] ;
|
| 222 |
|
|
|
| 223 |
|
|
$Config['AllowedExtensions']['Media'] = array('swf','flv','jpg','gif','jpeg','png','avi','mpg','mpeg') ;
|
| 224 |
|
|
$Config['DeniedExtensions']['Media'] = array() ;
|
| 225 |
|
|
$Config['FileTypesPath']['Media'] = $Config['UserFilesPath'] . '' ;
|
| 226 |
|
|
$Config['FileTypesAbsolutePath']['Media'] = $Config['UserFilesAbsolutePath'];
|
| 227 |
|
|
$Config['QuickUploadPath']['Media'] = $Config['UserFilesPath'] ;
|
| 228 |
|
|
$Config['QuickUploadAbsolutePath']['Media'] = $Config['UserFilesAbsolutePath'] ;
|
| 229 |
|
|
|
| 230 |
1161
|
Luisehahne
|
?>
|