Context Navigation

source: extensions/FCKEditor/editor/filemanager/connectors/cfm/cf5_upload.cfm @ 3295

Last change on this file since 3295 was 3295, checked in by patdenice, 15 years ago
New extension added: FCK Editor (2.0.a)
File size: 10.7 KB

Line
1	<cfsetting enablecfoutputonly="Yes">
2	<!---
3	* FCKeditor - The text editor for Internet - http://www.fckeditor.net
4	* Copyright (C) 2003-2009 Frederico Caldeira Knabben
5	*
6	* == BEGIN LICENSE ==
7	*
8	* Licensed under the terms of any of the following licenses at your
9	* choice:
10	*
11	* - GNU General Public License Version 2 or later (the "GPL")
12	* http://www.gnu.org/licenses/gpl.html
13	*
14	* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
15	* http://www.gnu.org/licenses/lgpl.html
16	*
17	* - Mozilla Public License Version 1.1 or later (the "MPL")
18	* http://www.mozilla.org/MPL/MPL-1.1.html
19	*
20	* == END LICENSE ==
21	*
22	* This is the "File Uploader" for ColdFusion 5.
23	* Based on connector.cfm by Mark Woods (mark@thickpaddy.com)
24	*
25	* Note:
26	* FCKeditor requires that the connector responds with UTF-8 encoded XML.
27	* As ColdFusion 5 does not fully support UTF-8 encoding, we force ASCII
28	* file and folder names in this connector to allow CF5 send a UTF-8
29	* encoded response - code points under 127 in UTF-8 are stored using a
30	* single byte, using the same encoding as ASCII, which is damn handy.
31	* This is all grand for the English speakers, like meself, but I dunno
32	* how others are gonna take to it. Well, the previous version of this
33	* connector already did this with file names and nobody seemed to mind,
34	* so fingers-crossed nobody will mind their folder names being munged too.
35	*
36	--->
37
38	<cfparam name="url.command" default="QuickUpload">
39	<cfparam name="url.type" default="File">
40	<cfparam name="url.currentFolder" default="/">
41
42	<cfif not isDefined("config_included")>
43	<cfinclude template="config.cfm">
44	</cfif>
45
46	<cfscript>
47	function SendUploadResults(errorNumber, fileUrl, fileName, customMsg)
48	{
49	WriteOutput('<script type="text/javascript">');
50	// Minified version of the document.domain automatic fix script (#1919).
51	// The original script can be found at _dev/domain_fix_template.js
52	WriteOutput("(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\.\|$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})();");
53	WriteOutput('window.parent.OnUploadCompleted(' & errorNumber & ', "' & JSStringFormat(fileUrl) & '", "' & JSStringFormat(fileName) & '", "' & JSStringFormat(customMsg) & '");' );
54	WriteOutput('</script>');
55	}
56	</cfscript>
57
58	<cfif NOT config.enabled>
59	<cfset SendUploadResults(1, "", "", "This file uploader is disabled. Please check the ""editor/filemanager/connectors/cfm/config.cfm"" file")>
60	<cfabort>
61	</cfif>
62
63	<cfif isDefined("Config.ConfigAllowedCommands") and not ListFind(Config.ConfigAllowedCommands, url.command)>
64	<cfset SendUploadResults(1, "", "", "The """ & url.command & """ command isn't allowed")>
65	<cfabort>
66	</cfif>
67
68	<cfif isDefined("Config.ConfigAllowedTypes") and not ListFind(Config.ConfigAllowedTypes, url.type)>
69	<cfset SendUploadResults(1, "", "", "The """ & url.type & """ type isn't allowed")>
70	<cfabort>
71	</cfif>
72
73	<cfif find( "..", url.currentFolder) or find( "\", url.currentFolder)>
74	<cfset SendUploadResults(102)>
75	<cfabort>
76	</cfif>
77
78	<cfscript>
79	userFilesPath = config.userFilesPath;
80
81	if ( userFilesPath eq "" ) {
82	userFilesPath = "/userfiles/";
83	}
84
85	// make sure the user files path is correctly formatted
86	userFilesPath = replace(userFilesPath, "\", "/", "ALL");
87	userFilesPath = replace(userFilesPath, '//', '/', 'ALL');
88	if ( right(userFilesPath,1) NEQ "/" ) {
89	userFilesPath = userFilesPath & "/";
90	}
91	if ( left(userFilesPath,1) NEQ "/" ) {
92	userFilesPath = "/" & userFilesPath;
93	}
94
95	// make sure the current folder is correctly formatted
96	url.currentFolder = replace(url.currentFolder, "\", "/", "ALL");
97	url.currentFolder = replace(url.currentFolder, '//', '/', 'ALL');
98	if ( right(url.currentFolder,1) neq "/" ) {
99	url.currentFolder = url.currentFolder & "/";
100	}
101	if ( left(url.currentFolder,1) neq "/" ) {
102	url.currentFolder = "/" & url.currentFolder;
103	}
104
105	if (find("/",getBaseTemplatePath())) {
106	fs = "/";
107	} else {
108	fs = "\";
109	}
110
111	// Get the base physical path to the web root for this application. The code to determine the path automatically assumes that
112	// the "FCKeditor" directory in the http request path is directly off the web root for the application and that it's not a
113	// virtual directory or a symbolic link / junction. Use the serverPath config setting to force a physical path if necessary.
114	if ( len(config.serverPath) ) {
115	serverPath = config.serverPath;
116
117	if ( right(serverPath,1) neq fs ) {
118	serverPath = serverPath & fs;
119	}
120	} else {
121	serverPath = replaceNoCase(getBaseTemplatePath(),replace(cgi.script_name,"/",fs,"all"),"") & replace(userFilesPath,"/",fs,"all");
122	}
123
124	rootPath = left( serverPath, Len(serverPath) - Len(userFilesPath) ) ;
125	</cfscript>
126	<cfif url.command eq "QuickUpload">
127	<cfset resourceTypeUrl = rereplace( replace( Config.QuickUploadPath[url.type], fs, "/", "all"), "/$", "") >
128	<cfif isDefined( "Config.QuickUploadAbsolutePath" )
129	and structkeyexists( Config.QuickUploadAbsolutePath, url.type )
130	and Len( Config.QuickUploadAbsolutePath[url.type] )>
131	<cfset userFilesServerPath = Config.QuickUploadAbsolutePath[url.type] & url.currentFolder>
132	<cfelse>
133	<cftry>
134	<cfset userFilesServerPath = expandpath( resourceTypeUrl ) & url.currentFolder>
135	<!--- Catch: Parameter 1 of function ExpandPath must be a relative path --->
136	<cfcatch type="any">
137	<cfset userFilesServerPath = rootPath & Config.QuickUploadPath[url.type] & url.currentFolder>
138	</cfcatch>
139	</cftry>
140	</cfif>
141	<cfelse>
142	<cfset resourceTypeUrl = rereplace( replace( Config.FileTypesPath[url.type], fs, "/", "all"), "/$", "") >
143	<cfif isDefined( "Config.FileTypesAbsolutePath" )
144	and structkeyexists( Config.FileTypesAbsolutePath, url.type )
145	and Len( Config.FileTypesAbsolutePath[url.type] )>
146	<cfset userFilesServerPath = Config.FileTypesAbsolutePath[url.type] & url.currentFolder>
147	<cfelse>
148	<cftry>
149	<cfset userFilesServerPath = expandpath( resourceTypeUrl ) & url.currentFolder>
150	<!--- Catch: Parameter 1 of function ExpandPath must be a relative path --->
151	<cfcatch type="any">
152	<cfset userFilesServerPath = rootPath & Config.FileTypesPath[url.type] & url.currentFolder>
153	</cfcatch>
154	</cftry>
155	</cfif>
156	</cfif>
157
158	<cfset userFilesServerPath = replace( userFilesServerPath, "/", fs, "all" ) >
159	<!--- get rid of double directory separators --->
160	<cfset userFilesServerPath = replace( userFilesServerPath, fs & fs, fs, "all") >
161
162	<!--- create resource type directory if not exists --->
163	<cfset resourceTypeDirectory = left( userFilesServerPath, Len(userFilesServerPath) - Len(url.currentFolder) )>
164
165	<cfif not directoryexists( resourceTypeDirectory )>
166
167	<cfset currentPath = "">
168	<cftry>
169	<cfloop list="#resourceTypeDirectory#" index="name" delimiters="#fs#">
170	<cfif currentPath eq "" and fs eq "\">
171	<!--- Without checking this, we would have in Windows \C:\ --->
172	<cfif not directoryExists(name)>
173	<cfdirectory action="create" directory="#name#" mode="755">
174	</cfif>
175	<cfelse>
176	<cfif not directoryExists(currentPath & fs & name)>
177	<cfdirectory action="create" directory="#currentPath##fs##name#" mode="755">
178	</cfif>
179	</cfif>
180
181	<cfif fs eq "\" and currentPath eq "">
182	<cfset currentPath = name>
183	<cfelse>
184	<cfset currentPath = currentPath & fs & name>
185	</cfif>
186	</cfloop>
187
188	<cfcatch type="any">
189
190	<!--- this should only occur as a result of a permissions problem --->
191	<cfset SendUploadResults(103)>
192	<cfabort>
193
194	</cfcatch>
195
196	</cftry>
197	</cfif>
198
199	<cfset currentFolderPath = userFilesServerPath>
200	<cfset resourceType = url.type>
201
202	<cfset fileName = "">
203	<cfset fileExt = "">
204
205	<!--- Can be overwritten. The last value will be sent with the result --->
206	<cfset customMsg = "">
207
208	<cftry>
209	<!--- first upload the file with an unique filename --->
210	<cffile action="upload"
211	fileField="NewFile"
212	destination="#currentFolderPath#"
213	nameConflict="makeunique"
214	mode="644"
215	attributes="normal">
216
217	<cfif cffile.fileSize EQ 0>
218	<cfthrow>
219	</cfif>
220
221	<cfset lAllowedExtensions = config.allowedExtensions[#resourceType#]>
222	<cfset lDeniedExtensions = config.deniedExtensions[#resourceType#]>
223
224	<cfif ( len(lAllowedExtensions) and not listFindNoCase(lAllowedExtensions,cffile.ServerFileExt) )
225	or ( len(lDeniedExtensions) and listFindNoCase(lDeniedExtensions,cffile.ServerFileExt) )>
226
227	<cfset errorNumber = "202">
228	<cffile action="delete" file="#cffile.ServerDirectory##fs##cffile.ServerFile#">
229
230	<cfelse>
231
232	<cfscript>
233	errorNumber = 0;
234	fileName = cffile.ClientFileName ;
235	fileExt = cffile.ServerFileExt ;
236	fileExisted = false ;
237
238	// munge filename for html download. Only a-z, 0-9, _, - and . are allowed
239	if( reFind("[^A-Za-z0-9_\-\.]", fileName) ) {
240	fileName = reReplace(fileName, "[^A-Za-z0-9\-\.]", "_", "ALL");
241	fileName = reReplace(fileName, "_{2,}", "_", "ALL");
242	fileName = reReplace(fileName, "([^_]+)_+$", "\1", "ALL");
243	fileName = reReplace(fileName, "$_([^_]+)$", "\1", "ALL");
244	}
245
246	// remove additional dots from file name
247	if( isDefined("Config.ForceSingleExtension") and Config.ForceSingleExtension )
248	fileName = replace( fileName, '.', "_", "all" ) ;
249
250	// When the original filename already exists, add numbers (0), (1), (2), ... at the end of the filename.
251	if( compare( cffile.ServerFileName, fileName ) ) {
252	counter = 0;
253	tmpFileName = fileName;
254	while( fileExists("#currentFolderPath##fileName#.#fileExt#") ) {
255	fileExisted = true ;
256	counter = counter + 1 ;
257	fileName = tmpFileName & '(#counter#)' ;
258	}
259	}
260	</cfscript>
261
262	<!--- Rename the uploaded file, if neccessary --->
263	<cfif compare(cffile.ServerFileName,fileName)>
264
265	<cfif fileExisted>
266	<cfset errorNumber = "201">
267	</cfif>
268	<cffile
269	action="rename"
270	source="#currentFolderPath##cffile.ServerFileName#.#cffile.ServerFileExt#"
271	destination="#currentFolderPath##fileName#.#fileExt#"
272	mode="644"
273	attributes="normal">
274
275	</cfif>
276
277	</cfif>
278
279	<cfcatch type="any">
280
281	<cfset errorNumber = "1">
282	<cfset customMsg = cfcatch.message >
283
284	</cfcatch>
285	</cftry>
286
287	<cfif errorNumber EQ 0>
288	<!--- file was uploaded succesfully --->
289	<cfset SendUploadResults(errorNumber, '#resourceTypeUrl##url.currentFolder##fileName#.#fileExt#', "", "")>
290	<cfabort>
291	<cfelseif errorNumber EQ 201>
292	<!--- file was changed (201), submit the new filename --->
293	<cfset SendUploadResults(errorNumber, '#resourceTypeUrl##url.currentFolder##fileName#.#fileExt#', replace( fileName & "." & fileExt, "'", "\'", "ALL"), customMsg)>
294	<cfabort>
295	<cfelse>
296	<!--- An error occured(202). Submit only the error code and a message (if available). --->
297	<cfset SendUploadResults(errorNumber, '', '', customMsg)>
298	<cfabort>
299	</cfif>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: