/pigeoncms/Plugins/fckeditor/editor/filemanager/connectors/cfm/cf5_upload.cfm

http://pigeoncms.googlecode.com/ · ColdFusion · 309 lines · 226 code · 38 blank · 45 comment · 8 complexity · d3ca4879b8865fead8ac9998c99f8c4e MD5 · raw file

  1. <cfsetting enablecfoutputonly="Yes">
  2. <!---
  3. * FCKeditor - The text editor for Internet - http://www.fckeditor.net
  4. * Copyright (C) 2003-2009 Frederico Caldeira Knabben
  5. *
  6. * == BEGIN LICENSE ==
  7. *
  8. * Licensed under the terms of any of the following licenses at your
  9. * choice:
  10. *
  11. * - GNU General Public License Version 2 or later (the "GPL")
  12. * http://www.gnu.org/licenses/gpl.html
  13. *
  14. * - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
  15. * http://www.gnu.org/licenses/lgpl.html
  16. *
  17. * - Mozilla Public License Version 1.1 or later (the "MPL")
  18. * http://www.mozilla.org/MPL/MPL-1.1.html
  19. *
  20. * == END LICENSE ==
  21. *
  22. * This is the "File Uploader" for ColdFusion 5.
  23. * Based on connector.cfm by Mark Woods (mark@thickpaddy.com)
  24. *
  25. * Note:
  26. * FCKeditor requires that the connector responds with UTF-8 encoded XML.
  27. * As ColdFusion 5 does not fully support UTF-8 encoding, we force ASCII
  28. * file and folder names in this connector to allow CF5 send a UTF-8
  29. * encoded response - code points under 127 in UTF-8 are stored using a
  30. * single byte, using the same encoding as ASCII, which is damn handy.
  31. * This is all grand for the English speakers, like meself, but I dunno
  32. * how others are gonna take to it. Well, the previous version of this
  33. * connector already did this with file names and nobody seemed to mind,
  34. * so fingers-crossed nobody will mind their folder names being munged too.
  35. *
  36. --->
  37. <cfparam name="url.command" default="QuickUpload">
  38. <cfparam name="url.type" default="File">
  39. <cfparam name="url.currentFolder" default="/">
  40. <cfif url.command eq "QuickUpload">
  41. <cfset url.currentFolder = "/">
  42. </cfif>
  43. <cfif not isDefined("config_included")>
  44. <cfinclude template="config.cfm">
  45. </cfif>
  46. <cfscript>
  47. function SendUploadResults(errorNumber, fileUrl, fileName, customMsg)
  48. {
  49. WriteOutput('<script type="text/javascript">');
  50. // Minified version of the document.domain automatic fix script (#1919).
  51. // The original script can be found at _dev/domain_fix_template.js
  52. WriteOutput("(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\.|$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})();");
  53. WriteOutput('window.parent.OnUploadCompleted(' & errorNumber & ', "' & JSStringFormat(fileUrl) & '", "' & JSStringFormat(fileName) & '", "' & JSStringFormat(customMsg) & '");' );
  54. WriteOutput('</script>');
  55. }
  56. </cfscript>
  57. <cfif NOT config.enabled>
  58. <cfset SendUploadResults(1, "", "", "This file uploader is disabled. Please check the ""editor/filemanager/connectors/cfm/config.cfm"" file")>
  59. <cfabort>
  60. </cfif>
  61. <cfif isDefined("Config.ConfigAllowedCommands") and not ListFind(Config.ConfigAllowedCommands, url.command)>
  62. <cfset SendUploadResults(1, "", "", "The """ & url.command & """ command isn't allowed")>
  63. <cfabort>
  64. </cfif>
  65. <cfif isDefined("Config.ConfigAllowedTypes") and not ListFind(Config.ConfigAllowedTypes, url.type)>
  66. <cfset SendUploadResults(1, "", "", "The """ & url.type & """ type isn't allowed")>
  67. <cfabort>
  68. </cfif>
  69. <cfif find( "..", url.currentFolder) or find( "\", url.currentFolder)>
  70. <cfset SendUploadResults(102)>
  71. <cfabort>
  72. </cfif>
  73. <cfif REFind('(/\.)|(//)|[[:cntrl:]]|([\\:\*\?\"<>])', url.currentFolder)>
  74. <cfset SendUploadResults(102)>
  75. <cfabort>
  76. </cfif>
  77. <cfscript>
  78. userFilesPath = config.userFilesPath;
  79. if ( userFilesPath eq "" ) {
  80. userFilesPath = "/userfiles/";
  81. }
  82. // make sure the user files path is correctly formatted
  83. userFilesPath = replace(userFilesPath, "\", "/", "ALL");
  84. userFilesPath = replace(userFilesPath, '//', '/', 'ALL');
  85. if ( right(userFilesPath,1) NEQ "/" ) {
  86. userFilesPath = userFilesPath & "/";
  87. }
  88. if ( left(userFilesPath,1) NEQ "/" ) {
  89. userFilesPath = "/" & userFilesPath;
  90. }
  91. // make sure the current folder is correctly formatted
  92. url.currentFolder = replace(url.currentFolder, "\", "/", "ALL");
  93. url.currentFolder = replace(url.currentFolder, '//', '/', 'ALL');
  94. if ( right(url.currentFolder,1) neq "/" ) {
  95. url.currentFolder = url.currentFolder & "/";
  96. }
  97. if ( left(url.currentFolder,1) neq "/" ) {
  98. url.currentFolder = "/" & url.currentFolder;
  99. }
  100. if (find("/",getBaseTemplatePath())) {
  101. fs = "/";
  102. } else {
  103. fs = "\";
  104. }
  105. // Get the base physical path to the web root for this application. The code to determine the path automatically assumes that
  106. // the "FCKeditor" directory in the http request path is directly off the web root for the application and that it's not a
  107. // virtual directory or a symbolic link / junction. Use the serverPath config setting to force a physical path if necessary.
  108. if ( len(config.serverPath) ) {
  109. serverPath = config.serverPath;
  110. if ( right(serverPath,1) neq fs ) {
  111. serverPath = serverPath & fs;
  112. }
  113. } else {
  114. serverPath = replaceNoCase(getBaseTemplatePath(),replace(cgi.script_name,"/",fs,"all"),"") & replace(userFilesPath,"/",fs,"all");
  115. }
  116. rootPath = left( serverPath, Len(serverPath) - Len(userFilesPath) ) ;
  117. </cfscript>
  118. <cfif url.command eq "QuickUpload">
  119. <cfset resourceTypeUrl = rereplace( replace( Config.QuickUploadPath[url.type], fs, "/", "all"), "/$", "") >
  120. <cfif isDefined( "Config.QuickUploadAbsolutePath" )
  121. and structkeyexists( Config.QuickUploadAbsolutePath, url.type )
  122. and Len( Config.QuickUploadAbsolutePath[url.type] )>
  123. <cfset userFilesServerPath = Config.QuickUploadAbsolutePath[url.type] & url.currentFolder>
  124. <cfelse>
  125. <cftry>
  126. <cfset userFilesServerPath = expandpath( resourceTypeUrl ) & url.currentFolder>
  127. <!--- Catch: Parameter 1 of function ExpandPath must be a relative path --->
  128. <cfcatch type="any">
  129. <cfset userFilesServerPath = rootPath & Config.QuickUploadPath[url.type] & url.currentFolder>
  130. </cfcatch>
  131. </cftry>
  132. </cfif>
  133. <cfelseif url.command eq "FileUpload">
  134. <cfset resourceTypeUrl = rereplace( replace( Config.FileTypesPath[url.type], fs, "/", "all"), "/$", "") >
  135. <cfif isDefined( "Config.FileTypesAbsolutePath" )
  136. and structkeyexists( Config.FileTypesAbsolutePath, url.type )
  137. and Len( Config.FileTypesAbsolutePath[url.type] )>
  138. <cfset userFilesServerPath = Config.FileTypesAbsolutePath[url.type] & url.currentFolder>
  139. <cfelse>
  140. <cftry>
  141. <cfset userFilesServerPath = expandpath( resourceTypeUrl ) & url.currentFolder>
  142. <!--- Catch: Parameter 1 of function ExpandPath must be a relative path --->
  143. <cfcatch type="any">
  144. <cfset userFilesServerPath = rootPath & Config.FileTypesPath[url.type] & url.currentFolder>
  145. </cfcatch>
  146. </cftry>
  147. </cfif>
  148. </cfif>
  149. <cfset userFilesServerPath = replace( userFilesServerPath, "/", fs, "all" ) >
  150. <!--- get rid of double directory separators --->
  151. <cfset userFilesServerPath = replace( userFilesServerPath, fs & fs, fs, "all") >
  152. <!--- create resource type directory if not exists --->
  153. <cfset resourceTypeDirectory = left( userFilesServerPath, Len(userFilesServerPath) - Len(url.currentFolder) )>
  154. <cfif not directoryexists( resourceTypeDirectory )>
  155. <cfset currentPath = "">
  156. <cftry>
  157. <cfloop list="#resourceTypeDirectory#" index="name" delimiters="#fs#">
  158. <cfif currentPath eq "" and fs eq "\">
  159. <!--- Without checking this, we would have in Windows \C:\ --->
  160. <cfif not directoryExists(name)>
  161. <cfdirectory action="create" directory="#name#" mode="755">
  162. </cfif>
  163. <cfelse>
  164. <cfif not directoryExists(currentPath & fs & name)>
  165. <cfdirectory action="create" directory="#currentPath##fs##name#" mode="755">
  166. </cfif>
  167. </cfif>
  168. <cfif fs eq "\" and currentPath eq "">
  169. <cfset currentPath = name>
  170. <cfelse>
  171. <cfset currentPath = currentPath & fs & name>
  172. </cfif>
  173. </cfloop>
  174. <cfcatch type="any">
  175. <!--- this should only occur as a result of a permissions problem --->
  176. <cfset SendUploadResults(103)>
  177. <cfabort>
  178. </cfcatch>
  179. </cftry>
  180. </cfif>
  181. <cfset currentFolderPath = userFilesServerPath>
  182. <cfset resourceType = url.type>
  183. <cfset fileName = "">
  184. <cfset fileExt = "">
  185. <!--- Can be overwritten. The last value will be sent with the result --->
  186. <cfset customMsg = "">
  187. <cftry>
  188. <!--- first upload the file with an unique filename --->
  189. <cffile action="upload"
  190. fileField="NewFile"
  191. destination="#currentFolderPath#"
  192. nameConflict="makeunique"
  193. mode="644"
  194. attributes="normal">
  195. <cfif cffile.fileSize EQ 0>
  196. <cfthrow>
  197. </cfif>
  198. <cfset lAllowedExtensions = config.allowedExtensions[#resourceType#]>
  199. <cfset lDeniedExtensions = config.deniedExtensions[#resourceType#]>
  200. <cfif ( len(lAllowedExtensions) and not listFindNoCase(lAllowedExtensions,cffile.ServerFileExt) )
  201. or ( len(lDeniedExtensions) and listFindNoCase(lDeniedExtensions,cffile.ServerFileExt) )>
  202. <cfset errorNumber = "202">
  203. <cffile action="delete" file="#cffile.ServerDirectory##fs##cffile.ServerFile#">
  204. <cfelse>
  205. <cfscript>
  206. errorNumber = 0;
  207. fileName = cffile.ClientFileName ;
  208. fileExt = cffile.ServerFileExt ;
  209. fileExisted = false ;
  210. // munge filename for html download. Only a-z, 0-9, _, - and . are allowed
  211. if( reFind("[^A-Za-z0-9_\-\.]", fileName) ) {
  212. fileName = reReplace(fileName, "[^A-Za-z0-9\-\.]", "_", "ALL");
  213. fileName = reReplace(fileName, "_{2,}", "_", "ALL");
  214. fileName = reReplace(fileName, "([^_]+)_+$", "\1", "ALL");
  215. fileName = reReplace(fileName, "$_([^_]+)$", "\1", "ALL");
  216. }
  217. // remove additional dots from file name
  218. if( isDefined("Config.ForceSingleExtension") and Config.ForceSingleExtension )
  219. fileName = replace( fileName, '.', "_", "all" ) ;
  220. // When the original filename already exists, add numbers (0), (1), (2), ... at the end of the filename.
  221. if( compare( cffile.ServerFileName, fileName ) ) {
  222. counter = 0;
  223. tmpFileName = fileName;
  224. while( fileExists("#currentFolderPath##fileName#.#fileExt#") ) {
  225. fileExisted = true ;
  226. counter = counter + 1 ;
  227. fileName = tmpFileName & '(#counter#)' ;
  228. }
  229. }
  230. </cfscript>
  231. <!--- Rename the uploaded file, if neccessary --->
  232. <cfif compare(cffile.ServerFileName,fileName)>
  233. <cfif fileExisted>
  234. <cfset errorNumber = "201">
  235. </cfif>
  236. <cffile
  237. action="rename"
  238. source="#currentFolderPath##cffile.ServerFileName#.#cffile.ServerFileExt#"
  239. destination="#currentFolderPath##fileName#.#fileExt#"
  240. mode="644"
  241. attributes="normal">
  242. </cfif>
  243. </cfif>
  244. <cfcatch type="any">
  245. <cfset errorNumber = "1">
  246. <cfset customMsg = cfcatch.message >
  247. </cfcatch>
  248. </cftry>
  249. <cfif errorNumber EQ 0>
  250. <!--- file was uploaded succesfully --->
  251. <cfset SendUploadResults(errorNumber, '#resourceTypeUrl##url.currentFolder##fileName#.#fileExt#', replace( fileName & "." & fileExt, "'", "\'", "ALL"), "")>
  252. <cfabort>
  253. <cfelseif errorNumber EQ 201>
  254. <!--- file was changed (201), submit the new filename --->
  255. <cfset SendUploadResults(errorNumber, '#resourceTypeUrl##url.currentFolder##fileName#.#fileExt#', replace( fileName & "." & fileExt, "'", "\'", "ALL"), customMsg)>
  256. <cfabort>
  257. <cfelse>
  258. <!--- An error occured(202). Submit only the error code and a message (if available). --->
  259. <cfset SendUploadResults(errorNumber, '', '', customMsg)>
  260. <cfabort>
  261. </cfif>