siwat/cudreg-saml2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial commit

Browse source
This commit is contained in:
Siwat Sirichai 2025-06-08 16:22:20 +07:00
commit 252dac3143
1516 changed files with 694271 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

93
FCKeditor/editor/filemanager/connectors/php/basexml.php Normal file
View file

@ -0,0 +1,93 @@
<?php
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
* Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
*
* Licensed under the terms of any of the following licenses at your
* choice:
*
* - GNU General Public License Version 2 or later (the "GPL")
* http://www.gnu.org/licenses/gpl.html
*
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
* http://www.gnu.org/licenses/lgpl.html
*
* - Mozilla Public License Version 1.1 or later (the "MPL")
* http://www.mozilla.org/MPL/MPL-1.1.html
*
* == END LICENSE ==
*
* These functions define the base of the XML response sent by the PHP
* connector.
*/
function SetXmlHeaders()
{
ob_end_clean() ;
// Prevent the browser from caching the result.
// Date in the past
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT') ;
// always modified
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT') ;
// HTTP/1.1
header('Cache-Control: no-store, no-cache, must-revalidate') ;
header('Cache-Control: post-check=0, pre-check=0', false) ;
// HTTP/1.0
header('Pragma: no-cache') ;
// Set the response format.
header( 'Content-Type: text/xml; charset=utf-8' ) ;
}
function CreateXmlHeader( $command, $resourceType, $currentFolder )
{
SetXmlHeaders() ;
// Create the XML document header.
echo '<?xml version="1.0" encoding="utf-8" ?>' ;
// Create the main "Connector" node.
echo '<Connector command="' . $command . '" resourceType="' . $resourceType . '">' ;
// Add the current folder node.
echo '<CurrentFolder path="' . ConvertToXmlAttribute( $currentFolder ) . '" url="' . ConvertToXmlAttribute( GetUrlFromPath( $resourceType, $currentFolder, $command ) ) . '" />' ;
$GLOBALS['HeaderSent'] = true ;
}
function CreateXmlFooter()
{
echo '</Connector>' ;
}
function SendError( $number, $text )
{
if ( isset( $GLOBALS['HeaderSent'] ) && $GLOBALS['HeaderSent'] )
{
SendErrorNode( $number, $text ) ;
CreateXmlFooter() ;
}
else
{
SetXmlHeaders() ;
// Create the XML document header
echo '<?xml version="1.0" encoding="utf-8" ?>' ;
echo '<Connector>' ;
SendErrorNode( $number, $text ) ;
echo '</Connector>' ;
}
exit ;
}
function SendErrorNode( $number, $text )
{
echo '<Error number="' . $number . '" text="' . htmlspecialchars( $text ) . '" />' ;
}
?>

245
FCKeditor/editor/filemanager/connectors/php/commands.php Normal file
View file

@ -0,0 +1,245 @@
<?php
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
* Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
*
* Licensed under the terms of any of the following licenses at your
* choice:
*
* - GNU General Public License Version 2 or later (the "GPL")
* http://www.gnu.org/licenses/gpl.html
*
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
* http://www.gnu.org/licenses/lgpl.html
*
* - Mozilla Public License Version 1.1 or later (the "MPL")
* http://www.mozilla.org/MPL/MPL-1.1.html
*
* == END LICENSE ==
*
* This is the File Manager Connector for PHP.
*/
function GetFolders( $resourceType, $currentFolder )
{
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder( $resourceType, $currentFolder, 'GetFolders' ) ;
// Array that will hold the folders names.
$aFolders = array() ;
$oCurrentFolder = opendir( $sServerDir ) ;
while ( $sFile = readdir( $oCurrentFolder ) )
{
if ( $sFile != '.' && $sFile != '..' && is_dir( $sServerDir . $sFile ) )
$aFolders[] = '<Folder name="' . ConvertToXmlAttribute( $sFile ) . '" />' ;
}
closedir( $oCurrentFolder ) ;
// Open the "Folders" node.
echo "<Folders>" ;
natcasesort( $aFolders ) ;
foreach ( $aFolders as $sFolder )
echo $sFolder ;
// Close the "Folders" node.
echo "</Folders>" ;
}
function GetFoldersAndFiles( $resourceType, $currentFolder )
{
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder( $resourceType, $currentFolder, 'GetFoldersAndFiles' ) ;
// Arrays that will hold the folders and files names.
$aFolders = array() ;
$aFiles = array() ;
$oCurrentFolder = opendir( $sServerDir ) ;
while ( $sFile = readdir( $oCurrentFolder ) )
{
if ( $sFile != '.' && $sFile != '..' )
{
if ( is_dir( $sServerDir . $sFile ) )
$aFolders[] = '<Folder name="' . ConvertToXmlAttribute( $sFile ) . '" />' ;
else
{
$iFileSize = @filesize( $sServerDir . $sFile ) ;
if ( !$iFileSize ) {
$iFileSize = 0 ;
}
if ( $iFileSize > 0 )
{
$iFileSize = round( $iFileSize / 1024 ) ;
if ( $iFileSize < 1 ) $iFileSize = 1 ;
}
$aFiles[] = '<File name="' . ConvertToXmlAttribute( $sFile ) . '" size="' . $iFileSize . '" />' ;
}
}
}
// Send the folders
natcasesort( $aFolders ) ;
echo '<Folders>' ;
foreach ( $aFolders as $sFolder )
echo $sFolder ;
echo '</Folders>' ;
// Send the files
natcasesort( $aFiles ) ;
echo '<Files>' ;
foreach ( $aFiles as $sFiles )
echo $sFiles ;
echo '</Files>' ;
}
function CreateFolder( $resourceType, $currentFolder )
{
if (!isset($_GET)) {
global $_GET;
}
$sErrorNumber = '0' ;
$sErrorMsg = '' ;
if ( isset( $_GET['NewFolderName'] ) )
{
$sNewFolderName = $_GET['NewFolderName'] ;
$sNewFolderName = SanitizeFolderName( $sNewFolderName ) ;
if ( strpos( $sNewFolderName, '..' ) !== FALSE )
$sErrorNumber = '102' ; // Invalid folder name.
else
{
// Map the virtual path to the local server path of the current folder.
$sServerDir = ServerMapFolder( $resourceType, $currentFolder, 'CreateFolder' ) ;
if ( is_writable( $sServerDir ) )
{
$sServerDir .= $sNewFolderName ;
$sErrorMsg = CreateServerFolder( $sServerDir ) ;
switch ( $sErrorMsg )
{
case '' :
$sErrorNumber = '0' ;
break ;
case 'Invalid argument' :
case 'No such file or directory' :
$sErrorNumber = '102' ; // Path too long.
break ;
default :
$sErrorNumber = '110' ;
break ;
}
}
else
$sErrorNumber = '103' ;
}
}
else
$sErrorNumber = '102' ;
// Create the "Error" node.
echo '<Error number="' . $sErrorNumber . '" originalDescription="' . ConvertToXmlAttribute( $sErrorMsg ) . '" />' ;
}
function FileUpload( $resourceType, $currentFolder, $sCommand )
{
if (!isset($_FILES)) {
global $_FILES;
}
$sErrorNumber = '0' ;
$sFileName = '' ;
if ( isset( $_FILES['NewFile'] ) && !is_null( $_FILES['NewFile']['tmp_name'] ) )
{
global $Config ;
$oFile = $_FILES['NewFile'] ;
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder( $resourceType, $currentFolder, $sCommand ) ;
// Get the uploaded file name.
$sFileName = $oFile['name'] ;
$sFileName = SanitizeFileName( $sFileName ) ;
$sOriginalFileName = $sFileName ;
// Get the extension.
$sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ;
$sExtension = strtolower( $sExtension ) ;
if ( isset( $Config['SecureImageUploads'] ) )
{
if ( !IsImageValid( $oFile['tmp_name'], $sExtension ) )
{
$sErrorNumber = '202' ;
}
}
if ( isset( $Config['HtmlExtensions'] ) )
{
if ( !IsHtmlExtension( $sExtension, $Config['HtmlExtensions'] ) && DetectHtml( $oFile['tmp_name'] ) )
{
$sErrorNumber = '202' ;
}
}
// Check if it is an allowed extension.
if ( !$sErrorNumber && IsAllowedExt( $sExtension, $resourceType ) )
{
$iCounter = 0 ;
while ( true )
{
$sFilePath = $sServerDir . $sFileName ;
if ( is_file( $sFilePath ) )
{
$iCounter++ ;
$sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
$sErrorNumber = '201' ;
}
else
{
move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ;
if ( is_file( $sFilePath ) )
{
$oldumask = umask(0) ;
chmod( $sFilePath, 0777 ) ;
umask( $oldumask ) ;
}
break ;
}
}
}
else
$sErrorNumber = '202' ;
}
else
$sErrorNumber = '202' ;
$sFileUrl = CombinePaths( GetResourceTypePath( $resourceType, $sCommand ) , $currentFolder ) ;
$sFileUrl = CombinePaths( $sFileUrl, $sFileName ) ;
SendUploadResults( $sErrorNumber, $sFileUrl, $sFileName ) ;
exit ;
}
?>

140
FCKeditor/editor/filemanager/connectors/php/config.php Normal file
View file

@ -0,0 +1,140 @@
<?php
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
* Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
*
* Licensed under the terms of any of the following licenses at your
* choice:
*
* - GNU General Public License Version 2 or later (the "GPL")
* http://www.gnu.org/licenses/gpl.html
*
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
* http://www.gnu.org/licenses/lgpl.html
*
* - Mozilla Public License Version 1.1 or later (the "MPL")
* http://www.mozilla.org/MPL/MPL-1.1.html
*
* == END LICENSE ==
*
* Configuration file for the File Manager Connector for PHP.
*/
global $Config ;
// SECURITY: You must explicitly enable this "connector". (Set it to "true").
// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only
// authenticated users can access this file or use some kind of session checking.
$Config['Enabled'] = false ;
// Path to user files relative to the document root.
$Config['UserFilesPath'] = '/userfiles/' ;
// Fill the following value it you prefer to specify the absolute path for the
// user files directory. Useful if you are using a virtual directory, symbolic
// link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
// Attention: The above 'UserFilesPath' must point to the same directory.
$Config['UserFilesAbsolutePath'] = '' ;
// Due to security issues with Apache modules, it is recommended to leave the
// following setting enabled.
$Config['ForceSingleExtension'] = true ;
// Perform additional checks for image files
// if set to true, validate image size (using getimagesize)
$Config['SecureImageUploads'] = true;
// What the user can do with this connector
$Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ;
// Allowed Resource Types
$Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media') ;
// For security, HTML is allowed in the first Kb of data for files having the
// following extensions only.
$Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ;
/*
Configuration settings for each Resource Type
- AllowedExtensions: the possible extensions that can be allowed.
If it is empty then any file type can be uploaded.
- DeniedExtensions: The extensions that won't be allowed.
If it is empty then no restrictions are done here.
For a file to be uploaded it has to fulfill both the AllowedExtensions
and DeniedExtensions (that's it: not being denied) conditions.
- FileTypesPath: the virtual folder relative to the document root where
these resources will be located.
Attention: It must start and end with a slash: '/'
- FileTypesAbsolutePath: the physical path to the above folder. It must be
an absolute path.
If it's an empty string then it will be autocalculated.
Useful if you are using a virtual directory, symbolic link or alias.
Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
Attention: The above 'FileTypesPath' must point to the same directory.
Attention: It must end with a slash: '/'
- QuickUploadPath: the virtual folder relative to the document root where
these resources will be uploaded using the Upload tab in the resources
dialogs.
Attention: It must start and end with a slash: '/'
- QuickUploadAbsolutePath: the physical path to the above folder. It must be
an absolute path.
If it's an empty string then it will be autocalculated.
Useful if you are using a virtual directory, symbolic link or alias.
Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
Attention: The above 'QuickUploadPath' must point to the same directory.
Attention: It must end with a slash: '/'
NOTE: by default, QuickUploadPath and QuickUploadAbsolutePath point to
"userfiles" directory to maintain backwards compatibility with older versions of FCKeditor.
This is fine, but you in some cases you will be not able to browse uploaded files using file browser.
Example: if you click on "image button", select "Upload" tab and send image
to the server, image will appear in FCKeditor correctly, but because it is placed
directly in /userfiles/ directory, you'll be not able to see it in built-in file browser.
The more expected behaviour would be to send images directly to "image" subfolder.
To achieve that, simply change
$Config['QuickUploadPath']['Image'] = $Config['UserFilesPath'] ;
$Config['QuickUploadAbsolutePath']['Image'] = $Config['UserFilesAbsolutePath'] ;
into:
$Config['QuickUploadPath']['Image'] = $Config['FileTypesPath']['Image'] ;
$Config['QuickUploadAbsolutePath']['Image'] = $Config['FileTypesAbsolutePath']['Image'] ;
*/
$Config['AllowedExtensions']['File'] = array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ;
$Config['DeniedExtensions']['File'] = array() ;
$Config['FileTypesPath']['File'] = $Config['UserFilesPath'] . 'file/' ;
$Config['FileTypesAbsolutePath']['File']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'file/' ;
$Config['QuickUploadPath']['File'] = $Config['UserFilesPath'] ;
$Config['QuickUploadAbsolutePath']['File']= $Config['UserFilesAbsolutePath'] ;
$Config['AllowedExtensions']['Image'] = array('bmp','gif','jpeg','jpg','png') ;
$Config['DeniedExtensions']['Image'] = array() ;
$Config['FileTypesPath']['Image'] = $Config['UserFilesPath'] . 'image/' ;
$Config['FileTypesAbsolutePath']['Image']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'image/' ;
$Config['QuickUploadPath']['Image'] = $Config['UserFilesPath'] ;
$Config['QuickUploadAbsolutePath']['Image']= $Config['UserFilesAbsolutePath'] ;
$Config['AllowedExtensions']['Flash'] = array('swf','flv') ;
$Config['DeniedExtensions']['Flash'] = array() ;
$Config['FileTypesPath']['Flash'] = $Config['UserFilesPath'] . 'flash/' ;
$Config['FileTypesAbsolutePath']['Flash']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'flash/' ;
$Config['QuickUploadPath']['Flash'] = $Config['UserFilesPath'] ;
$Config['QuickUploadAbsolutePath']['Flash']= $Config['UserFilesAbsolutePath'] ;
$Config['AllowedExtensions']['Media'] = array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ;
$Config['DeniedExtensions']['Media'] = array() ;
$Config['FileTypesPath']['Media'] = $Config['UserFilesPath'] . 'media/' ;
$Config['FileTypesAbsolutePath']['Media']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'media/' ;
$Config['QuickUploadPath']['Media'] = $Config['UserFilesPath'] ;
$Config['QuickUploadAbsolutePath']['Media']= $Config['UserFilesAbsolutePath'] ;
?>

87
FCKeditor/editor/filemanager/connectors/php/connector.php Normal file
View file

@ -0,0 +1,87 @@
<?php
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
* Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
*
* Licensed under the terms of any of the following licenses at your
* choice:
*
* - GNU General Public License Version 2 or later (the "GPL")
* http://www.gnu.org/licenses/gpl.html
*
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
* http://www.gnu.org/licenses/lgpl.html
*
* - Mozilla Public License Version 1.1 or later (the "MPL")
* http://www.mozilla.org/MPL/MPL-1.1.html
*
* == END LICENSE ==
*
* This is the File Manager Connector for PHP.
*/
ob_start() ;
require('./config.php') ;
require('./util.php') ;
require('./io.php') ;
require('./basexml.php') ;
require('./commands.php') ;
require('./phpcompat.php') ;
if ( !$Config['Enabled'] )
SendError( 1, 'This connector is disabled. Please check the "editor/filemanager/connectors/php/config.php" file' ) ;
DoResponse() ;
function DoResponse()
{
if (!isset($_GET)) {
global $_GET;
}
if ( !isset( $_GET['Command'] ) || !isset( $_GET['Type'] ) || !isset( $_GET['CurrentFolder'] ) )
return ;
// Get the main request informaiton.
$sCommand = $_GET['Command'] ;
$sResourceType = $_GET['Type'] ;
$sCurrentFolder = GetCurrentFolder() ;
// Check if it is an allowed command
if ( ! IsAllowedCommand( $sCommand ) )
SendError( 1, 'The "' . $sCommand . '" command isn\'t allowed' ) ;
// Check if it is an allowed type.
if ( !IsAllowedType( $sResourceType ) )
SendError( 1, 'Invalid type specified' ) ;
// File Upload doesn't have to Return XML, so it must be intercepted before anything.
if ( $sCommand == 'FileUpload' )
{
FileUpload( $sResourceType, $sCurrentFolder, $sCommand ) ;
return ;
}
CreateXmlHeader( $sCommand, $sResourceType, $sCurrentFolder ) ;
// Execute the required command.
switch ( $sCommand )
{
case 'GetFolders' :
GetFolders( $sResourceType, $sCurrentFolder ) ;
break ;
case 'GetFoldersAndFiles' :
GetFoldersAndFiles( $sResourceType, $sCurrentFolder ) ;
break ;
case 'CreateFolder' :
CreateFolder( $sResourceType, $sCurrentFolder ) ;
break ;
}
CreateXmlFooter() ;
exit ;
}
?>

272
FCKeditor/editor/filemanager/connectors/php/io.php Normal file
View file

@ -0,0 +1,272 @@
<?php
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
* Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
*
* Licensed under the terms of any of the following licenses at your
* choice:
*
* - GNU General Public License Version 2 or later (the "GPL")
* http://www.gnu.org/licenses/gpl.html
*
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
* http://www.gnu.org/licenses/lgpl.html
*
* - Mozilla Public License Version 1.1 or later (the "MPL")
* http://www.mozilla.org/MPL/MPL-1.1.html
*
* == END LICENSE ==
*
* This is the File Manager Connector for PHP.
*/
function CombinePaths( $sBasePath, $sFolder )
{
return RemoveFromEnd( $sBasePath, '/' ) . '/' . RemoveFromStart( $sFolder, '/' ) ;
}
function GetResourceTypePath( $resourceType, $sCommand )
{
global $Config ;
if ( $sCommand == "QuickUpload")
return $Config['QuickUploadPath'][$resourceType] ;
else
return $Config['FileTypesPath'][$resourceType] ;
}
function GetResourceTypeDirectory( $resourceType, $sCommand )
{
global $Config ;
if ( $sCommand == "QuickUpload")
{
if ( strlen( $Config['QuickUploadAbsolutePath'][$resourceType] ) > 0 )
return $Config['QuickUploadAbsolutePath'][$resourceType] ;
// Map the "UserFiles" path to a local directory.
return Server_MapPath( $Config['QuickUploadPath'][$resourceType] ) ;
}
else
{
if ( strlen( $Config['FileTypesAbsolutePath'][$resourceType] ) > 0 )
return $Config['FileTypesAbsolutePath'][$resourceType] ;
// Map the "UserFiles" path to a local directory.
return Server_MapPath( $Config['FileTypesPath'][$resourceType] ) ;
}
}
function GetUrlFromPath( $resourceType, $folderPath, $sCommand )
{
return CombinePaths( GetResourceTypePath( $resourceType, $sCommand ), $folderPath ) ;
}
function RemoveExtension( $fileName )
{
return substr( $fileName, 0, strrpos( $fileName, '.' ) ) ;
}
function ServerMapFolder( $resourceType, $folderPath, $sCommand )
{
// Get the resource type directory.
$sResourceTypePath = GetResourceTypeDirectory( $resourceType, $sCommand ) ;
// Ensure that the directory exists.
$sErrorMsg = CreateServerFolder( $sResourceTypePath ) ;
if ( $sErrorMsg != '' )
SendError( 1, "Error creating folder \"{$sResourceTypePath}\" ({$sErrorMsg})" ) ;
// Return the resource type directory combined with the required path.
return CombinePaths( $sResourceTypePath , $folderPath ) ;
}
function GetParentFolder( $folderPath )
{
$sPattern = "-[/\\\\][^/\\\\]+[/\\\\]?$-" ;
return preg_replace( $sPattern, '', $folderPath ) ;
}
function CreateServerFolder( $folderPath, $lastFolder = null )
{
$sParent = GetParentFolder( $folderPath ) ;
// Ensure the folder path has no double-slashes, or mkdir may fail on certain platforms
while ( strpos($folderPath, '//') !== false )
{
$folderPath = str_replace( '//', '/', $folderPath ) ;
}
// Check if the parent exists, or create it.
if ( !file_exists( $sParent ) )
{
//prevents agains infinite loop when we can't create root folder
if ( !is_null( $lastFolder ) && $lastFolder === $sParent) {
return "Can't create $folderPath directory" ;
}
$sErrorMsg = CreateServerFolder( $sParent, $folderPath ) ;
if ( $sErrorMsg != '' )
return $sErrorMsg ;
}
if ( !file_exists( $folderPath ) )
{
// Turn off all error reporting.
error_reporting( 0 ) ;
$php_errormsg = '' ;
// Enable error tracking to catch the error.
ini_set( 'track_errors', '1' ) ;
// To create the folder with 0777 permissions, we need to set umask to zero.
$oldumask = umask(0) ;
mkdir( $folderPath, 0777 ) ;
umask( $oldumask ) ;
$sErrorMsg = $php_errormsg ;
// Restore the configurations.
ini_restore( 'track_errors' ) ;
ini_restore( 'error_reporting' ) ;
return $sErrorMsg ;
}
else
return '' ;
}
function GetRootPath()
{
if (!isset($_SERVER)) {
global $_SERVER;
}
$sRealPath = realpath( './' ) ;
$sSelfPath = $_SERVER['PHP_SELF'] ;
$sSelfPath = substr( $sSelfPath, 0, strrpos( $sSelfPath, '/' ) ) ;
$sSelfPath = str_replace( '/', DIRECTORY_SEPARATOR, $sSelfPath ) ;
$position = strpos( $sRealPath, $sSelfPath ) ;
// This can check only that this script isn't run from a virtual dir
// But it avoids the problems that arise if it isn't checked
if ( $position === false || $position <> strlen( $sRealPath ) - strlen( $sSelfPath ) )
SendError( 1, 'Sorry, can\'t map "UserFilesPath" to a physical path. You must set the "UserFilesAbsolutePath" value in "editor/filemanager/connectors/php/config.php".' ) ;
return substr( $sRealPath, 0, $position ) ;
}
// Emulate the asp Server.mapPath function.
// given an url path return the physical directory that it corresponds to
function Server_MapPath( $path )
{
// This function is available only for Apache
if ( function_exists( 'apache_lookup_uri' ) )
{
$info = apache_lookup_uri( $path ) ;
return $info->filename . $info->path_info ;
}
// This isn't correct but for the moment there's no other solution
// If this script is under a virtual directory or symlink it will detect the problem and stop
return GetRootPath() . $path ;
}
function IsAllowedExt( $sExtension, $resourceType )
{
global $Config ;
// Get the allowed and denied extensions arrays.
$arAllowed = $Config['AllowedExtensions'][$resourceType] ;
$arDenied = $Config['DeniedExtensions'][$resourceType] ;
if ( count($arAllowed) > 0 && !in_array( $sExtension, $arAllowed ) )
return false ;
if ( count($arDenied) > 0 && in_array( $sExtension, $arDenied ) )
return false ;
return true ;
}
function IsAllowedType( $resourceType )
{
global $Config ;
if ( !in_array( $resourceType, $Config['ConfigAllowedTypes'] ) )
return false ;
return true ;
}
function IsAllowedCommand( $sCommand )
{
global $Config ;
if ( !in_array( $sCommand, $Config['ConfigAllowedCommands'] ) )
return false ;
return true ;
}
function GetCurrentFolder()
{
if (!isset($_GET)) {
global $_GET;
}
$sCurrentFolder = isset( $_GET['CurrentFolder'] ) ? $_GET['CurrentFolder'] : '/' ;
// Check the current folder syntax (must begin and start with a slash).
if ( ! ereg( '/$', $sCurrentFolder ) ) $sCurrentFolder .= '/' ;
if ( strpos( $sCurrentFolder, '/' ) !== 0 ) $sCurrentFolder = '/' . $sCurrentFolder ;
// Ensure the folder path has no double-slashes
while ( strpos ($sCurrentFolder, '//') !== false ) {
$sCurrentFolder = str_replace ('//', '/', $sCurrentFolder) ;
}
// Check for invalid folder paths (..)
if ( strpos( $sCurrentFolder, '..' ) )
SendError( 102, '' ) ;
return $sCurrentFolder ;
}
// Do a cleanup of the folder name to avoid possible problems
function SanitizeFolderName( $sNewFolderName )
{
$sNewFolderName = stripslashes( $sNewFolderName ) ;
// Remove . \ / | : ? * " < >
$sNewFolderName = preg_replace( '/\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>/', '_', $sNewFolderName ) ;
return $sNewFolderName ;
}
// Do a cleanup of the file name to avoid possible problems
function SanitizeFileName( $sNewFileName )
{
global $Config ;
$sNewFileName = stripslashes( $sNewFileName ) ;
// Replace dots in the name with underscores (only one dot can be there... security issue).
if ( $Config['ForceSingleExtension'] )
$sNewFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sNewFileName ) ;
// Remove \ / | : ? * " < >
$sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>/', '_', $sNewFileName ) ;
return $sNewFileName ;
}
// This is the function that sends the results of the uploading process.
function SendUploadResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' )
{
echo '<script type="text/javascript">' ;
$rpl = array( '\\' => '\\\\', '"' => '\\"' ) ;
echo 'window.parent.OnUploadCompleted(' . $errorNumber . ',"' . strtr( $fileUrl, $rpl ) . '","' . strtr( $fileName, $rpl ) . '", "' . strtr( $customMsg, $rpl ) . '") ;' ;
echo '</script>' ;
exit ;
}
?>

17
FCKeditor/editor/filemanager/connectors/php/phpcompat.php Normal file
View file

@ -0,0 +1,17 @@
<?php
if ( !isset( $_SERVER ) ) {
$_SERVER = $HTTP_SERVER_VARS ;
}
if ( !isset( $_GET ) ) {
$_GET = $HTTP_GET_VARS ;
}
if ( !isset( $_FILES ) ) {
$_FILES = $HTTP_POST_FILES ;
}
if ( !defined( 'DIRECTORY_SEPARATOR' ) ) {
define( 'DIRECTORY_SEPARATOR',
strtoupper(substr(PHP_OS, 0, 3) == 'WIN') ? '\\' : '/'
) ;
}

59
FCKeditor/editor/filemanager/connectors/php/upload.php Normal file
View file

@ -0,0 +1,59 @@
<?php
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
* Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
*
* Licensed under the terms of any of the following licenses at your
* choice:
*
* - GNU General Public License Version 2 or later (the "GPL")
* http://www.gnu.org/licenses/gpl.html
*
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
* http://www.gnu.org/licenses/lgpl.html
*
* - Mozilla Public License Version 1.1 or later (the "MPL")
* http://www.mozilla.org/MPL/MPL-1.1.html
*
* == END LICENSE ==
*
* This is the "File Uploader" for PHP.
*/
require('./config.php') ;
require('./util.php') ;
require('./io.php') ;
require('./commands.php') ;
require('./phpcompat.php') ;
function SendError( $number, $text )
{
SendUploadResults( $number, '', '', $text ) ;
}
// Check if this uploader has been enabled.
if ( !$Config['Enabled'] )
SendUploadResults( '1', '', '', 'This file uploader is disabled. Please check the "editor/filemanager/connectors/php/config.php" file' ) ;
$sCommand = 'QuickUpload' ;
// The file type (from the QueryString, by default 'File').
$sType = isset( $_GET['Type'] ) ? $_GET['Type'] : 'File' ;
$sCurrentFolder = GetCurrentFolder() ;
// Is enabled the upload?
if ( ! IsAllowedCommand( $sCommand ) )
SendUploadResults( '1', '', '', 'The ""' . $sCommand . '"" command isn\'t allowed' ) ;
// Check if it is an allowed type.
if ( !IsAllowedType( $sType ) )
SendUploadResults( 1, '', '', 'Invalid type specified' ) ;
FileUpload( $sType, $sCurrentFolder, $sCommand )
?>

185
FCKeditor/editor/filemanager/connectors/php/util.php Normal file
View file

@ -0,0 +1,185 @@
<?php
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
* Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
*
* Licensed under the terms of any of the following licenses at your
* choice:
*
* - GNU General Public License Version 2 or later (the "GPL")
* http://www.gnu.org/licenses/gpl.html
*
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
* http://www.gnu.org/licenses/lgpl.html
*
* - Mozilla Public License Version 1.1 or later (the "MPL")
* http://www.mozilla.org/MPL/MPL-1.1.html
*
* == END LICENSE ==
*
* Utility functions for the File Manager Connector for PHP.
*/
function RemoveFromStart( $sourceString, $charToRemove )
{
$sPattern = '|^' . $charToRemove . '+|' ;
return preg_replace( $sPattern, '', $sourceString ) ;
}
function RemoveFromEnd( $sourceString, $charToRemove )
{
$sPattern = '|' . $charToRemove . '+$|' ;
return preg_replace( $sPattern, '', $sourceString ) ;
}
function ConvertToXmlAttribute( $value )
{
if ( defined( 'PHP_OS' ) )
{
$os = PHP_OS ;
}
else
{
$os = php_uname() ;
}
if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' )
{
return ( utf8_encode( htmlspecialchars( $value ) ) ) ;
}
else
{
return ( htmlspecialchars( $value ) ) ;
}
}
/**
* Check whether given extension is in html etensions list
*
* @param string $ext
* @param array $htmlExtensions
* @return boolean
*/
function IsHtmlExtension( $ext, $htmlExtensions )
{
if ( !$htmlExtensions || !is_array( $htmlExtensions ) )
{
return false ;
}
$lcaseHtmlExtensions = array() ;
foreach ( $htmlExtensions as $key => $val )
{
$lcaseHtmlExtensions[$key] = strtolower( $val ) ;
}
return in_array( $ext, $lcaseHtmlExtensions ) ;
}
/**
* Detect HTML in the first KB to prevent against potential security issue with
* IE/Safari/Opera file type auto detection bug.
* Returns true if file contain insecure HTML code at the beginning.
*
* @param string $filePath absolute path to file
* @return boolean
*/
function DetectHtml( $filePath )
{
$fp = fopen( $filePath, 'rb' ) ;
$chunk = fread( $fp, 1024 ) ;
fclose( $fp ) ;
$chunk = strtolower( $chunk ) ;
if (!$chunk)
{
return false ;
}
$chunk = trim( $chunk ) ;
if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) )
{
return true;
}
$tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;
foreach( $tags as $tag )
{
if( false !== strpos( $chunk, $tag ) )
{
return true ;
}
}
//type = javascript
if ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) )
{
return true ;
}
//href = javascript
//src = javascript
//data = javascript
if ( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
{
return true ;
}
//url(javascript
if ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
{
return true ;
}
return false ;
}
/**
* Check file content.
* Currently this function validates only image files.
* Returns false if file is invalid.
*
* @param string $filePath absolute path to file
* @param string $extension file extension
* @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images
* @return boolean
*/
function IsImageValid( $filePath, $extension )
{
$imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');
// version_compare is available since PHP4 >= 4.0.7
if ( function_exists( 'version_compare' ) ) {
$sCurrentVersion = phpversion();
if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) {
$imageCheckExtensions[] = "tiff";
$imageCheckExtensions[] = "tif";
}
if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) {
$imageCheckExtensions[] = "swc";
}
if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) {
$imageCheckExtensions[] = "jpc";
$imageCheckExtensions[] = "jp2";
$imageCheckExtensions[] = "jpx";
$imageCheckExtensions[] = "jb2";
$imageCheckExtensions[] = "xbm";
$imageCheckExtensions[] = "wbmp";
}
}
if ( !in_array( $extension, $imageCheckExtensions ) ) {
return true;
}
if ( @getimagesize( $filePath ) === false ) {
return false ;
}
return true;
}
?>