--- /dev/null
+<cfsetting enablecfoutputonly="Yes">\r
+<!---\r
+ * FCKeditor - The text editor for Internet - http://www.fckeditor.net\r
+ * Copyright (C) 2003-2008 Frederico Caldeira Knabben\r
+ *\r
+ * == BEGIN LICENSE ==\r
+ *\r
+ * Licensed under the terms of any of the following licenses at your\r
+ * choice:\r
+ *\r
+ * - GNU General Public License Version 2 or later (the "GPL")\r
+ * http://www.gnu.org/licenses/gpl.html\r
+ *\r
+ * - GNU Lesser General Public License Version 2.1 or later (the "LGPL")\r
+ * http://www.gnu.org/licenses/lgpl.html\r
+ *\r
+ * - Mozilla Public License Version 1.1 or later (the "MPL")\r
+ * http://www.mozilla.org/MPL/MPL-1.1.html\r
+ *\r
+ * == END LICENSE ==\r
+ *\r
+ * This is the "File Uploader" for ColdFusion 5.\r
+ * Based on connector.cfm by Mark Woods (mark@thickpaddy.com)\r
+ *\r
+ * Note:\r
+ * FCKeditor requires that the connector responds with UTF-8 encoded XML.\r
+ * As ColdFusion 5 does not fully support UTF-8 encoding, we force ASCII\r
+ * file and folder names in this connector to allow CF5 send a UTF-8\r
+ * encoded response - code points under 127 in UTF-8 are stored using a\r
+ * single byte, using the same encoding as ASCII, which is damn handy.\r
+ * This is all grand for the English speakers, like meself, but I dunno\r
+ * how others are gonna take to it. Well, the previous version of this\r
+ * connector already did this with file names and nobody seemed to mind,\r
+ * so fingers-crossed nobody will mind their folder names being munged too.\r
+ *\r
+--->\r
+\r
+<cfparam name="url.command" default="QuickUpload">\r
+<cfparam name="url.type" default="File">\r
+<cfparam name="url.currentFolder" default="/">\r
+\r
+<cfif not isDefined("config_included")>\r
+ <cfinclude template="config.cfm">\r
+</cfif>\r
+\r
+<cfscript>\r
+ function SendUploadResults(errorNumber, fileUrl, fileName, customMsg)\r
+ {\r
+ WriteOutput('<script type="text/javascript">');\r
+ // Minified version of the document.domain automatic fix script (#1919).\r
+ // The original script can be found at _dev/domain_fix_template.js\r
+ WriteOutput("(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\.|$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})();");\r
+ WriteOutput('window.parent.OnUploadCompleted(' & errorNumber & ', "' & JSStringFormat(fileUrl) & '", "' & JSStringFormat(fileName) & '", "' & JSStringFormat(customMsg) & '");' );\r
+ WriteOutput('</script>');\r
+ }\r
+</cfscript>\r
+\r
+<cfif NOT config.enabled>\r
+ <cfset SendUploadResults(1, "", "", "This file uploader is disabled. Please check the ""editor/filemanager/connectors/cfm/config.cfm"" file")>\r
+ <cfabort>\r
+</cfif>\r
+\r
+<cfif isDefined("Config.ConfigAllowedCommands") and not ListFind(Config.ConfigAllowedCommands, url.command)>\r
+ <cfset SendUploadResults(1, "", "", "The """ & url.command & """ command isn't allowed")>\r
+ <cfabort>\r
+</cfif>\r
+\r
+<cfif isDefined("Config.ConfigAllowedTypes") and not ListFind(Config.ConfigAllowedTypes, url.type)>\r
+ <cfset SendUploadResults(1, "", "", "The """ & url.type & """ type isn't allowed")>\r
+ <cfabort>\r
+</cfif>\r
+\r
+<cfif find( "..", url.currentFolder) or find( "\", url.currentFolder)>\r
+ <cfset SendUploadResults(102)>\r
+ <cfabort>\r
+</cfif>\r
+\r
+<cfscript>\r
+ userFilesPath = config.userFilesPath;\r
+\r
+ if ( userFilesPath eq "" ) {\r
+ userFilesPath = "/userfiles/";\r
+ }\r
+\r
+ // make sure the user files path is correctly formatted\r
+ userFilesPath = replace(userFilesPath, "\", "/", "ALL");\r
+ userFilesPath = replace(userFilesPath, '//', '/', 'ALL');\r
+ if ( right(userFilesPath,1) NEQ "/" ) {\r
+ userFilesPath = userFilesPath & "/";\r
+ }\r
+ if ( left(userFilesPath,1) NEQ "/" ) {\r
+ userFilesPath = "/" & userFilesPath;\r
+ }\r
+\r
+ // make sure the current folder is correctly formatted\r
+ url.currentFolder = replace(url.currentFolder, "\", "/", "ALL");\r
+ url.currentFolder = replace(url.currentFolder, '//', '/', 'ALL');\r
+ if ( right(url.currentFolder,1) neq "/" ) {\r
+ url.currentFolder = url.currentFolder & "/";\r
+ }\r
+ if ( left(url.currentFolder,1) neq "/" ) {\r
+ url.currentFolder = "/" & url.currentFolder;\r
+ }\r
+\r
+ if (find("/",getBaseTemplatePath())) {\r
+ fs = "/";\r
+ } else {\r
+ fs = "\";\r
+ }\r
+\r
+ // Get the base physical path to the web root for this application. The code to determine the path automatically assumes that\r
+ // the "FCKeditor" directory in the http request path is directly off the web root for the application and that it's not a\r
+ // virtual directory or a symbolic link / junction. Use the serverPath config setting to force a physical path if necessary.\r
+ if ( len(config.serverPath) ) {\r
+ serverPath = config.serverPath;\r
+\r
+ if ( right(serverPath,1) neq fs ) {\r
+ serverPath = serverPath & fs;\r
+ }\r
+ } else {\r
+ serverPath = replaceNoCase(getBaseTemplatePath(),replace(cgi.script_name,"/",fs,"all"),"") & replace(userFilesPath,"/",fs,"all");\r
+ }\r
+\r
+ rootPath = left( serverPath, Len(serverPath) - Len(userFilesPath) ) ;\r
+</cfscript>\r
+<cfif url.command eq "QuickUpload">\r
+ <cfset resourceTypeUrl = rereplace( replace( Config.QuickUploadPath[url.type], fs, "/", "all"), "/$", "") >\r
+ <cfif isDefined( "Config.QuickUploadAbsolutePath" )\r
+ and structkeyexists( Config.QuickUploadAbsolutePath, url.type )\r
+ and Len( Config.QuickUploadAbsolutePath[url.type] )>\r
+ <cfset userFilesServerPath = Config.QuickUploadAbsolutePath[url.type] & url.currentFolder>\r
+ <cfelse>\r
+ <cftry>\r
+ <cfset userFilesServerPath = expandpath( resourceTypeUrl ) & url.currentFolder>\r
+ <!--- Catch: Parameter 1 of function ExpandPath must be a relative path --->\r
+ <cfcatch type="any">\r
+ <cfset userFilesServerPath = rootPath & Config.QuickUploadPath[url.type] & url.currentFolder>\r
+ </cfcatch>\r
+ </cftry>\r
+ </cfif>\r
+<cfelse>\r
+ <cfset resourceTypeUrl = rereplace( replace( Config.FileTypesPath[url.type], fs, "/", "all"), "/$", "") >\r
+ <cfif isDefined( "Config.FileTypesAbsolutePath" )\r
+ and structkeyexists( Config.FileTypesAbsolutePath, url.type )\r
+ and Len( Config.FileTypesAbsolutePath[url.type] )>\r
+ <cfset userFilesServerPath = Config.FileTypesAbsolutePath[url.type] & url.currentFolder>\r
+ <cfelse>\r
+ <cftry>\r
+ <cfset userFilesServerPath = expandpath( resourceTypeUrl ) & url.currentFolder>\r
+ <!--- Catch: Parameter 1 of function ExpandPath must be a relative path --->\r
+ <cfcatch type="any">\r
+ <cfset userFilesServerPath = rootPath & Config.FileTypesPath[url.type] & url.currentFolder>\r
+ </cfcatch>\r
+ </cftry>\r
+ </cfif>\r
+</cfif>\r
+\r
+<cfset userFilesServerPath = replace( userFilesServerPath, "/", fs, "all" ) >\r
+<!--- get rid of double directory separators --->\r
+<cfset userFilesServerPath = replace( userFilesServerPath, fs & fs, fs, "all") >\r
+\r
+<!--- create resource type directory if not exists --->\r
+<cfset resourceTypeDirectory = left( userFilesServerPath, Len(userFilesServerPath) - Len(url.currentFolder) )>\r
+\r
+<cfif not directoryexists( resourceTypeDirectory )>\r
+\r
+ <cfset currentPath = "">\r
+ <cftry>\r
+ <cfloop list="#resourceTypeDirectory#" index="name" delimiters="#fs#">\r
+ <cfif currentPath eq "" and fs eq "\">\r
+ <!--- Without checking this, we would have in Windows \C:\ --->\r
+ <cfif not directoryExists(name)>\r
+ <cfdirectory action="create" directory="#name#" mode="755">\r
+ </cfif>\r
+ <cfelse>\r
+ <cfif not directoryExists(currentPath & fs & name)>\r
+ <cfdirectory action="create" directory="#currentPath##fs##name#" mode="755">\r
+ </cfif>\r
+ </cfif>\r
+\r
+ <cfif fs eq "\" and currentPath eq "">\r
+ <cfset currentPath = name>\r
+ <cfelse>\r
+ <cfset currentPath = currentPath & fs & name>\r
+ </cfif>\r
+ </cfloop>\r
+\r
+ <cfcatch type="any">\r
+\r
+ <!--- this should only occur as a result of a permissions problem --->\r
+ <cfset SendUploadResults(103)>\r
+ <cfabort>\r
+\r
+ </cfcatch>\r
+\r
+ </cftry>\r
+</cfif>\r
+\r
+<cfset currentFolderPath = userFilesServerPath>\r
+<cfset resourceType = url.type>\r
+\r
+<cfset fileName = "">\r
+<cfset fileExt = "">\r
+\r
+<!--- Can be overwritten. The last value will be sent with the result --->\r
+<cfset customMsg = "">\r
+\r
+<cftry>\r
+ <!--- first upload the file with an unique filename --->\r
+ <cffile action="upload"\r
+ fileField="NewFile"\r
+ destination="#currentFolderPath#"\r
+ nameConflict="makeunique"\r
+ mode="644"\r
+ attributes="normal">\r
+\r
+ <cfif cffile.fileSize EQ 0>\r
+ <cfthrow>\r
+ </cfif>\r
+\r
+ <cfset lAllowedExtensions = config.allowedExtensions[#resourceType#]>\r
+ <cfset lDeniedExtensions = config.deniedExtensions[#resourceType#]>\r
+\r
+ <cfif ( len(lAllowedExtensions) and not listFindNoCase(lAllowedExtensions,cffile.ServerFileExt) )\r
+ or ( len(lDeniedExtensions) and listFindNoCase(lDeniedExtensions,cffile.ServerFileExt) )>\r
+\r
+ <cfset errorNumber = "202">\r
+ <cffile action="delete" file="#cffile.ServerDirectory##fs##cffile.ServerFile#">\r
+\r
+ <cfelse>\r
+\r
+ <cfscript>\r
+ errorNumber = 0;\r
+ fileName = cffile.ClientFileName ;\r
+ fileExt = cffile.ServerFileExt ;\r
+ fileExisted = false ;\r
+\r
+ // munge filename for html download. Only a-z, 0-9, _, - and . are allowed\r
+ if( reFind("[^A-Za-z0-9_\-\.]", fileName) ) {\r
+ fileName = reReplace(fileName, "[^A-Za-z0-9\-\.]", "_", "ALL");\r
+ fileName = reReplace(fileName, "_{2,}", "_", "ALL");\r
+ fileName = reReplace(fileName, "([^_]+)_+$", "\1", "ALL");\r
+ fileName = reReplace(fileName, "$_([^_]+)$", "\1", "ALL");\r
+ }\r
+\r
+ // remove additional dots from file name\r
+ if( isDefined("Config.ForceSingleExtension") and Config.ForceSingleExtension )\r
+ fileName = replace( fileName, '.', "_", "all" ) ;\r
+\r
+ // When the original filename already exists, add numbers (0), (1), (2), ... at the end of the filename.\r
+ if( compare( cffile.ServerFileName, fileName ) ) {\r
+ counter = 0;\r
+ tmpFileName = fileName;\r
+ while( fileExists("#currentFolderPath##fileName#.#fileExt#") ) {\r
+ fileExisted = true ;\r
+ counter = counter + 1 ;\r
+ fileName = tmpFileName & '(#counter#)' ;\r
+ }\r
+ }\r
+ </cfscript>\r
+\r
+ <!--- Rename the uploaded file, if neccessary --->\r
+ <cfif compare(cffile.ServerFileName,fileName)>\r
+\r
+ <cfif fileExisted>\r
+ <cfset errorNumber = "201">\r
+ </cfif>\r
+ <cffile\r
+ action="rename"\r
+ source="#currentFolderPath##cffile.ServerFileName#.#cffile.ServerFileExt#"\r
+ destination="#currentFolderPath##fileName#.#fileExt#"\r
+ mode="644"\r
+ attributes="normal">\r
+\r
+ </cfif>\r
+\r
+ </cfif>\r
+\r
+ <cfcatch type="any">\r
+\r
+ <cfset errorNumber = "1">\r
+ <cfset customMsg = cfcatch.message >\r
+\r
+ </cfcatch>\r
+</cftry>\r
+\r
+<cfif errorNumber EQ 0>\r
+ <!--- file was uploaded succesfully --->\r
+ <cfset SendUploadResults(errorNumber, '#resourceTypeUrl##url.currentFolder##fileName#.#fileExt#', "", "")>\r
+ <cfabort>\r
+<cfelseif errorNumber EQ 201>\r
+ <!--- file was changed (201), submit the new filename --->\r
+ <cfset SendUploadResults(errorNumber, '#resourceTypeUrl##url.currentFolder##fileName#.#fileExt#', replace( fileName & "." & fileExt, "'", "\'", "ALL"), customMsg)>\r
+ <cfabort>\r
+<cfelse>\r
+ <!--- An error occured(202). Submit only the error code and a message (if available). --->\r
+ <cfset SendUploadResults(errorNumber, '', '', customMsg)>\r
+ <cfabort>\r
+</cfif>\r