1<?php
2/*
3 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
4 * Copyright (C) 2003-2009 Frederico Caldeira Knabben
5 *
6 * == BEGIN LICENSE ==
7 *
8 * Licensed under the terms of any of the following licenses at your
9 * choice:
10 *
11 *  - GNU General Public License Version 2 or later (the "GPL")
12 *    http://www.gnu.org/licenses/gpl.html
13 *
14 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
15 *    http://www.gnu.org/licenses/lgpl.html
16 *
17 *  - Mozilla Public License Version 1.1 or later (the "MPL")
18 *    http://www.mozilla.org/MPL/MPL-1.1.html
19 *
20 * == END LICENSE ==
21 *
22 * Configuration file for the File Manager Connector for PHP.
23 */
24
25require_once 'check_acl.php';
26if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../../../../../../../../').'/');
27
28
29global $Config ;
30global $AUTH;
31global $dwfck_client;
32global $topLevelFolder;
33global $sep;
34global $useNixStyle;
35global $Dwfck_conf_values;
36$Dwfck_conf_values = doku_config_values();
37
38$DWFCK_con_dbg = false;
39// SECURITY: You must explicitly enable this "connector". (Set it to "true").
40// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only
41//		authenticated users can access this file or use some kind of session checking.
42$Config['Enabled'] = true ;
43
44  if(isset($_REQUEST ) && isset($_REQUEST['DWFCK_Client'])) {
45     $dwfck_client = $_REQUEST['DWFCK_Client'];
46     if(!$dwfck_client) $AUTH_INI = 255;
47  }
48  else $AUTH_INI = 255;
49
50
51$Config['osDarwin'] = DWFCK_is_OS('DARWIN') ? true : false;
52
53$animal = 'userfiles';
54if(isset( $_COOKIE['FCK_animal'] )) {
55   $animal = $_COOKIE['FCK_animal'];
56}
57
58
59/**
60  For filebrowser installation documents relating to this file, see the following:
61  http://www.mturner.org/fckgLite/doku.php?id=file_browser_install
62  http://www.mturner.org/fckgLite/doku.php?id=docs:auto_install
63  http://www.mturner.org/fckgLite/doku.php?id=media#security_and_the_media_directory
64
65*/
66
67
68
69$isWindows = DWFCK_isWinOS();
70$Config['osWindows'] = $isWindows;
71$useWinStyle = false;
72$useNixStyle = false;
73$sep = $isWindows ? '\\' : '/';
74$dwfck_local = false;
75$useNixStyle=false;
76if(isset($Dwfck_conf_values['plugin']['ckgdoku']['nix_style'])) {
77   $useNixStyle = $Dwfck_conf_values['plugin']['ckgdoku']['nix_style'];
78}
79if(isset($_REQUEST['DWFCK_Browser']) && $_REQUEST['DWFCK_Browser'] == 'local') {
80     $useWinStyle = true;
81     $dwfck_local = true;
82	 $useNixStyle = false;
83}
84
85$Config['isWinStyle'] = $useWinStyle;
86
87if(!isset($Config['UserFilesAbsolutePath']) || !isset($Config['UserFilesPath'])) {
88   if(isset($_COOKIE['FCKConnector']) && $_COOKIE['FCKConnector'] == 'WIN') {
89      $useWinStyle = true;
90   }
91
92   if($isWindows || $useWinStyle) {
93    setupBasePathsWin();
94    if($dwfck_local) {
95     $savedir = $Dwfck_conf_values['savedir'];
96     if(trim($savedir,'./') != 'data') {
97        $Config['UserFilesPath'] = $savedir .'/pages/';
98        $Config['UserFilesAbsolutePath'] = $Config['UserFilesPath'];
99     }
100     else $Config['UserFilesPath'] = str_replace('/media', '/pages', $Config['UserFilesPath']);
101     //$Config['UserFilesPath'] = str_replace('/media', '/pages', $Config['UserFilesPath']);
102     if($isWindows) {
103          if(isset($Dwfck_conf_values['ckg_savedir'])) {
104             $Config['UserFilesAbsolutePath'] = $Dwfck_conf_values['ckg_savedir'] . '/pages/';
105         }
106         else $Config['UserFilesAbsolutePath'] = str_replace('\\media', '\\pages', $Config['UserFilesAbsolutePath']);
107     }
108     else {
109         if($Dwfck_conf_values['ckg_savedir']) {
110             $Config['UserFilesAbsolutePath'] = $Dwfck_conf_values['ckg_savedir'] . '/pages/';
111         }
112         else $Config['UserFilesAbsolutePath'] = str_replace('/media', '/pages/', $Config['UserFilesAbsolutePath']);
113         $Config['UserFilesAbsolutePath'] = rtrim($Config['UserFilesAbsolutePath'],'/') . '/';
114
115         if(isset($_COOKIE['FCK_farmlocal'])) {
116            $Config['UserFilesAbsolutePath'] = $_COOKIE['FCK_farmlocal'] . '/';
117            if(preg_match('#(\/\w+\/' . $animal . ')#',$path,$matches)) {
118                $Config['UserFilesPath'] = $matches[1] . '/data/pages/';
119            }
120            else $Config['UserFilesPath'] = '../' . $animal . '/data/pages/';
121
122         }
123     }
124    }
125    if($DWFCK_con_dbg && $isWindows) {
126          DWFCK_cfg_dbg('win_paths.txt');
127       }
128       else {
129          if($DWFCK_con_dbg) DWFCK_cfg_dbg('nix_local_paths-' . getAccessNum () .  '.txt');
130       }
131   }
132   else {
133     setupBasePathsNix();
134     if($DWFCK_con_dbg) DWFCK_cfg_dbg('nix_paths-' . getAccessNum () .  '.txt');
135   }
136}
137else {  //if both UserFilesPath and UserFilesAbsolutePath are set
138   if($isWindows || $useWinStyle) {
139    if($dwfck_local) {
140     $Config['UserFilesPath'] = str_replace('/media', '/pages', $Config['UserFilesPath']);
141     if($isWindows) {
142         $Config['UserFilesAbsolutePath'] = str_replace('\\media', '\\pages', $Config['UserFilesAbsolutePath']);
143     }
144     else {
145        $Config['UserFilesAbsolutePath'] = str_replace('/media', '/pages', $Config['UserFilesAbsolutePath']);
146     }
147    }
148    if($DWFCK_con_dbg) DWFCK_cfg_dbg('win_paths.txt');
149   }
150}
151
152setUpMediaPaths();
153
154// Due to security issues with Apache modules, it is recommended to leave the
155// following setting enabled.
156$Config['ForceSingleExtension'] = true ;
157
158// Perform additional checks for image files.
159// If set to true, validate image size (using getimagesize).
160$Config['SecureImageUploads'] = true;
161
162// What the user can do with this connector.
163$Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder', 'GetDwfckNs', 'UnlinkFile') ;
164
165// Allowed Resource Types.
166$Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media') ;
167
168// For security, HTML is allowed in the first Kb of data for files having the
169// following extensions only.
170$Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ;
171
172// After file is uploaded, sometimes it is required to change its permissions
173// so that it was possible to access it at the later time.
174// If possible, it is recommended to set more restrictive permissions, like 0755.
175// Set to 0 to disable this feature.
176// Note: not needed on Windows-based servers.
177if(isset($Dwfck_conf_values)) {
178    $Config['ChmodOnUpload'] =  $Dwfck_conf_values['fmode'] ;
179    $Config['ChmodOnFolderCreate'] = $Dwfck_conf_values['dmode']  ;
180}
181else {
182   $Config['ChmodOnUpload'] =  0755 ;
183   $Config['ChmodOnFolderCreate'] = 0755 ;
184}
185
186// See comments above.
187// Used when creating folders that does not exist.
188
189
190
191function setupBasePathsNix() {
192  global $Config,$animal;
193    $dir = dirname(__FILE__) ;
194
195    $dir = preg_replace('/editor\/filemanager\/connectors\/.*/', "$animal/",$dir);
196    $Config['UserFilesAbsolutePath'] = $dir;
197    $document_root = $_SERVER['DOCUMENT_ROOT'];
198    $relative_dir = str_replace($document_root, "", $dir);
199    $Config['UserFilesPath'] = $relative_dir;
200}
201
202function setupBasePathsWin() {
203  global $Config, $Dwfck_conf_values;
204  global $isWindows;
205  global $useNixStyle;
206  global $animal;
207
208    $data_media = $isWindows ? 'data\\media\\' : 'data/media/';
209    if($useNixStyle) {
210    $regex = $isWindows ? '\editor\filemanager\connectors' : 'lib/plugins/ckgdoku/fckeditor/editor/filemanager/connectors';
211	$data_media = '\\userfiles\\';
212    }
213    else {
214       $regex = $isWindows ? 'lib\plugins\ckgdoku\fckeditor\editor\filemanager\connectors' : 'lib/plugins/ckgdoku/fckeditor/editor/filemanager/connectors';
215     }
216    $dir = dirname(__FILE__) ;
217
218    $regex = preg_quote($regex, '/');
219
220    $dir = preg_replace('/'. $regex .'.*/', $data_media, $dir);
221
222    $Config['UserFilesAbsolutePath'] = $dir;
223
224    $base_url = getBaseURL_fck();
225    if($useNixStyle) {
226       $Config['UserFilesPath'] =  $base_url . 'lib/plugins/ckgdoku/fckeditor/' . $animal  .'/';
227     }
228    else $Config['UserFilesPath'] =  $base_url . 'data/media/';
229
230}
231
232/**
233*   find hierarchically highest level parent namespace which allows acl CREATE
234*/
235function get_start_dir() {
236global $Config ;
237global $AUTH;
238global $AUTH_INI;
239global $sep;
240global $dwfck_client;
241 if(!$dwfck_client || $AUTH_INI == 255) return "";
242
243  if(isset($_REQUEST['DWFCK_usergrps'])) {
244      $usergrps = get_conf_array($_REQUEST['DWFCK_usergrps']);
245  }
246  else $usergrps = array();
247
248   $elems = explode(':', $_COOKIE['FCK_NmSp']);
249   array_pop($elems);
250   $ns = "";
251   $prev_auth = -1;
252   while(count($elems) > 0) {
253      $ns_tmp = implode(':',$elems);
254      $test = $ns_tmp . ':*';
255      $AUTH = auth_aclcheck($test,$dwfck_client,$usergrps);
256      if($AUTH < 4) {
257          if(!$ns) {
258             $ns = $ns_tmp;
259             break;
260          }
261           $AUTH = $prev_auth;
262           break;
263      }
264      $prev_auth = $AUTH;
265      $ns = $ns_tmp;
266      array_pop($elems);
267
268   }
269
270
271    if($ns) {
272       if(strpos($ns, ':')) {
273          return str_replace(':', '/', $ns);
274       }
275      $AUTH = auth_aclcheck(':*', $dwfck_client,$usergrps);
276
277      if($AUTH >= 8)  return "";
278      return $ns;
279    }
280    $AUTH = auth_aclcheck(':*', $dwfck_client,$usergrps);
281    return "";
282
283}
284
285function setUpMediaPaths() {
286
287  global $Config;
288  global $isWindows;
289  global $useWinStyle;
290  global $AUTH;
291  global $dwfck_client;
292  global $useNixStyle;
293
294  if($useNixStyle) {
295	$useWinStyle=false;
296	$isWindows = false;
297  }
298  $ALLOWED_MIMES = DOKU_INC . 'conf/mime.conf';
299  if(!file_exists($ALLOWED_MIMES)) {
300      $ALLOWED_MIMES = DOKU_CONF . '/mime.conf';
301      $MIMES_LOCAL = DOKU_CONF . '/mime.local.conf';
302  }
303  $out=@file($ALLOWED_MIMES,FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
304
305  if(file_exists(DOKU_INC . 'conf/mime.local.conf'))
306  {
307  	$out_local = @file(DOKU_INC . 'conf/mime.local.conf',FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
308  	$out = array_merge($out,$out_local);
309  }
310  elseif(isset($MIMES_LOCAL) && file_exists($MIMES_LOCAL)) {
311   	$out_local = @file($MIMES_LOCAL,FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
312  	$out = array_merge($out,$out_local);
313  }
314  $extensions = array();
315  $image_extensions = array();
316  foreach($out as $line) {
317      if(strpos($line,'#') ===  false) {
318         list($ext,$mtype)  = preg_split('/\s+/', $line);
319         $extensions[] = $ext;
320		 if(strpos($mtype,'image')!==false) {
321		     $image_extensions[] = $ext;
322		 }
323     }
324  }
325
326
327
328    // if !$dwfck_client then the file browser is not restricted to the client's permissions
329   if(!$dwfck_client) {
330      $unrestricted_browser = true;
331   }
332   else $unrestricted_browser = false;
333
334  if(isset($_REQUEST['DWFCK_usergrps'])) {
335      $usergrps = get_conf_array($_REQUEST['DWFCK_usergrps']);
336  }
337  else $usergrps = array();
338
339
340   $Config['AllowedExtensions']['File']	= array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv',
341      'doc', 'docx','fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg',
342      'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt',
343      'pdf', 'png', 'ppt', 'psd', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb',
344      'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif',
345      'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ;
346
347    if(count($extensions) ) {
348       $Config['AllowedExtensions']['File']	 = array_merge($Config['AllowedExtensions']['File'],$extensions);
349}
350    $Config['DeniedExtensions']['File']		= array() ;
351    $Config['AllowedExtensions']['Image']	= array_merge(array('bmp','gif','jpeg','jpg','png'),$image_extensions) ;
352    $Config['DeniedExtensions']['Image']	= array() ;
353    $Config['AllowedExtensions']['Flash']	= array('swf','flv') ;
354    $Config['DeniedExtensions']['Flash']	= array() ;
355    $Config['AllowedExtensions']['Media']	= array_merge(array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg',
356	                              'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ,$image_extensions);
357    $Config['DeniedExtensions']['Media']	= array() ;
358
359    $DWFCK_MediaTypes = array('File','Image', 'Flash','Media');
360    $DWFCK_use_acl = true;
361    if($unrestricted_browser) $DWFCK_use_acl = false;
362    $current__Folder = "";
363    if($DWFCK_use_acl && isset($_COOKIE['FCK_NmSp'])) {
364        if(strpos($_COOKIE['FCK_NmSp'], ':')) {
365          $current__Folder=get_start_dir();
366        }
367   }
368
369    $sess_id = session_id();
370    if(!isset($sess_id) || $sess_id != $_COOKIE['FCK_NmSp_acl']) {
371        session_id($_COOKIE['FCK_NmSp_acl']);
372        session_start();
373    }
374   //file_put_contents('session.txt',print_r($_SESSION,true));
375   if($_SESSION['dwfck_openfb'] == 'y') {
376          $current__Folder = "";
377   }
378
379   $topLevelFolder=$current__Folder ? $current__Folder : '/';
380   if($current__Folder) $current__Folder .= '/';
381   if($unrestricted_browser) $AUTH = 255;
382   setcookie("TopLevel", "$topLevelFolder;;$AUTH", time()+3600, '/');
383   foreach($DWFCK_MediaTypes as $type) {
384
385        $abs_type_dir = strtolower($type) . '/';
386        if($isWindows || $useWinStyle) {
387          $abs_type_dir = "";
388        }
389        else {
390           $abs_type_dir = strtolower($type) . '/';
391        }
392        $Config['FileTypesPath'][$type]		= $Config['UserFilesPath'] . $abs_type_dir; // $dir_type;
393        $Config['FileTypesAbsolutePath'][$type] = $Config['UserFilesAbsolutePath'] . $abs_type_dir; // $abs_type_dir ;
394        $Config['QuickUploadPath'][$type]		= $Config['UserFilesPath'] . $abs_type_dir; // $dir_type ;
395        $Config['QuickUploadAbsolutePath'][$type]= $Config['UserFilesAbsolutePath'] . $abs_type_dir;
396
397        $Config['FileTypesPath'][$type]		= $Config['UserFilesPath'] . $abs_type_dir; //$dir_type;
398        $Config['FileTypesAbsolutePath'][$type] = $Config['UserFilesAbsolutePath'] . $abs_type_dir ;
399
400
401    }
402
403}
404
405function getBaseURL_fck(){
406
407  if(substr($_SERVER['SCRIPT_NAME'],-4) == '.php'){
408    $dir = dirname($_SERVER['SCRIPT_NAME']);
409  }elseif(substr($_SERVER['PHP_SELF'],-4) == '.php'){
410    $dir = dirname($_SERVER['PHP_SELF']);
411  }elseif($_SERVER['DOCUMENT_ROOT'] && $_SERVER['SCRIPT_FILENAME']){
412    $dir = preg_replace ('/^'.preg_quote($_SERVER['DOCUMENT_ROOT'],'/').'/','',
413                         $_SERVER['SCRIPT_FILENAME']);
414    $dir = dirname('/'.$dir);
415  }else{
416    $dir = '.'; //probably wrong
417  }
418
419  $dir = str_replace('\\','/',$dir);             // bugfix for weird WIN behaviour
420  $dir = preg_replace('#//+#','/',"/$dir/");     // ensure leading and trailing slashes
421
422  //handle script in lib/exe dir
423  $dir = preg_replace('!lib/exe/$!','',$dir);
424
425  //handle script in lib/plugins dir
426  $dir = preg_replace('!lib/plugins/.*$!','',$dir);
427
428  //finish here for relative URLs
429  return $dir;
430}
431
432function DWFCK_isWinOS() {
433  global $Config;
434  if(isset($_SERVER['WINDIR']) && $_SERVER['WINDIR']) {
435      return true;
436  }
437  elseif(stristr(PHP_OS, 'WIN') && !DWFCK_is_OS('DARWIN')) {
438     return true;
439  }
440
441  return false;
442}
443
444
445function DWFCK_is_OS($os) {
446  $os = strtolower($os);
447  $_OS = strtolower(PHP_OS);
448
449  if($os == $_OS || stristr(PHP_OS, $os) || stristr($os,PHP_OS) ) {
450        return true;
451  }
452  return false;
453}
454
455function doku_config_values() {
456  $dwphp = DOKU_INC . 'conf/dokuwiki.php';
457  if(!file_exists($dwphp)) {
458     $dwphp = DOKU_CONF . 'dokuwiki.php';
459     $localphp = DOKU_CONF . 'local.php';
460  }
461  else $localphp = DOKU_INC . 'conf/local.php';
462
463  if(file_exists($dwphp))
464  {
465  	include($dwphp);
466    if(file_exists($localphp))
467    {
468      include($localphp);
469    }
470   if(trim($conf['savedir'],'/.\/') != 'data') {
471     $conf['ckg_savedir']= $conf['savedir'];
472   }
473
474    return $conf;
475  }
476
477  return false;
478}
479
480function DWFCK_cfg_dbg($fname) {
481   global $Config;
482   global $Dwfck_conf_values;
483   $request = print_r($_REQUEST,true);
484   $request .= "\n" .  print_r($Dwfck_conf_values,true);
485   file_put_contents($fname, $Config['UserFilesAbsolutePath'] . "\r\n" . $Config['UserFilesPath'] . "\r\n" .$request ."\r\n");
486}
487
488function config_write_debug($what) {
489return;
490if(is_array($what)) {
491   $what = print_r($what,true);
492}
493$dwfckFHandle = fopen("fbrowser_dbg.txt", "a");
494fwrite($dwfckFHandle, "$what\n");
495fclose($dwfckFHandle);
496}
497?>
498