1<?php
2/*
3 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
4 * Copyright (C) 2003-2009 Frederico Caldeira Knabben
5 *
6 * == BEGIN LICENSE ==
7 *
8 * Licensed under the terms of any of the following licenses at your
9 * choice:
10 *
11 *  - GNU General Public License Version 2 or later (the "GPL")
12 *    http://www.gnu.org/licenses/gpl.html
13 *
14 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
15 *    http://www.gnu.org/licenses/lgpl.html
16 *
17 *  - Mozilla Public License Version 1.1 or later (the "MPL")
18 *    http://www.mozilla.org/MPL/MPL-1.1.html
19 *
20 * == END LICENSE ==
21 *
22 * Configuration file for the File Manager Connector for PHP.
23 */
24
25require_once 'check_acl.php';
26if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../../../../../../../../').'/');
27
28
29global $Config ;
30global $AUTH;
31global $dwfck_client;
32global $topLevelFolder;
33global $sep;
34global $useNixStyle;
35global $Dwfck_conf_values;
36$Dwfck_conf_values = doku_config_values();
37
38$DWFCK_con_dbg = false;
39// SECURITY: You must explicitly enable this "connector". (Set it to "true").
40// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only
41//		authenticated users can access this file or use some kind of session checking.
42$Config['Enabled'] = true ;
43
44  if(isset($_REQUEST ) && isset($_REQUEST['DWFCK_Client'])) {
45     $dwfck_client = $_REQUEST['DWFCK_Client'];
46     if(!$dwfck_client) $AUTH_INI = 255;
47  }
48  else $AUTH_INI = 255;
49
50
51$Config['osDarwin'] = DWFCK_is_OS('DARWIN') ? true : false;
52
53$animal = 'userfiles';
54if(isset( $_COOKIE['FCK_animal'] )) {
55   $animal = $_COOKIE['FCK_animal'];
56}
57
58
59/**
60  For filebrowser installation documents relating to this file, see the following:
61  http://www.mturner.org/fckgLite/doku.php?id=file_browser_install
62  http://www.mturner.org/fckgLite/doku.php?id=docs:auto_install
63  http://www.mturner.org/fckgLite/doku.php?id=media#security_and_the_media_directory
64
65*/
66
67
68
69$isWindows = DWFCK_isWinOS();
70$Config['osWindows'] = $isWindows;
71$useWinStyle = false;
72$useNixStyle = false;
73$sep = $isWindows ? '\\' : '/';
74$dwfck_local = false;
75$useNixStyle=false;
76if(isset($Dwfck_conf_values['plugin']['ckgedit']['nix_style'])) {
77   $useNixStyle = $Dwfck_conf_values['plugin']['ckgedit']['nix_style'];
78}
79if(isset($_REQUEST['DWFCK_Browser']) && $_REQUEST['DWFCK_Browser'] == 'local') {
80     $useWinStyle = true;
81     $dwfck_local = true;
82	 $useNixStyle = false;
83}
84
85$Config['isWinStyle'] = $useWinStyle;
86
87if(!isset($Config['UserFilesAbsolutePath']) || !isset($Config['UserFilesPath'])) {
88   if(isset($_COOKIE['FCKConnector']) && $_COOKIE['FCKConnector'] == 'WIN') {
89      $useWinStyle = true;
90   }
91
92   if($isWindows || $useWinStyle) {
93    setupBasePathsWin();
94    if($dwfck_local) {
95     $savedir = $Dwfck_conf_values['savedir'];
96     if(trim($savedir,'./') != 'data') {
97        $Config['UserFilesPath'] = $savedir .'/pages/';
98        $Config['UserFilesAbsolutePath'] = $Config['UserFilesPath'];
99     }
100     else $Config['UserFilesPath'] = str_replace('/media', '/pages', $Config['UserFilesPath']);
101
102     if($isWindows) {
103          if(isset($Dwfck_conf_values['ckg_savedir'])) {
104             $Config['UserFilesAbsolutePath'] = realpath(DOKU_INC . $Dwfck_conf_values['ckg_savedir'] . '/pages/');
105             $Config['UserFilesPath']=$Dwfck_conf_values['ckg_savedir'] . '/pages/';
106            // config_write_debug($Config['UserFilesAbsolutePath']);
107         }
108         else $Config['UserFilesAbsolutePath'] = str_replace('\\media', '\\pages', $Config['UserFilesAbsolutePath']);
109     }
110     else {
111         if($Dwfck_conf_values['ckg_savedir']) {
112             $Config['UserFilesAbsolutePath'] = $Dwfck_conf_values['ckg_savedir'] . '/pages/';
113         }
114         else $Config['UserFilesAbsolutePath'] = str_replace('/media', '/pages/', $Config['UserFilesAbsolutePath']);
115         $Config['UserFilesAbsolutePath'] = rtrim($Config['UserFilesAbsolutePath'],'/') . '/';
116
117         if(isset($_COOKIE['FCK_farmlocal'])) {
118            $Config['UserFilesAbsolutePath'] = $_COOKIE['FCK_farmlocal'] . '/';
119            if(preg_match('#(\/\w+\/' . $animal . ')#',$path,$matches)) {
120                $Config['UserFilesPath'] = $matches[1] . '/data/pages/';
121            }
122            else $Config['UserFilesPath'] = '../' . $animal . '/data/pages/';
123
124         }
125     }
126    }
127    if($DWFCK_con_dbg && $isWindows) {
128          DWFCK_cfg_dbg('win_paths.txt');
129       }
130       else {
131          if($DWFCK_con_dbg) DWFCK_cfg_dbg('nix_local_paths-' . getAccessNum () .  '.txt');
132       }
133   }
134   else {
135     setupBasePathsNix();
136     if($DWFCK_con_dbg) DWFCK_cfg_dbg('nix_paths-' . getAccessNum () .  '.txt');
137   }
138}
139else {  //if both UserFilesPath and UserFilesAbsolutePath are set
140   if($isWindows || $useWinStyle) {
141    if($dwfck_local) {
142     $Config['UserFilesPath'] = str_replace('/media', '/pages', $Config['UserFilesPath']);
143     if($isWindows) {
144         $Config['UserFilesAbsolutePath'] = str_replace('\\media', '\\pages', $Config['UserFilesAbsolutePath']);
145     }
146     else {
147        $Config['UserFilesAbsolutePath'] = str_replace('/media', '/pages', $Config['UserFilesAbsolutePath']);
148     }
149    }
150    if($DWFCK_con_dbg) DWFCK_cfg_dbg('win_paths.txt');
151   }
152}
153
154setUpMediaPaths();
155
156// Due to security issues with Apache modules, it is recommended to leave the
157// following setting enabled.
158$Config['ForceSingleExtension'] = true ;
159
160// Perform additional checks for image files.
161// If set to true, validate image size (using getimagesize).
162$Config['SecureImageUploads'] = true;
163
164// What the user can do with this connector.
165$Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder', 'GetDwfckNs', 'UnlinkFile') ;
166
167// Allowed Resource Types.
168$Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media') ;
169
170// For security, HTML is allowed in the first Kb of data for files having the
171// following extensions only.
172$Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ;
173
174// After file is uploaded, sometimes it is required to change its permissions
175// so that it was possible to access it at the later time.
176// If possible, it is recommended to set more restrictive permissions, like 0755.
177// Set to 0 to disable this feature.
178// Note: not needed on Windows-based servers.
179if(isset($Dwfck_conf_values)) {
180    $Config['ChmodOnUpload'] =  $Dwfck_conf_values['fmode'] ;
181    $Config['ChmodOnFolderCreate'] = $Dwfck_conf_values['dmode']  ;
182}
183else {
184   $Config['ChmodOnUpload'] =  0755 ;
185   $Config['ChmodOnFolderCreate'] = 0755 ;
186}
187
188// See comments above.
189// Used when creating folders that does not exist.
190
191
192
193function setupBasePathsNix() {
194  global $Config,$animal;
195    $dir = dirname(__FILE__) ;
196
197    $dir = preg_replace('/editor\/filemanager\/connectors\/.*/', "$animal/",$dir);
198    $Config['UserFilesAbsolutePath'] = $dir;
199    $document_root = $_SERVER['DOCUMENT_ROOT'];
200    $relative_dir = str_replace($document_root, "", $dir);
201    $Config['UserFilesPath'] = $relative_dir;
202}
203
204function setupBasePathsWin() {
205  global $Config, $Dwfck_conf_values;
206  global $isWindows;
207  global $useNixStyle;
208  global $animal;
209
210    $data_media = $isWindows ? 'data\\media\\' : 'data/media/';
211    if($useNixStyle) {
212    $regex = $isWindows ? '\editor\filemanager\connectors' : 'lib/plugins/ckgedit/fckeditor/editor/filemanager/connectors';
213	$data_media = '\\userfiles\\';
214    }
215    else {
216       $regex = $isWindows ? 'lib\plugins\ckgedit\fckeditor\editor\filemanager\connectors' : 'lib/plugins/ckgedit/fckeditor/editor/filemanager/connectors';
217     }
218    $dir = dirname(__FILE__) ;
219
220    $regex = preg_quote($regex, '/');
221
222    $dir = preg_replace('/'. $regex .'.*/', $data_media, $dir);
223
224    $Config['UserFilesAbsolutePath'] = $dir;
225
226    $base_url = getBaseURL_fck();
227    if($useNixStyle) {
228       $Config['UserFilesPath'] =  $base_url . 'lib/plugins/ckgedit/fckeditor/' . $animal  .'/';
229     }
230    else $Config['UserFilesPath'] =  $base_url . 'data/media/';
231
232}
233
234/**
235*   find hierarchically highest level parent namespace which allows acl CREATE
236*/
237function get_start_dir() {
238global $Config ;
239global $AUTH;
240global $AUTH_INI;
241global $sep;
242global $dwfck_client;
243 if(!$dwfck_client || $AUTH_INI == 255) return "";
244
245  if(isset($_REQUEST['DWFCK_usergrps'])) {
246      $usergrps = get_conf_array($_REQUEST['DWFCK_usergrps']);
247  }
248  else $usergrps = array();
249
250   $elems = explode(':', $_COOKIE['FCK_NmSp']);
251   array_pop($elems);
252   $ns = "";
253   $prev_auth = -1;
254   while(count($elems) > 0) {
255      $ns_tmp = implode(':',$elems);
256      $test = $ns_tmp . ':*';
257      $AUTH = auth_aclcheck($test,$dwfck_client,$usergrps);
258      if($AUTH < 4) {
259          if(!$ns) {
260             $ns = $ns_tmp;
261             break;
262          }
263           $AUTH = $prev_auth;
264           break;
265      }
266      $prev_auth = $AUTH;
267      $ns = $ns_tmp;
268      array_pop($elems);
269
270   }
271
272
273    if($ns) {
274       if(strpos($ns, ':')) {
275          return str_replace(':', '/', $ns);
276       }
277      $AUTH = auth_aclcheck(':*', $dwfck_client,$usergrps);
278
279      if($AUTH >= 8)  return "";
280      return $ns;
281    }
282    $AUTH = auth_aclcheck(':*', $dwfck_client,$usergrps);
283    return "";
284
285}
286
287function setUpMediaPaths() {
288
289  global $Config;
290  global $isWindows;
291  global $useWinStyle;
292  global $AUTH;
293  global $dwfck_client;
294  global $useNixStyle;
295
296  if($useNixStyle) {
297	$useWinStyle=false;
298	$isWindows = false;
299  }
300  $ALLOWED_MIMES = DOKU_INC . 'conf/mime.conf';
301  if(!file_exists($ALLOWED_MIMES)) {
302      $ALLOWED_MIMES = DOKU_CONF . '/mime.conf';
303      $MIMES_LOCAL = DOKU_CONF . '/mime.local.conf';
304  }
305  $out=@file($ALLOWED_MIMES,FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
306
307  if(file_exists(DOKU_INC . 'conf/mime.local.conf'))
308  {
309  	$out_local = @file(DOKU_INC . 'conf/mime.local.conf',FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
310  	$out = array_merge($out,$out_local);
311  }
312  elseif(isset($MIMES_LOCAL) && file_exists($MIMES_LOCAL)) {
313   	$out_local = @file($MIMES_LOCAL,FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
314  	$out = array_merge($out,$out_local);
315  }
316  $extensions = array();
317  $image_extensions = array();
318  foreach($out as $line) {
319      if(strpos($line,'#') ===  false) {
320         list($ext,$mtype)  = preg_split('/\s+/', $line);
321         $extensions[] = $ext;
322		 if(strpos($mtype,'image')!==false) {
323		     $image_extensions[] = $ext;
324		 }
325     }
326  }
327
328
329
330    // if !$dwfck_client then the file browser is not restricted to the client's permissions
331   if(!$dwfck_client) {
332      $unrestricted_browser = true;
333   }
334   else $unrestricted_browser = false;
335
336  if(isset($_REQUEST['DWFCK_usergrps'])) {
337      $usergrps = get_conf_array($_REQUEST['DWFCK_usergrps']);
338  }
339  else $usergrps = array();
340
341
342   $Config['AllowedExtensions']['File']	= array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv',
343      'doc', 'docx','fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg',
344      'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt',
345      'pdf', 'png', 'ppt', 'psd', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb',
346      'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif',
347      'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ;
348
349    if(count($extensions) ) {
350       $Config['AllowedExtensions']['File']	 = array_merge($Config['AllowedExtensions']['File'],$extensions);
351}
352    $Config['DeniedExtensions']['File']		= array() ;
353    $Config['AllowedExtensions']['Image']	= array_merge(array('bmp','gif','jpeg','jpg','png'),$image_extensions) ;
354    $Config['DeniedExtensions']['Image']	= array() ;
355    $Config['AllowedExtensions']['Flash']	= array('swf','flv') ;
356    $Config['DeniedExtensions']['Flash']	= array() ;
357    $Config['AllowedExtensions']['Media']	= array_merge(array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg',
358	                              'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ,$image_extensions);
359    $Config['DeniedExtensions']['Media']	= array() ;
360
361    $DWFCK_MediaTypes = array('File','Image', 'Flash','Media');
362    $DWFCK_use_acl = true;
363    if($unrestricted_browser) $DWFCK_use_acl = false;
364    $current__Folder = "";
365    if($DWFCK_use_acl && isset($_COOKIE['FCK_NmSp'])) {
366        if(strpos($_COOKIE['FCK_NmSp'], ':')) {
367          $current__Folder=get_start_dir();
368        }
369   }
370
371    $sess_id = session_id();
372    if(!isset($sess_id) || $sess_id != $_COOKIE['FCK_NmSp_acl']) {
373        session_id($_COOKIE['FCK_NmSp_acl']);
374        session_start();
375    }
376   //file_put_contents('session.txt',print_r($_SESSION,true));
377   if($_SESSION['dwfck_openfb'] == 'y') {
378          $current__Folder = "";
379   }
380
381   $topLevelFolder=$current__Folder ? $current__Folder : '/';
382   if($current__Folder) $current__Folder .= '/';
383   if($unrestricted_browser) $AUTH = 255;
384   setcookie("TopLevel", "$topLevelFolder;;$AUTH", time()+3600, '/');
385   foreach($DWFCK_MediaTypes as $type) {
386
387        $abs_type_dir = strtolower($type) . '/';
388        if($isWindows || $useWinStyle) {
389          $abs_type_dir = "";
390        }
391        else {
392           $abs_type_dir = strtolower($type) . '/';
393        }
394        $Config['FileTypesPath'][$type]		= $Config['UserFilesPath'] . $abs_type_dir; // $dir_type;
395        $Config['FileTypesAbsolutePath'][$type] = $Config['UserFilesAbsolutePath'] . $abs_type_dir; // $abs_type_dir ;
396        $Config['QuickUploadPath'][$type]		= $Config['UserFilesPath'] . $abs_type_dir; // $dir_type ;
397        $Config['QuickUploadAbsolutePath'][$type]= $Config['UserFilesAbsolutePath'] . $abs_type_dir;
398
399        $Config['FileTypesPath'][$type]		= $Config['UserFilesPath'] . $abs_type_dir; //$dir_type;
400        $Config['FileTypesAbsolutePath'][$type] = $Config['UserFilesAbsolutePath'] . $abs_type_dir ;
401
402
403    }
404
405}
406
407function getBaseURL_fck(){
408
409  if(substr($_SERVER['SCRIPT_NAME'],-4) == '.php'){
410    $dir = dirname($_SERVER['SCRIPT_NAME']);
411  }elseif(substr($_SERVER['PHP_SELF'],-4) == '.php'){
412    $dir = dirname($_SERVER['PHP_SELF']);
413  }elseif($_SERVER['DOCUMENT_ROOT'] && $_SERVER['SCRIPT_FILENAME']){
414    $dir = preg_replace ('/^'.preg_quote($_SERVER['DOCUMENT_ROOT'],'/').'/','',
415                         $_SERVER['SCRIPT_FILENAME']);
416    $dir = dirname('/'.$dir);
417  }else{
418    $dir = '.'; //probably wrong
419  }
420
421  $dir = str_replace('\\','/',$dir);             // bugfix for weird WIN behaviour
422  $dir = preg_replace('#//+#','/',"/$dir/");     // ensure leading and trailing slashes
423
424  //handle script in lib/exe dir
425  $dir = preg_replace('!lib/exe/$!','',$dir);
426
427  //handle script in lib/plugins dir
428  $dir = preg_replace('!lib/plugins/.*$!','',$dir);
429
430  //finish here for relative URLs
431  return $dir;
432}
433
434function DWFCK_isWinOS() {
435  global $Config;
436  if(isset($_SERVER['WINDIR']) && $_SERVER['WINDIR']) {
437      return true;
438  }
439  elseif(stristr(PHP_OS, 'WIN') && !DWFCK_is_OS('DARWIN')) {
440     return true;
441  }
442
443  return false;
444}
445
446
447function DWFCK_is_OS($os) {
448  $os = strtolower($os);
449  $_OS = strtolower(PHP_OS);
450
451  if($os == $_OS || stristr(PHP_OS, $os) || stristr($os,PHP_OS) ) {
452        return true;
453  }
454  return false;
455}
456
457function doku_config_values() {
458  $dwphp = DOKU_INC . 'conf/dokuwiki.php';
459  if(!file_exists($dwphp)) {
460     $dwphp = DOKU_CONF . 'dokuwiki.php';
461     $localphp = DOKU_CONF . 'local.php';
462  }
463  else $localphp = DOKU_INC . 'conf/local.php';
464
465  if(file_exists($dwphp))
466  {
467  	include($dwphp);
468    if(file_exists($localphp))
469    {
470      include($localphp);
471    }
472   if(trim($conf['savedir'],'/.\/') != 'data') {
473     $conf['ckg_savedir']= $conf['savedir'];
474   }
475
476    return $conf;
477  }
478
479  return false;
480}
481
482function DWFCK_cfg_dbg($fname) {
483   global $Config;
484   global $Dwfck_conf_values;
485   $request = print_r($_REQUEST,true);
486   $request .= "\n" .  print_r($Dwfck_conf_values,true);
487   file_put_contents($fname, $Config['UserFilesAbsolutePath'] . "\r\n" . $Config['UserFilesPath'] . "\r\n" .$request ."\r\n");
488}
489
490function config_write_debug($what) {
491return;
492if(is_array($what)) {
493   $what = print_r($what,true);
494}
495$dwfckFHandle = fopen("fbrowser_dbg.txt", "a");
496fwrite($dwfckFHandle, "$what\n");
497fclose($dwfckFHandle);
498}
499?>
500