1<?php
2/*
3 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
4 * Copyright (C) 2003-2009 Frederico Caldeira Knabben
5 *
6 * == BEGIN LICENSE ==
7 *
8 * Licensed under the terms of any of the following licenses at your
9 * choice:
10 *
11 *  - GNU General Public License Version 2 or later (the "GPL")
12 *    http://www.gnu.org/licenses/gpl.html
13 *
14 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
15 *    http://www.gnu.org/licenses/lgpl.html
16 *
17 *  - Mozilla Public License Version 1.1 or later (the "MPL")
18 *    http://www.mozilla.org/MPL/MPL-1.1.html
19 *
20 * == END LICENSE ==
21 *
22 * Configuration file for the File Manager Connector for PHP.
23 */
24
25require_once 'check_acl.php';
26if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../../../../../../../../').'/');
27
28
29global $Config ;
30global $AUTH;
31global $dwfck_client;
32global $topLevelFolder;
33global $sep;
34global $useNixStyle;
35global $Dwfck_conf_values;
36$Dwfck_conf_values = doku_config_values();
37
38$DWFCK_con_dbg = false;
39// SECURITY: You must explicitly enable this "connector". (Set it to "true").
40// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only
41//		authenticated users can access this file or use some kind of session checking.
42$Config['Enabled'] = true ;
43
44  if(isset($_REQUEST ) && isset($_REQUEST['DWFCK_Client'])) {
45     $dwfck_client = $_REQUEST['DWFCK_Client'];
46     if(!$dwfck_client) $AUTH_INI = 255;
47  }
48  else $AUTH_INI = 255;
49
50
51$Config['osDarwin'] = DWFCK_is_OS('DARWIN') ? true : false;
52
53
54/**
55
56   PATHS
57   This script will atempt to implement the two paths described below automatically.
58   But if that fails, here is what you must do.
59
60   Two Paths Required:  absolute and relative.  Both must refer to the same directory.
61   On a Windows System the Absolute Path is the complete path from the Drive Letter to the
62   userfiles directory.
63
64   The relative or UserfilesPath starts at the directory where you have your DokuWiki
65   installed and refers to the data/media directory:  /<dokuwiki>/data/media/
66   You fill in <dokuwiki> with the name of your own dokuwiki directory.  If <dokuwiki>
67   is in a subdirectory, then your relative path must begin with that subdirectory.  In other
68   words what you want here is the directory that would appear in the browser's url.
69
70   If your web site is http://my_website.org and dokuwiki is accesses as
71               http://my_website.org/dokuwiki
72  then your relative path is as above
73              /dokuwiki/data/media/
74  But if the web address is
75              http://my_website.org/software/dokuwiki
76  then your relative path is
77              /software/dokuwiki/data/media
78
79   What you want is the paths to your dokuwiki data/media directory.
80
81  On a Windows system:
82  The Absolute Path uses the Windows style with back-slashes, while the relative path uses
83  the Unix-style with forward slashes.
84  NOTE:  The PHP programming language requires two backslashes to represent a single backslash:
85    'C:\\Program Files\\. . . . \\'
86
87  Both paths must be enclosed in single quotes and both paths must end with slashes--a single
88  forward slash in the relative path and a double backslash in the Windows.  And the relative
89  path must begin with a single forward slash:
90     Windows Absolute:  'C:\\Program Files\\. . . . \\'
91     Linux/Unix Absolute:  /var/www/htdocs . . ./'
92
93     Relative on all Systems:  '/. . /data/media/'
94
95  The absolute path is assigned to  $Config['UserFilesAbsolutePath']
96  The relative path is assigned to  $Config['UserFilesPath']
97*/
98
99/**
100 Example absolute paths
101   Example absolute On Windows System:
102  $Config['UserFilesAbsolutePath'] = 'C:\\Program Files\\Apache Software Foundation\\Apache2.2\\htdocs\\dokuwiki\\data\\media\\';
103
104  Example absolute on Unix/Linux system:
105  $Config['UserFilesAbsolutePath'] = '/var/www/htdocs/dokuwiki/data/media/';
106
107*/
108
109/**
110 Example relative path
111   This is the path to user files relative to the document root.
112   This must use the Unix style path, even on a Windows system, i.e. single forward slashes
113   $Config['UserFilesPath'] = '/dokuwiki/data/media/';
114
115*/
116
117
118
119$isWindows = DWFCK_isWinOS();
120$Config['osWindows'] = $isWindows;
121$useWinStyle = false;
122$useNixStyle = false;
123$sep = $isWindows ? '\\' : '/';
124$dwfck_local = false;
125$useNixStyle=false;
126if(isset($Dwfck_conf_values['plugin']['fckg']['nix_style'])) {
127   $useNixStyle = $Dwfck_conf_values['plugin']['fckg']['nix_style'];
128}
129if(isset($_REQUEST['DWFCK_Browser']) && $_REQUEST['DWFCK_Browser'] == 'local') {
130     $useWinStyle = true;
131     $dwfck_local = true;
132	 $useNixStyle = false;
133}
134
135$Config['isWinStyle'] = $useWinStyle;
136
137if(!isset($Config['UserFilesAbsolutePath']) || !isset($Config['UserFilesPath'])) {
138   if(isset($_COOKIE['FCKConnector']) && $_COOKIE['FCKConnector'] == 'WIN') {
139      $useWinStyle = true;
140   }
141
142   if($isWindows || $useWinStyle) {
143    setupBasePathsWin();
144    if($dwfck_local) {
145     $savedir = $Dwfck_conf_values['savedir'];
146
147     if(trim($savedir,'./') != 'data') {
148        $Config['UserFilesPath'] = $savedir .'/pages/';
149        $Config['UserFilesAbsolutePath'] = $Config['UserFilesPath'];
150     }
151     else $Config['UserFilesPath'] = str_replace('/media', '/pages', $Config['UserFilesPath']);
152     if($isWindows) {
153         $Config['UserFilesAbsolutePath'] = str_replace('\\media', '\\pages', $Config['UserFilesAbsolutePath']);
154     }
155     else {
156        $Config['UserFilesAbsolutePath'] = str_replace('/media', '/pages', $Config['UserFilesAbsolutePath']);
157     }
158    }
159    if($DWFCK_con_dbg) DWFCK_cfg_dbg('win_paths.txt');
160   }
161   else {
162     setupBasePathsNix();
163     if($DWFCK_con_dbg) DWFCK_cfg_dbg('nix_paths.txt');
164   }
165
166
167}
168//$isWindows=false;
169setUpMediaPaths();
170//$isWindows=true;
171
172// Due to security issues with Apache modules, it is recommended to leave the
173// following setting enabled.
174$Config['ForceSingleExtension'] = true ;
175
176// Perform additional checks for image files.
177// If set to true, validate image size (using getimagesize).
178$Config['SecureImageUploads'] = true;
179
180// What the user can do with this connector.
181$Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder', 'GetDwfckNs', 'UnlinkFile') ;
182
183// Allowed Resource Types.
184$Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media') ;
185
186// For security, HTML is allowed in the first Kb of data for files having the
187// following extensions only.
188$Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ;
189
190// After file is uploaded, sometimes it is required to change its permissions
191// so that it was possible to access it at the later time.
192// If possible, it is recommended to set more restrictive permissions, like 0755.
193// Set to 0 to disable this feature.
194// Note: not needed on Windows-based servers.
195if(isset($Dwfck_conf_values)) {
196    $Config['ChmodOnUpload'] =  $Dwfck_conf_values['fmode'] ;
197    $Config['ChmodOnFolderCreate'] = $Dwfck_conf_values['dmode']  ;
198}
199else {
200   $Config['ChmodOnUpload'] =  0755 ;
201   $Config['ChmodOnFolderCreate'] = 0755 ;
202}
203
204// See comments above.
205// Used when creating folders that does not exist.
206
207
208
209function setupBasePathsNix() {
210  global $Config;
211    $dir = dirname(__FILE__) ;
212    $dir = preg_replace('/editor\/filemanager\/connectors\/.*/', 'userfiles/',$dir);
213    $Config['UserFilesAbsolutePath'] = $dir;
214    $document_root = $_SERVER['DOCUMENT_ROOT'];
215    $relative_dir = str_replace($document_root, "", $dir);
216    $Config['UserFilesPath'] = $relative_dir;
217}
218
219function setupBasePathsWin() {
220  global $Config;
221  global $isWindows;
222  global $useNixStyle;
223
224    $data_media = $isWindows ? 'data\\media\\' : 'data/media/';
225    if($useNixStyle) {
226    $regex = $isWindows ? '\editor\filemanager\connectors' : 'lib/plugins/fckg/fckeditor/editor/filemanager/connectors';
227	$data_media = '\\userfiles\\';
228    }
229    else {
230       $regex = $isWindows ? 'lib\plugins\fckg\fckeditor\editor\filemanager\connectors' : 'lib/plugins/fckg/fckeditor/editor/filemanager/connectors';
231     }
232    $dir = dirname(__FILE__) ;
233
234    $regex = preg_quote($regex, '/');
235
236    $dir = preg_replace('/'. $regex .'.*/', $data_media, $dir);
237
238    $Config['UserFilesAbsolutePath'] = $dir;
239
240    $base_url = getBaseURL_fck();
241    if($useNixStyle) {
242       $Config['UserFilesPath'] =  $base_url . 'lib/plugins/fckg/fckeditor/userfiles/';
243     }
244    else $Config['UserFilesPath'] =  $base_url . 'data/media/';
245
246}
247
248/**
249*   find hierarchically highest level parent namespace which allows acl CREATE
250*/
251function get_start_dir() {
252global $Config ;
253global $AUTH;
254global $AUTH_INI;
255global $sep;
256global $dwfck_client;
257 if(!$dwfck_client || $AUTH_INI == 255) return "";
258
259  if(isset($_REQUEST['DWFCK_usergrps'])) {
260      $usergrps = get_conf_array($_REQUEST['DWFCK_usergrps']);
261  }
262  else $usergrps = array();
263
264   $elems = explode(':', $_COOKIE['FCK_NmSp']);
265   array_pop($elems);
266   $ns = "";
267   $prev_auth = -1;
268   while(count($elems) > 0) {
269      $ns_tmp = implode(':',$elems);
270      $test = $ns_tmp . ':*';
271      $AUTH = auth_aclcheck($test,$dwfck_client,$usergrps);
272      if($AUTH < 4) {
273          if(!$ns) {
274             $ns = $ns_tmp;
275             break;
276          }
277           $AUTH = $prev_auth;
278           break;
279      }
280      $prev_auth = $AUTH;
281      $ns = $ns_tmp;
282      array_pop($elems);
283
284   }
285
286
287    if($ns) {
288       if(strpos($ns, ':')) {
289          return str_replace(':', '/', $ns);
290       }
291      $AUTH = auth_aclcheck(':*', $dwfck_client,$usergrps);
292
293      if($AUTH >= 8)  return "";
294      return $ns;
295    }
296    $AUTH = auth_aclcheck(':*', $dwfck_client,$usergrps);
297    return "";
298
299}
300
301function setUpMediaPaths() {
302
303  global $Config;
304  global $isWindows;
305  global $useWinStyle;
306  global $AUTH;
307  global $dwfck_client;
308  global $useNixStyle;
309
310  if($useNixStyle) {
311	$useWinStyle=false;
312	$isWindows = false;
313  }
314  $ALLOWED_MIMES = DOKU_INC . 'conf/mime.conf';
315  if(!file_exists($ALLOWED_MIMES)) {
316      $ALLOWED_MIMES = DOKU_CONF . '/mime.conf';
317      $MIMES_LOCAL = DOKU_CONF . '/mime.local.conf';
318  }
319  $out=@file($ALLOWED_MIMES,FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
320
321  if(file_exists(DOKU_INC . 'conf/mime.local.conf'))
322  {
323  	$out_local = @file(DOKU_INC . 'conf/mime.local.conf',FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
324  	$out = array_merge($out,$out_local);
325  }
326  elseif(isset($MIMES_LOCAL) && file_exists($MIMES_LOCAL)) {
327   	$out_local = @file($MIMES_LOCAL,FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
328  	$out = array_merge($out,$out_local);
329  }
330  $extensions = array();
331  $image_extensions = array();
332  foreach($out as $line) {
333      if(strpos($line,'#') ===  false) {
334         list($ext,$mtype)  = preg_split('/\s+/', $line);
335         $extensions[] = $ext;
336		 if(strpos($mtype,'image')!==false) {
337		     $image_extensions[] = $ext;
338		 }
339     }
340  }
341
342
343
344    // if !$dwfck_client then the file browser is not restricted to the client's permissions
345   if(!$dwfck_client) {
346      $unrestricted_browser = true;
347   }
348   else $unrestricted_browser = false;
349
350  if(isset($_REQUEST['DWFCK_usergrps'])) {
351      $usergrps = get_conf_array($_REQUEST['DWFCK_usergrps']);
352  }
353  else $usergrps = array();
354
355
356   $Config['AllowedExtensions']['File']	= array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv',
357      'doc', 'docx','fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg',
358      'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt',
359      'pdf', 'png', 'ppt', 'psd', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb',
360      'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif',
361      'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ;
362
363    if(count($extensions) ) {
364       $Config['AllowedExtensions']['File']	 = array_merge($Config['AllowedExtensions']['File'],$extensions);
365}
366    $Config['DeniedExtensions']['File']		= array() ;
367    $Config['AllowedExtensions']['Image']	= array_merge(array('bmp','gif','jpeg','jpg','png'),$image_extensions) ;
368    $Config['DeniedExtensions']['Image']	= array() ;
369    $Config['AllowedExtensions']['Flash']	= array('swf','flv') ;
370    $Config['DeniedExtensions']['Flash']	= array() ;
371    $Config['AllowedExtensions']['Media']	= array_merge(array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg',
372	                              'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ,$image_extensions);
373    $Config['DeniedExtensions']['Media']	= array() ;
374
375    $DWFCK_MediaTypes = array('File','Image', 'Flash','Media');
376    $DWFCK_use_acl = true;
377    if($unrestricted_browser) $DWFCK_use_acl = false;
378    $current__Folder = "";
379    if($DWFCK_use_acl && isset($_COOKIE['FCK_NmSp'])) {
380        if(strpos($_COOKIE['FCK_NmSp'], ':')) {
381          $current__Folder=get_start_dir();
382        }
383   }
384
385    $sess_id = session_id();
386    if(!isset($sess_id) || $sess_id != $_COOKIE['FCK_NmSp_acl']) {
387        session_id($_COOKIE['FCK_NmSp_acl']);
388        session_start();
389    }
390   //file_put_contents('session.txt',print_r($_SESSION,true));
391   if($_SESSION['dwfck_openfb'] == 'y') {
392          $current__Folder = "";
393   }
394
395   $topLevelFolder=$current__Folder ? $current__Folder : '/';
396   if($current__Folder) $current__Folder .= '/';
397   if($unrestricted_browser) $AUTH = 255;
398   setcookie("TopLevel", "$topLevelFolder;;$AUTH", time()+3600, '/');
399   foreach($DWFCK_MediaTypes as $type) {
400
401        $abs_type_dir = strtolower($type) . '/';
402        if($isWindows || $useWinStyle) {
403          $abs_type_dir = "";
404        }
405        else {
406           $abs_type_dir = strtolower($type) . '/';
407        }
408        $Config['FileTypesPath'][$type]		= $Config['UserFilesPath'] . $abs_type_dir; // $dir_type;
409        $Config['FileTypesAbsolutePath'][$type] = $Config['UserFilesAbsolutePath'] . $abs_type_dir; // $abs_type_dir ;
410        $Config['QuickUploadPath'][$type]		= $Config['UserFilesPath'] . $abs_type_dir; // $dir_type ;
411        $Config['QuickUploadAbsolutePath'][$type]= $Config['UserFilesAbsolutePath'] . $abs_type_dir;
412
413        $Config['FileTypesPath'][$type]		= $Config['UserFilesPath'] . $abs_type_dir; //$dir_type;
414        $Config['FileTypesAbsolutePath'][$type] = $Config['UserFilesAbsolutePath'] . $abs_type_dir ;
415
416
417    }
418
419}
420
421function getBaseURL_fck(){
422
423  if(substr($_SERVER['SCRIPT_NAME'],-4) == '.php'){
424    $dir = dirname($_SERVER['SCRIPT_NAME']);
425  }elseif(substr($_SERVER['PHP_SELF'],-4) == '.php'){
426    $dir = dirname($_SERVER['PHP_SELF']);
427  }elseif($_SERVER['DOCUMENT_ROOT'] && $_SERVER['SCRIPT_FILENAME']){
428    $dir = preg_replace ('/^'.preg_quote($_SERVER['DOCUMENT_ROOT'],'/').'/','',
429                         $_SERVER['SCRIPT_FILENAME']);
430    $dir = dirname('/'.$dir);
431  }else{
432    $dir = '.'; //probably wrong
433  }
434
435  $dir = str_replace('\\','/',$dir);             // bugfix for weird WIN behaviour
436  $dir = preg_replace('#//+#','/',"/$dir/");     // ensure leading and trailing slashes
437
438  //handle script in lib/exe dir
439  $dir = preg_replace('!lib/exe/$!','',$dir);
440
441  //handle script in lib/plugins dir
442  $dir = preg_replace('!lib/plugins/.*$!','',$dir);
443
444  //finish here for relative URLs
445  return $dir;
446}
447
448function DWFCK_isWinOS() {
449  global $Config;
450  if(isset($_SERVER['WINDIR']) && $_SERVER['WINDIR']) {
451      return true;
452  }
453  elseif(stristr(PHP_OS, 'WIN') && !DWFCK_is_OS('DARWIN')) {
454     return true;
455  }
456
457  return false;
458}
459
460
461function DWFCK_is_OS($os) {
462  $os = strtolower($os);
463  $_OS = strtolower(PHP_OS);
464
465  if($os == $_OS || stristr(PHP_OS, $os) || stristr($os,PHP_OS) ) {
466        return true;
467  }
468  return false;
469}
470
471function DWFCK_cfg_dbg($fname) {
472   global $Config;
473   global $Dwfck_conf_values;
474   $request = print_r($_REQUEST,true);
475   $cvals = print_r($Dwfck_conf_values,true);
476   file_put_contents($fname, $Config['UserFilesAbsolutePath'] . "\r\n" . $Config['UserFilesPath'] . "\r\n" .$request ."\r\n"
477      . $cvals . "\r\n");
478}
479
480function doku_config_values() {
481  $dwphp = DOKU_INC . 'conf/dokuwiki.php';
482  $localphp = DOKU_INC . 'conf/local.php';
483  if(file_exists($dwphp))
484  {
485  	include($dwphp);
486    if(file_exists($localphp))
487    {
488      include($localphp);
489    }
490    return $conf;
491  }
492
493  return false;
494}
495
496?>
497