1<!--- 2 * FCKeditor - The text editor for Internet - http://www.fckeditor.net 3 * Copyright (C) 2003-2007 Frederico Caldeira Knabben 4 * 5 * == BEGIN LICENSE == 6 * 7 * Licensed under the terms of any of the following licenses at your 8 * choice: 9 * 10 * - GNU General Public License Version 2 or later (the "GPL") 11 * http://www.gnu.org/licenses/gpl.html 12 * 13 * - GNU Lesser General Public License Version 2.1 or later (the "LGPL") 14 * http://www.gnu.org/licenses/lgpl.html 15 * 16 * - Mozilla Public License Version 1.1 or later (the "MPL") 17 * http://www.mozilla.org/MPL/MPL-1.1.html 18 * 19 * == END LICENSE == 20 * 21 * This is the "File Uploader" for ColdFusion. 22 * Based on connector.cfm by Mark Woods (mark@thickpaddy.com) 23---> 24 25<cfinclude template="config.cfm"> 26 27<cfparam name="url.type" default="File"> 28 29<cffunction name="SendResults"> 30 <cfargument name="errorNumber" type="numeric" required="yes"> 31 <cfargument name="fileUrl" type="string" required="no" default=""> 32 <cfargument name="fileName" type="string" required="no" default=""> 33 <cfargument name="customMsg" type="string" required="no" default=""> 34 35 <cfoutput> 36 <script type="text/javascript"> 37 window.parent.OnUploadCompleted(#errorNumber#, "#JSStringFormat(fileUrl)#", "#JSStringFormat(fileName)#", "#JSStringFormat(customMsg)#"); 38 </script> 39 </cfoutput> 40 41 <cfabort><!--- Result sent, stop processing this page ---> 42</cffunction> 43 44<cfif NOT config.enabled> 45 <cfset SendResults(1, '', '', 'This file uploader is disabled. Please check the "editor/filemanager/upload/cfm/config.cfm" file')> 46<cfelse> 47 <cfscript> 48 49 userFilesPath = config.userFilesPath; 50 lAllowedExtensions = config.allowedExtensions[url.type]; 51 lDeniedExtensions = config.deniedExtensions[url.type]; 52 customMsg = ''; // Can be overwritten. The last value will be sent with the result 53 54 // make sure the user files path is correctly formatted 55 userFilesPath = replace(userFilesPath, "\", "/", "ALL"); 56 userFilesPath = replace(userFilesPath, '//', '/', 'ALL'); 57 if ( right(userFilesPath,1) NEQ "/" ) { 58 userFilesPath = userFilesPath & "/"; 59 } 60 if ( left(userFilesPath,1) NEQ "/" ) { 61 userFilesPath = "/" & userFilesPath; 62 } 63 64 if (find("/",getBaseTemplatePath())) { 65 fs = "/"; 66 } else { 67 fs = "\"; 68 } 69 70 // Get the base physical path to the web root for this application. The code to determine the path automatically assumes that 71 // the "FCKeditor" directory in the http request path is directly off the web root for the application and that it's not a 72 // virtual directory or a symbolic link / junction. Use the serverPath config setting to force a physical path if necessary. 73 if ( len(config.serverPath) ) { 74 serverPath = config.serverPath; 75 } else { 76 serverPath = replaceNoCase(getBaseTemplatePath(),replace(cgi.script_name,"/",fs,"all"),""); 77 } 78 79 // map the user files path to a physical directory 80 userFilesServerPath = serverPath & replace(userFilesPath,"/",fs,"all"); 81 </cfscript> 82 83 <cfset fileName = ""> 84 <cfset fileExt = ""> 85 86 <cftry> 87 88 <!--- we need to know the physical path to the current folder for all commands ---> 89 <cfset currentFolderPath = userFilesServerPath & url.type & fs> 90 91 <!--- TODO: upload to a temp directory and move file if extension is allowed ---> 92 93 <!--- first upload the file with an unique filename ---> 94 <cffile action="upload" 95 fileField="NewFile" 96 destination="#currentFolderPath#" 97 nameConflict="makeunique" 98 mode="644" 99 attributes="normal"> 100 101 <cfif (Len(lAllowedExtensions) AND NOT listFindNoCase(lAllowedExtensions, cffile.ServerFileExt)) 102 OR (Len(lDeniedExtensions) AND listFindNoCase(lDeniedExtensions, cffile.ServerFileExt))> 103 104 <!--- Extension of the uploaded file is not allowed ---> 105 <cfset errorNumber = "202"> 106 <cffile action="delete" file="#cffile.ServerDirectory##fs##cffile.ServerFile#"> 107 108 <cfelse> 109 110 <cfscript> 111 errorNumber = 0; 112 fileName = cffile.ClientFileName; 113 fileExt = cffile.ServerFileExt; 114 115 // munge filename for html download. Only a-z, 0-9, _, - and . are allowed 116 if( reFind("[^A-Za-z0-9_\-\.]", fileName) ) { 117 fileName = reReplace(fileName, "[^A-Za-z0-9\-\.]", "_", "ALL"); 118 fileName = reReplace(fileName, "_{2,}", "_", "ALL"); 119 fileName = reReplace(fileName, "([^_]+)_+$", "\1", "ALL"); 120 fileName = reReplace(fileName, "$_([^_]+)$", "\1", "ALL"); 121 } 122 123 // When the original filename already exists, add numbers (0), (1), (2), ... at the end of the filename. 124 if( compare( cffile.ServerFileName, fileName ) ) { 125 counter = 0; 126 tmpFileName = fileName; 127 while( fileExists("#currentFolderPath##fileName#.#fileExt#") ) { 128 counter = counter + 1; 129 fileName = tmpFileName & '(#counter#)'; 130 } 131 } 132 </cfscript> 133 134 <!--- Rename the uploaded file, if neccessary ---> 135 <cfif compare(cffile.ServerFileName,fileName)> 136 137 <cfset errorNumber = "201"> 138 <cffile 139 action="rename" 140 source="#currentFolderPath##cffile.ServerFileName#.#cffile.ServerFileExt#" 141 destination="#currentFolderPath##fileName#.#fileExt#" 142 mode="644" 143 attributes="normal"> 144 145 </cfif> 146 147 </cfif> 148 149 <cfcatch type="Any"> 150 151 <cfset errorNumber = "1"> 152 <cfset customMsg = "An error occured: " & cfcatch.message & " - " & cfcatch.detail> 153 154 </cfcatch> 155 156 </cftry> 157 158 <cfif errorNumber EQ 0> 159 <!--- file was uploaded succesfully ---> 160 <cfset SendResults(errorNumber, '#userFilesPath##url.type#/#fileName#.#fileExt#')> 161 <cfelseif errorNumber EQ 201> 162 <!--- file was changed (201), submit the new filename ---> 163 <cfset SendResults(errorNumber, '#userFilesPath##url.type#/#fileName#.#fileExt#', replace( fileName & "." & fileExt, "'", "\'", "ALL"), customMsg)> 164 <cfelse> 165 <!--- An error occured(202). Submit only the error code and a message (if available). ---> 166 <cfset SendResults(errorNumber, '', '', customMsg)> 167 </cfif> 168</cfif>