1<cfsetting enablecfoutputonly="yes" showdebugoutput="no"> 2<!--- 3 * FCKeditor - The text editor for Internet - http://www.fckeditor.net 4 * Copyright (C) 2003-2007 Frederico Caldeira Knabben 5 * 6 * == BEGIN LICENSE == 7 * 8 * Licensed under the terms of any of the following licenses at your 9 * choice: 10 * 11 * - GNU General Public License Version 2 or later (the "GPL") 12 * http://www.gnu.org/licenses/gpl.html 13 * 14 * - GNU Lesser General Public License Version 2.1 or later (the "LGPL") 15 * http://www.gnu.org/licenses/lgpl.html 16 * 17 * - Mozilla Public License Version 1.1 or later (the "MPL") 18 * http://www.mozilla.org/MPL/MPL-1.1.html 19 * 20 * == END LICENSE == 21 * 22 * File Browser connector for ColdFusion 5. 23 * (based on the original CF connector by Hendrik Kramer - hk@lwd.de) 24 * 25 * Note: 26 * FCKeditor requires that the connector responds with UTF-8 encoded XML. 27 * As ColdFusion 5 does not fully support UTF-8 encoding, we force ASCII 28 * file and folder names in this connector to allow CF5 send a UTF-8 29 * encoded response - code points under 127 in UTF-8 are stored using a 30 * single byte, using the same encoding as ASCII, which is damn handy. 31 * This is all grand for the English speakers, like meself, but I dunno 32 * how others are gonna take to it. Well, the previous version of this 33 * connector already did this with file names and nobody seemed to mind, 34 * so fingers-crossed nobody will mind their folder names being munged too. 35 * 36---> 37 38<cfparam name="url.command"> 39<cfparam name="url.type"> 40<cfparam name="url.currentFolder"> 41<!--- note: no serverPath url parameter - see config.cfm if you need to set the serverPath manually ---> 42 43<cfinclude template="config.cfm"> 44 45<cfscript> 46 userFilesPath = config.userFilesPath; 47 48 if ( userFilesPath eq "" ) 49 { 50 userFilesPath = "/userfiles/"; 51 } 52 53 // make sure the user files path is correctly formatted 54 userFilesPath = replace(userFilesPath, "\", "/", "ALL"); 55 userFilesPath = replace(userFilesPath, '//', '/', 'ALL'); 56 if ( right(userFilesPath,1) NEQ "/" ) 57 { 58 userFilesPath = userFilesPath & "/"; 59 } 60 if ( left(userFilesPath,1) NEQ "/" ) 61 { 62 userFilesPath = "/" & userFilesPath; 63 } 64 65 // make sure the current folder is correctly formatted 66 url.currentFolder = replace(url.currentFolder, "\", "/", "ALL"); 67 url.currentFolder = replace(url.currentFolder, '//', '/', 'ALL'); 68 if ( right(url.currentFolder,1) neq "/" ) 69 { 70 url.currentFolder = url.currentFolder & "/"; 71 } 72 if ( left(url.currentFolder,1) neq "/" ) 73 { 74 url.currentFolder = "/" & url.currentFolder; 75 } 76 77 if ( find("/",getBaseTemplatePath()) neq 0 ) 78 { 79 fs = "/"; 80 } 81 else 82 { 83 fs = "\"; 84 } 85 86 // Get the base physical path to the web root for this application. The code to determine the path automatically assumes that 87 // the "FCKeditor" directory in the http request path is directly off the web root for the application and that it's not a 88 // virtual directory or a symbolic link / junction. Use the serverPath config setting to force a physical path if necessary. 89 if ( len(config.serverPath) ) 90 { 91 serverPath = config.serverPath; 92 93 if ( right(serverPath,1) neq fs ) 94 { 95 serverPath = serverPath & fs; 96 } 97 } 98 else 99 { 100 serverPath = replaceNoCase(getBaseTemplatePath(),replace(cgi.script_name,"/",fs,"all"),"") & replace(userFilesPath,"/",fs,"all"); 101 } 102 103 rootPath = left( serverPath, Len(serverPath) - Len(userFilesPath) ) ; 104 xmlContent = ""; // append to this string to build content 105</cfscript> 106 107<cfset resourceTypeUrl = rereplace( replace( Config.FileTypesPath[url.type], fs, "/", "all"), "/$", "") > 108 109<cfif isDefined( "Config.FileTypesAbsolutePath" ) 110 and structkeyexists( Config.FileTypesAbsolutePath, url.type ) 111 and Len( Config.FileTypesAbsolutePath[url.type] )> 112 113 <cfset userFilesServerPath = Config.FileTypesAbsolutePath[url.type] & url.currentFolder> 114<cfelse> 115 <cftry> 116 <cfset userFilesServerPath = expandpath( resourceTypeUrl ) & url.currentFolder> 117 <!--- Catch: Parameter 1 of function ExpandPath must be a relative path ---> 118 <cfcatch type="any"> 119 <cfset userFilesServerPath = rootPath & Config.FileTypesPath[url.type] & url.currentFolder> 120 </cfcatch> 121 </cftry> 122</cfif> 123 124<cfset userFilesServerPath = replace( userFilesServerPath, "/", fs, "all" ) > 125<!--- get rid of double directory separators ---> 126<cfset userFilesServerPath = replace( userFilesServerPath, fs & fs, fs, "all") > 127 128<cfif not config.enabled> 129 130 <cfset xmlContent = "<Error number=""1"" text=""This connector is disabled. Please check the 'editor/filemanager/connectors/cfm/config.cfm' file"" />"> 131 132<cfelseif find("..",url.currentFolder)> 133 134 <cfset xmlContent = "<Error number=""102"" />"> 135 136<cfelseif isDefined("Config.ConfigAllowedCommands") and not ListFind(Config.ConfigAllowedCommands, url.command)> 137 138 <cfset xmlContent = '<Error number="1" text="The "' & url.command & '" command isn''t allowed" />'> 139 140<cfelseif isDefined("Config.ConfigAllowedTypes") and not ListFind(Config.ConfigAllowedTypes, url.type)> 141 142 <cfset xmlContent = '<Error number="1" text="The "' & url.type & '" type isn''t allowed" />'> 143 144</cfif> 145 146<cfset resourceTypeDirectory = left( userFilesServerPath, Len(userFilesServerPath) - Len(url.currentFolder) )> 147 148<cfif not len(xmlContent) and not directoryexists(resourceTypeDirectory)> 149 <!--- create directories in physical path if they don't already exist ---> 150 <cfset currentPath = ""> 151 <cftry> 152 <cfloop list="#resourceTypeDirectory#" index="name" delimiters="#fs#"> 153 <cfif currentPath eq "" and fs eq "\"> 154 <!--- Without checking this, we would have in Windows \C:\ ---> 155 <cfif not directoryExists(name)> 156 <cfdirectory action="create" directory="#name#" mode="755"> 157 </cfif> 158 <cfelse> 159 <cfif not directoryExists(currentPath & fs & name)> 160 <cfdirectory action="create" directory="#currentPath##fs##name#" mode="755"> 161 </cfif> 162 </cfif> 163 164 <cfif fs eq "\" and currentPath eq ""> 165 <cfset currentPath = name> 166 <cfelse> 167 <cfset currentPath = currentPath & fs & name> 168 </cfif> 169 </cfloop> 170 171 <cfcatch type="any"> 172 173 <!--- this should only occur as a result of a permissions problem ---> 174 <cfset xmlContent = "<Error number=""103"" />"> 175 176 </cfcatch> 177 178 </cftry> 179</cfif> 180 181<cfif not len(xmlContent)> 182 183 <!--- no errors thus far - run command ---> 184 185 <!--- we need to know the physical path to the current folder for all commands ---> 186 <cfset currentFolderPath = userFilesServerPath> 187 188 <cfswitch expression="#url.command#"> 189 190 <cfcase value="FileUpload"> 191 <cfset config_included = true > 192 <cfinclude template="cf5_upload.cfm"> 193 <cfabort> 194 </cfcase> 195 196 197 <cfcase value="GetFolders"> 198 199 <!--- Sort directories first, name ascending ---> 200 <cfdirectory 201 action="list" 202 directory="#currentFolderPath#" 203 name="qDir" 204 sort="type,name"> 205 206 <cfscript> 207 i=1; 208 folders = ""; 209 while( i lte qDir.recordCount ) { 210 if( not compareNoCase( qDir.type[i], "FILE" )) 211 break; 212 if( not listFind(".,..", qDir.name[i]) ) 213 folders = folders & '<Folder name="#HTMLEditFormat( qDir.name[i] )#" />'; 214 i=i+1; 215 } 216 217 xmlContent = xmlContent & '<Folders>' & folders & '</Folders>'; 218 </cfscript> 219 220 </cfcase> 221 222 223 <cfcase value="GetFoldersAndFiles"> 224 225 <!--- Sort directories first, name ascending ---> 226 <cfdirectory 227 action="list" 228 directory="#currentFolderPath#" 229 name="qDir" 230 sort="type,name"> 231 232 <cfscript> 233 i=1; 234 folders = ""; 235 files = ""; 236 while( i lte qDir.recordCount ) { 237 if( not compareNoCase( qDir.type[i], "DIR" ) and not listFind(".,..", qDir.name[i]) ) { 238 folders = folders & '<Folder name="#HTMLEditFormat(qDir.name[i])#" />'; 239 } else if( not compareNoCase( qDir.type[i], "FILE" ) ) { 240 fileSizeKB = round(qDir.size[i] / 1024); 241 files = files & '<File name="#HTMLEditFormat(qDir.name[i])#" size="#IIf( fileSizeKB GT 0, DE( fileSizeKB ), 1)#" />'; 242 } 243 i=i+1; 244 } 245 246 xmlContent = xmlContent & '<Folders>' & folders & '</Folders>'; 247 xmlContent = xmlContent & '<Files>' & files & '</Files>'; 248 </cfscript> 249 250 </cfcase> 251 252 253 <cfcase value="CreateFolder"> 254 255 <cfparam name="url.newFolderName" default=""> 256 257 <cfscript> 258 newFolderName = url.newFolderName; 259 if( reFind("[^A-Za-z0-9_\-\.]", newFolderName) ) { 260 // Munge folder name same way as we do the filename 261 // This means folder names are always US-ASCII so we don't have to worry about CF5 and UTF-8 262 newFolderName = reReplace(newFolderName, "[^A-Za-z0-9\-\.]", "_", "all"); 263 newFolderName = reReplace(newFolderName, "_{2,}", "_", "all"); 264 newFolderName = reReplace(newFolderName, "([^_]+)_+$", "\1", "all"); 265 newFolderName = reReplace(newFolderName, "$_([^_]+)$", "\1", "all"); 266 } 267 </cfscript> 268 269 <cfif not len(newFolderName) or len(newFolderName) gt 255> 270 <cfset errorNumber = 102> 271 <cfelseif directoryExists(currentFolderPath & newFolderName)> 272 <cfset errorNumber = 101> 273 <cfelseif reFind("^\.\.",newFolderName)> 274 <cfset errorNumber = 103> 275 <cfelse> 276 <cfset errorNumber = 0> 277 278 <cftry> 279 <cfdirectory 280 action="create" 281 directory="#currentFolderPath##newFolderName#" 282 mode="755"> 283 <cfcatch> 284 <!--- 285 un-resolvable error numbers in ColdFusion: 286 * 102 : Invalid folder name. 287 * 103 : You have no permissions to create the folder. 288 ---> 289 <cfset errorNumber = 110> 290 </cfcatch> 291 </cftry> 292 </cfif> 293 294 <cfset xmlContent = xmlContent & '<Error number="#errorNumber#" />'> 295 296 </cfcase> 297 298 <cfdefaultcase> 299 <cfthrow type="fckeditor.connector" message="Illegal command: #url.command#"> 300 </cfdefaultcase> 301 302 </cfswitch> 303</cfif> 304 305<cfscript> 306 xmlHeader = '<?xml version="1.0" encoding="utf-8" ?><Connector command="#url.command#" resourceType="#url.type#">'; 307 xmlHeader = xmlHeader & '<CurrentFolder path="#url.currentFolder#" url="#resourceTypeUrl##url.currentFolder#" />'; 308 xmlFooter = '</Connector>'; 309</cfscript> 310 311<cfheader name="Expires" value="#GetHttpTimeString(Now())#"> 312<cfheader name="Pragma" value="no-cache"> 313<cfheader name="Cache-Control" value="no-cache, no-store, must-revalidate"> 314<cfcontent reset="true" type="text/xml; charset=UTF-8"> 315<cfoutput>#xmlHeader##xmlContent##xmlFooter#</cfoutput> 316