1 | <!---
|
---|
2 | * FCKeditor - The text editor for internet
|
---|
3 | * Copyright (C) 2003-2006 Frederico Caldeira Knabben
|
---|
4 | *
|
---|
5 | * Licensed under the terms of the GNU Lesser General Public License:
|
---|
6 | * http://www.opensource.org/licenses/lgpl-license.php
|
---|
7 | *
|
---|
8 | * For further information visit:
|
---|
9 | * http://www.fckeditor.net/
|
---|
10 | *
|
---|
11 | * "Support Open Source software. What about a donation today?"
|
---|
12 | *
|
---|
13 | * File Name: upload.cfm
|
---|
14 | * This is the "File Uploader" for ColdFusion.
|
---|
15 | * Based on connector.cfm by Mark Woods (mark@thickpaddy.com)
|
---|
16 | *
|
---|
17 | * File Authors:
|
---|
18 | * Wim Lemmens (didgiman@gmail.com)
|
---|
19 | --->
|
---|
20 |
|
---|
21 | <cfinclude template="config.cfm">
|
---|
22 |
|
---|
23 | <cfparam name="url.type" default="File">
|
---|
24 |
|
---|
25 | <cffunction name="SendResults">
|
---|
26 | <cfargument name="errorNumber" type="numeric" required="yes">
|
---|
27 | <cfargument name="fileUrl" type="string" required="no" default="">
|
---|
28 | <cfargument name="fileName" type="string" required="no" default="">
|
---|
29 | <cfargument name="customMsg" type="string" required="no" default="">
|
---|
30 |
|
---|
31 | <cfoutput>
|
---|
32 | <script type="text/javascript">
|
---|
33 | window.parent.OnUploadCompleted(#errorNumber#, "#JSStringFormat(fileUrl)#", "#JSStringFormat(fileName)#", "#JSStringFormat(customMsg)#");
|
---|
34 | </script>
|
---|
35 | </cfoutput>
|
---|
36 |
|
---|
37 | <cfabort><!--- Result sent, stop processing this page --->
|
---|
38 | </cffunction>
|
---|
39 |
|
---|
40 | <cfif NOT config.enabled>
|
---|
41 | <cfset SendResults(1, '', '', 'This file uploader is disabled. Please check the "editor/filemanager/upload/cfm/config.cfm" file')>
|
---|
42 | <cfelse>
|
---|
43 | <cfscript>
|
---|
44 |
|
---|
45 | userFilesPath = config.userFilesPath;
|
---|
46 | lAllowedExtensions = config.allowedExtensions[url.type];
|
---|
47 | lDeniedExtensions = config.deniedExtensions[url.type];
|
---|
48 | customMsg = ''; // Can be overwritten. The last value will be sent with the result
|
---|
49 |
|
---|
50 | // make sure the user files path is correctly formatted
|
---|
51 | userFilesPath = replace(userFilesPath, "\", "/", "ALL");
|
---|
52 | userFilesPath = replace(userFilesPath, '//', '/', 'ALL');
|
---|
53 | if ( right(userFilesPath,1) NEQ "/" ) {
|
---|
54 | userFilesPath = userFilesPath & "/";
|
---|
55 | }
|
---|
56 | if ( left(userFilesPath,1) NEQ "/" ) {
|
---|
57 | userFilesPath = "/" & userFilesPath;
|
---|
58 | }
|
---|
59 |
|
---|
60 | if (find("/",getBaseTemplatePath())) {
|
---|
61 | fs = "/";
|
---|
62 | } else {
|
---|
63 | fs = "\";
|
---|
64 | }
|
---|
65 |
|
---|
66 | // Get the base physical path to the web root for this application. The code to determine the path automatically assumes that
|
---|
67 | // the "FCKeditor" directory in the http request path is directly off the web root for the application and that it's not a
|
---|
68 | // virtual directory or a symbolic link / junction. Use the serverPath config setting to force a physical path if necessary.
|
---|
69 | if ( len(config.serverPath) ) {
|
---|
70 | serverPath = config.serverPath;
|
---|
71 | } else {
|
---|
72 | serverPath = replaceNoCase(getBaseTemplatePath(),replace(cgi.script_name,"/",fs,"all"),"");
|
---|
73 | }
|
---|
74 |
|
---|
75 | // map the user files path to a physical directory
|
---|
76 | userFilesServerPath = serverPath & replace(userFilesPath,"/",fs,"all");
|
---|
77 | </cfscript>
|
---|
78 |
|
---|
79 | <cfset fileName = "">
|
---|
80 | <cfset fileExt = "">
|
---|
81 |
|
---|
82 | <cftry>
|
---|
83 |
|
---|
84 | <!--- we need to know the physical path to the current folder for all commands --->
|
---|
85 | <cfset currentFolderPath = userFilesServerPath & url.type & fs>
|
---|
86 |
|
---|
87 | <!--- TODO: upload to a temp directory and move file if extension is allowed --->
|
---|
88 |
|
---|
89 | <!--- first upload the file with an unique filename --->
|
---|
90 | <cffile action="upload"
|
---|
91 | fileField="NewFile"
|
---|
92 | destination="#currentFolderPath#"
|
---|
93 | nameConflict="makeunique"
|
---|
94 | mode="644"
|
---|
95 | attributes="normal">
|
---|
96 |
|
---|
97 | <cfif (Len(lAllowedExtensions) AND NOT listFindNoCase(lAllowedExtensions, cffile.ServerFileExt))
|
---|
98 | OR (Len(lDeniedExtensions) AND listFindNoCase(lDeniedExtensions, cffile.ServerFileExt))>
|
---|
99 |
|
---|
100 | <!--- Extension of the uploaded file is not allowed --->
|
---|
101 | <cfset errorNumber = "202">
|
---|
102 | <cffile action="delete" file="#cffile.ServerDirectory##fs##cffile.ServerFile#">
|
---|
103 |
|
---|
104 | <cfelse>
|
---|
105 |
|
---|
106 | <cfscript>
|
---|
107 | errorNumber = 0;
|
---|
108 | fileName = cffile.ClientFileName;
|
---|
109 | fileExt = cffile.ServerFileExt;
|
---|
110 |
|
---|
111 | // munge filename for html download. Only a-z, 0-9, _, - and . are allowed
|
---|
112 | if( reFind("[^A-Za-z0-9_\-\.]", fileName) ) {
|
---|
113 | fileName = reReplace(fileName, "[^A-Za-z0-9\-\.]", "_", "ALL");
|
---|
114 | fileName = reReplace(fileName, "_{2,}", "_", "ALL");
|
---|
115 | fileName = reReplace(fileName, "([^_]+)_+$", "\1", "ALL");
|
---|
116 | fileName = reReplace(fileName, "$_([^_]+)$", "\1", "ALL");
|
---|
117 | }
|
---|
118 |
|
---|
119 | // When the original filename already exists, add numbers (0), (1), (2), ... at the end of the filename.
|
---|
120 | if( compare( cffile.ServerFileName, fileName ) ) {
|
---|
121 | counter = 0;
|
---|
122 | tmpFileName = fileName;
|
---|
123 | while( fileExists("#currentFolderPath##fileName#.#fileExt#") ) {
|
---|
124 | counter = counter + 1;
|
---|
125 | fileName = tmpFileName & '(#counter#)';
|
---|
126 | }
|
---|
127 | }
|
---|
128 | </cfscript>
|
---|
129 |
|
---|
130 | <!--- Rename the uploaded file, if neccessary --->
|
---|
131 | <cfif compare(cffile.ServerFileName,fileName)>
|
---|
132 |
|
---|
133 | <cfset errorNumber = "201">
|
---|
134 | <cffile
|
---|
135 | action="rename"
|
---|
136 | source="#currentFolderPath##cffile.ServerFileName#.#cffile.ServerFileExt#"
|
---|
137 | destination="#currentFolderPath##fileName#.#fileExt#"
|
---|
138 | mode="644"
|
---|
139 | attributes="normal">
|
---|
140 |
|
---|
141 | </cfif>
|
---|
142 |
|
---|
143 | </cfif>
|
---|
144 |
|
---|
145 | <cfcatch type="Any">
|
---|
146 |
|
---|
147 | <cfset errorNumber = "1">
|
---|
148 | <cfset customMsg = "An error occured: " & cfcatch.message & " - " & cfcatch.detail>
|
---|
149 |
|
---|
150 | </cfcatch>
|
---|
151 |
|
---|
152 | </cftry>
|
---|
153 |
|
---|
154 | <cfif errorNumber EQ 0>
|
---|
155 | <!--- file was uploaded succesfully --->
|
---|
156 | <cfset SendResults(errorNumber, '#userFilesPath##url.type#/#fileName#.#fileExt#')>
|
---|
157 | <cfelseif errorNumber EQ 201>
|
---|
158 | <!--- file was changed (201), submit the new filename --->
|
---|
159 | <cfset SendResults(errorNumber, '#userFilesPath##url.type#/#fileName#.#fileExt#', replace( fileName & "." & fileExt, "'", "\'", "ALL"), customMsg)>
|
---|
160 | <cfelse>
|
---|
161 | <!--- An error occured(202). Submit only the error code and a message (if available). --->
|
---|
162 | <cfset SendResults(errorNumber, '', '', customMsg)>
|
---|
163 | </cfif>
|
---|
164 | </cfif> |
---|