[389] | 1 | <!---
|
---|
| 2 | * FCKeditor - The text editor for internet
|
---|
| 3 | * Copyright (C) 2003-2006 Frederico Caldeira Knabben
|
---|
| 4 | *
|
---|
| 5 | * Licensed under the terms of the GNU Lesser General Public License:
|
---|
| 6 | * http://www.opensource.org/licenses/lgpl-license.php
|
---|
| 7 | *
|
---|
| 8 | * For further information visit:
|
---|
| 9 | * http://www.fckeditor.net/
|
---|
| 10 | *
|
---|
| 11 | * "Support Open Source software. What about a donation today?"
|
---|
| 12 | *
|
---|
| 13 | * File Name: upload.cfm
|
---|
| 14 | * This is the "File Uploader" for ColdFusion.
|
---|
| 15 | * Based on connector.cfm by Mark Woods (mark@thickpaddy.com)
|
---|
| 16 | *
|
---|
| 17 | * File Authors:
|
---|
| 18 | * Wim Lemmens (didgiman@gmail.com)
|
---|
| 19 | --->
|
---|
| 20 |
|
---|
| 21 | <cfinclude template="config.cfm">
|
---|
| 22 |
|
---|
| 23 | <cfparam name="url.type" default="File">
|
---|
| 24 |
|
---|
| 25 | <cffunction name="SendResults">
|
---|
| 26 | <cfargument name="errorNumber" type="numeric" required="yes">
|
---|
| 27 | <cfargument name="fileUrl" type="string" required="no" default="">
|
---|
| 28 | <cfargument name="fileName" type="string" required="no" default="">
|
---|
| 29 | <cfargument name="customMsg" type="string" required="no" default="">
|
---|
| 30 |
|
---|
| 31 | <cfoutput>
|
---|
| 32 | <script type="text/javascript">
|
---|
| 33 | window.parent.OnUploadCompleted(#errorNumber#, "#JSStringFormat(fileUrl)#", "#JSStringFormat(fileName)#", "#JSStringFormat(customMsg)#");
|
---|
| 34 | </script>
|
---|
| 35 | </cfoutput>
|
---|
| 36 |
|
---|
| 37 | <cfabort><!--- Result sent, stop processing this page --->
|
---|
| 38 | </cffunction>
|
---|
| 39 |
|
---|
| 40 | <cfif NOT config.enabled>
|
---|
| 41 | <cfset SendResults(1, '', '', 'This file uploader is disabled. Please check the "editor/filemanager/upload/cfm/config.cfm" file')>
|
---|
| 42 | <cfelse>
|
---|
| 43 | <cfscript>
|
---|
| 44 |
|
---|
| 45 | userFilesPath = config.userFilesPath;
|
---|
| 46 | lAllowedExtensions = config.allowedExtensions[url.type];
|
---|
| 47 | lDeniedExtensions = config.deniedExtensions[url.type];
|
---|
| 48 | customMsg = ''; // Can be overwritten. The last value will be sent with the result
|
---|
| 49 |
|
---|
| 50 | // make sure the user files path is correctly formatted
|
---|
| 51 | userFilesPath = replace(userFilesPath, "\", "/", "ALL");
|
---|
| 52 | userFilesPath = replace(userFilesPath, '//', '/', 'ALL');
|
---|
| 53 | if ( right(userFilesPath,1) NEQ "/" ) {
|
---|
| 54 | userFilesPath = userFilesPath & "/";
|
---|
| 55 | }
|
---|
| 56 | if ( left(userFilesPath,1) NEQ "/" ) {
|
---|
| 57 | userFilesPath = "/" & userFilesPath;
|
---|
| 58 | }
|
---|
| 59 |
|
---|
| 60 | if (find("/",getBaseTemplatePath())) {
|
---|
| 61 | fs = "/";
|
---|
| 62 | } else {
|
---|
| 63 | fs = "\";
|
---|
| 64 | }
|
---|
| 65 |
|
---|
| 66 | // Get the base physical path to the web root for this application. The code to determine the path automatically assumes that
|
---|
| 67 | // the "FCKeditor" directory in the http request path is directly off the web root for the application and that it's not a
|
---|
| 68 | // virtual directory or a symbolic link / junction. Use the serverPath config setting to force a physical path if necessary.
|
---|
| 69 | if ( len(config.serverPath) ) {
|
---|
| 70 | serverPath = config.serverPath;
|
---|
| 71 | } else {
|
---|
| 72 | serverPath = replaceNoCase(getBaseTemplatePath(),replace(cgi.script_name,"/",fs,"all"),"");
|
---|
| 73 | }
|
---|
| 74 |
|
---|
| 75 | // map the user files path to a physical directory
|
---|
| 76 | userFilesServerPath = serverPath & replace(userFilesPath,"/",fs,"all");
|
---|
| 77 | </cfscript>
|
---|
| 78 |
|
---|
| 79 | <cfset fileName = "">
|
---|
| 80 | <cfset fileExt = "">
|
---|
| 81 |
|
---|
| 82 | <cftry>
|
---|
| 83 |
|
---|
| 84 | <!--- we need to know the physical path to the current folder for all commands --->
|
---|
| 85 | <cfset currentFolderPath = userFilesServerPath & url.type & fs>
|
---|
| 86 |
|
---|
| 87 | <!--- TODO: upload to a temp directory and move file if extension is allowed --->
|
---|
| 88 |
|
---|
| 89 | <!--- first upload the file with an unique filename --->
|
---|
| 90 | <cffile action="upload"
|
---|
| 91 | fileField="NewFile"
|
---|
| 92 | destination="#currentFolderPath#"
|
---|
| 93 | nameConflict="makeunique"
|
---|
| 94 | mode="644"
|
---|
| 95 | attributes="normal">
|
---|
| 96 |
|
---|
| 97 | <cfif (Len(lAllowedExtensions) AND NOT listFindNoCase(lAllowedExtensions, cffile.ServerFileExt))
|
---|
| 98 | OR (Len(lDeniedExtensions) AND listFindNoCase(lDeniedExtensions, cffile.ServerFileExt))>
|
---|
| 99 |
|
---|
| 100 | <!--- Extension of the uploaded file is not allowed --->
|
---|
| 101 | <cfset errorNumber = "202">
|
---|
| 102 | <cffile action="delete" file="#cffile.ServerDirectory##fs##cffile.ServerFile#">
|
---|
| 103 |
|
---|
| 104 | <cfelse>
|
---|
| 105 |
|
---|
| 106 | <cfscript>
|
---|
| 107 | errorNumber = 0;
|
---|
| 108 | fileName = cffile.ClientFileName;
|
---|
| 109 | fileExt = cffile.ServerFileExt;
|
---|
| 110 |
|
---|
| 111 | // munge filename for html download. Only a-z, 0-9, _, - and . are allowed
|
---|
| 112 | if( reFind("[^A-Za-z0-9_\-\.]", fileName) ) {
|
---|
| 113 | fileName = reReplace(fileName, "[^A-Za-z0-9\-\.]", "_", "ALL");
|
---|
| 114 | fileName = reReplace(fileName, "_{2,}", "_", "ALL");
|
---|
| 115 | fileName = reReplace(fileName, "([^_]+)_+$", "\1", "ALL");
|
---|
| 116 | fileName = reReplace(fileName, "$_([^_]+)$", "\1", "ALL");
|
---|
| 117 | }
|
---|
| 118 |
|
---|
| 119 | // When the original filename already exists, add numbers (0), (1), (2), ... at the end of the filename.
|
---|
| 120 | if( compare( cffile.ServerFileName, fileName ) ) {
|
---|
| 121 | counter = 0;
|
---|
| 122 | tmpFileName = fileName;
|
---|
| 123 | while( fileExists("#currentFolderPath##fileName#.#fileExt#") ) {
|
---|
| 124 | counter = counter + 1;
|
---|
| 125 | fileName = tmpFileName & '(#counter#)';
|
---|
| 126 | }
|
---|
| 127 | }
|
---|
| 128 | </cfscript>
|
---|
| 129 |
|
---|
| 130 | <!--- Rename the uploaded file, if neccessary --->
|
---|
| 131 | <cfif compare(cffile.ServerFileName,fileName)>
|
---|
| 132 |
|
---|
| 133 | <cfset errorNumber = "201">
|
---|
| 134 | <cffile
|
---|
| 135 | action="rename"
|
---|
| 136 | source="#currentFolderPath##cffile.ServerFileName#.#cffile.ServerFileExt#"
|
---|
| 137 | destination="#currentFolderPath##fileName#.#fileExt#"
|
---|
| 138 | mode="644"
|
---|
| 139 | attributes="normal">
|
---|
| 140 |
|
---|
| 141 | </cfif>
|
---|
| 142 |
|
---|
| 143 | </cfif>
|
---|
| 144 |
|
---|
| 145 | <cfcatch type="Any">
|
---|
| 146 |
|
---|
| 147 | <cfset errorNumber = "1">
|
---|
| 148 | <cfset customMsg = "An error occured: " & cfcatch.message & " - " & cfcatch.detail>
|
---|
| 149 |
|
---|
| 150 | </cfcatch>
|
---|
| 151 |
|
---|
| 152 | </cftry>
|
---|
| 153 |
|
---|
| 154 | <cfif errorNumber EQ 0>
|
---|
| 155 | <!--- file was uploaded succesfully --->
|
---|
| 156 | <cfset SendResults(errorNumber, '#userFilesPath##url.type#/#fileName#.#fileExt#')>
|
---|
| 157 | <cfelseif errorNumber EQ 201>
|
---|
| 158 | <!--- file was changed (201), submit the new filename --->
|
---|
| 159 | <cfset SendResults(errorNumber, '#userFilesPath##url.type#/#fileName#.#fileExt#', replace( fileName & "." & fileExt, "'", "\'", "ALL"), customMsg)>
|
---|
| 160 | <cfelse>
|
---|
| 161 | <!--- An error occured(202). Submit only the error code and a message (if available). --->
|
---|
| 162 | <cfset SendResults(errorNumber, '', '', customMsg)>
|
---|
| 163 | </cfif>
|
---|
| 164 | </cfif> |
---|