Changeset 1041

Timestamp:

2007-10-19 10:59:07 (2 years ago)

Author:

wwalc

Message:

Fix for #1325, corrected black/white list approach + fixed some typos in comments.

Location:

FCKeditor/trunk

Files:

• editor/filemanager/connectors/asp/config.asp (modified) (7 diffs)
• editor/filemanager/connectors/cfm/config.cfm (modified) (4 diffs)
• editor/filemanager/connectors/lasso/config.lasso (modified) (1 diff)
• editor/filemanager/connectors/php/config.php (modified) (8 diffs)
• editor/filemanager/connectors/py/config.py (modified) (10 diffs)
• fckconfig.js (modified) (2 diffs)

FCKeditor/trunk/editor/filemanager/connectors/asp/config.asp

@@ -23 +23 @@
 <%
 
-' SECURITY: You must explicitelly enable this "connector" (set it to "True").
+' SECURITY: You must explicitly enable this "connector" (set it to "True").
 ' WARNING: don't just set "ConfigIsEnabled = true", you must be sure that only 
 '               authenticated users can access this file or use some kind of session checking.
@@ -35 +35 @@
 ConfigUserFilesPath = "/userfiles/"
 
-' Due to security issues with Apache modules, it is reccomended to leave the
+' Due to security issues with Apache modules, it is recommended to leave the
 ' following setting enabled.
 Dim ConfigForceSingleExtension
@@ -61 +61 @@
 '               If it is empty then no restrictions are done here.
 '
-'       For a file to be uploaded it has to fullfil both the AllowedExtensions
+'       For a file to be uploaded it has to fulfill both the AllowedExtensions
 '       and DeniedExtensions (that's it: not being denied) conditions.
 '
@@ -71 +71 @@
 '               an absolute path. 
 '               If it's an empty string then it will be autocalculated.
-'               Usefull if you are using a virtual directory, symbolic link or alias. 
+'               Useful if you are using a virtual directory, symbolic link or alias. 
 '               Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
 '               Attention: The above 'FileTypesPath' must point to the same directory.
@@ -84 +84 @@
 '               an absolute path. 
 '               If it's an empty string then it will be autocalculated.
-'               Usefull if you are using a virtual directory, symbolic link or alias. 
+'               Useful if you are using a virtual directory, symbolic link or alias. 
 '               Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
 '               Attention: The above 'QuickUploadPath' must point to the same directory.
@@ -105 +105 @@
 ConfigQuickUploadAbsolutePath.Add "File", ""
 
-ConfigAllowedExtensions.Add     "Image", "bmp|gif|jpeg|jpg|png|psd|tif|tiff"
+ConfigAllowedExtensions.Add     "Image", "bmp|gif|jpeg|jpg|png"
 ConfigDeniedExtensions.Add      "Image", ""
 ConfigFileTypesPath.Add "Image", ConfigUserFilesPath & "image/"
@@ -112 +112 @@
 ConfigQuickUploadAbsolutePath.Add "Image", ""
 
-ConfigAllowedExtensions.Add     "Flash", "swf|fla"
+ConfigAllowedExtensions.Add     "Flash", "swf|flv"
 ConfigDeniedExtensions.Add      "Flash", ""
 ConfigFileTypesPath.Add "Flash", ConfigUserFilesPath & "flash/"

FCKeditor/trunk/editor/filemanager/connectors/cfm/config.cfm

@@ -38 +38 @@
         Config.ServerPath = "" ;
 
-        // Due to security issues with Apache modules, it is reccomended to leave the
+        // Due to security issues with Apache modules, it is recommended to leave the
         // following setting enabled.
         Config.ForceSingleExtension = true ;
@@ -65 +65 @@
 //              If it is empty then no restrictions are done here.
 //
-//      For a file to be uploaded it has to fullfil both the AllowedExtensions
+//      For a file to be uploaded it has to fulfill both the AllowedExtensions
 //      and DeniedExtensions (that's it: not being denied) conditions.
 //
@@ -108 +108 @@
         Config.QuickUploadAbsolutePath["File"]  = Config.FileTypesAbsolutePath["File"] ;
 
-        Config.AllowedExtensions["Image"]               = "bmp,gif,jpeg,jpg,png,psd,tif,tiff" ;
+        Config.AllowedExtensions["Image"]               = "bmp,gif,jpeg,jpg,png" ;
         Config.DeniedExtensions["Image"]                = "" ;
         Config.FileTypesPath["Image"]                   = Config.UserFilesPath & 'image/' ;
@@ -115 +115 @@
         Config.QuickUploadAbsolutePath["Image"] = Config.FileTypesAbsolutePath["Image"] ;
 
-        Config.AllowedExtensions["Flash"]               = "swf,fla" ;
+        Config.AllowedExtensions["Flash"]               = "swf,flv" ;
         Config.DeniedExtensions["Flash"]                = "" ;
         Config.FileTypesPath["Flash"]                   = Config.UserFilesPath & 'flash/' ;

FCKeditor/trunk/editor/filemanager/connectors/lasso/config.lasso

@@ -52 +52 @@
                 'AllowedExtensions' = map(
                         'File' = array('7z','aiff','asf','avi','bmp','csv','doc','fla','flv','gif','gz','gzip','jpeg','jpg','mid','mov','mp3','mp4','mpc','mpeg','mpg','ods','odt','pdf','png','ppt','pxd','qt','ram','rar','rm','rmi','rmvb','rtf','sdc','sitd','swf','sxc','sxw','tar','tgz','tif','tiff','txt','vsd','wav','wma','wmv','xls','xml','zip'),
-                        'Image' = array('bmp','gif','jpeg','jpg','png','psd','tif','tiff'),
-                        'Flash' = array('swf','fla'),
+                        'Image' = array('bmp','gif','jpeg','jpg','png'),
+                        'Flash' = array('swf','flv'),
                         'Media' = array('aiff','asf','avi','bmp','fla','flv','gif','jpeg','jpg','mid','mov','mp3','mp4','mpc','mpeg','mpg','png','qt','ram','rm','rmi','rmvb','swf','tif','tiff','wav','wma','wmv')
                 ),

FCKeditor/trunk/editor/filemanager/connectors/php/config.php

@@ -25 +25 @@
 global $Config ;
 
-// SECURITY: You must explicitelly enable this "connector". (Set it to "true").
+// SECURITY: You must explicitly enable this "connector". (Set it to "true").
 // WARNING: don't just set "ConfigIsEnabled = true", you must be sure that only 
 //              authenticated users can access this file or use some kind of session checking.
@@ -39 +39 @@
 
 // Fill the following value it you prefer to specify the absolute path for the
-// user files directory. Usefull if you are using a virtual directory, symbolic
+// user files directory. Useful if you are using a virtual directory, symbolic
 // link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
 // Attention: The above 'UserFilesPath' must point to the same directory.
 $Config['UserFilesAbsolutePath'] = '' ;
 
-// Due to security issues with Apache modules, it is reccomended to leave the
+// Due to security issues with Apache modules, it is recommended to leave the
 // following setting enabled.
 $Config['ForceSingleExtension'] = true ;
@@ -70 +70 @@
                 If it is empty then no restrictions are done here.
 
-        For a file to be uploaded it has to fullfil both the AllowedExtensions
+        For a file to be uploaded it has to fulfill both the AllowedExtensions
         and DeniedExtensions (that's it: not being denied) conditions.
 
@@ -80 +80 @@
                 an absolute path. 
                 If it's an empty string then it will be autocalculated.
-                Usefull if you are using a virtual directory, symbolic link or alias. 
+                Useful if you are using a virtual directory, symbolic link or alias. 
                 Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
                 Attention: The above 'FileTypesPath' must point to the same directory.
@@ -93 +93 @@
                 an absolute path. 
                 If it's an empty string then it will be autocalculated.
-                Usefull if you are using a virtual directory, symbolic link or alias. 
+                Useful if you are using a virtual directory, symbolic link or alias. 
                 Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
                 Attention: The above 'QuickUploadPath' must point to the same directory.
@@ -101 +101 @@
                 "userfiles" directory to maintain backwards compatibility with older versions of FCKeditor. 
                 This is fine, but you in some cases you will be not able to browse uploaded files using file browser.
-                Example: if you clik on "image button", select "Upload" tab and send image 
+                Example: if you click on "image button", select "Upload" tab and send image 
                 to the server, image will appear in FCKeditor correctly, but because it is placed 
                 directly in /userfiles/ directory, you'll be not able to see it in built-in file browser.
@@ -121 +121 @@
 $Config['QuickUploadAbsolutePath']['File']= $Config['UserFilesAbsolutePath'] ;
 
-$Config['AllowedExtensions']['Image']   = array('bmp','gif','jpeg','jpg','png','psd','tif','tiff') ;
+$Config['AllowedExtensions']['Image']   = array('bmp','gif','jpeg','jpg','png') ;
 $Config['DeniedExtensions']['Image']    = array() ;
 $Config['FileTypesPath']['Image']               = $Config['UserFilesPath'] . 'image/' ;
@@ -128 +128 @@
 $Config['QuickUploadAbsolutePath']['Image']= $Config['UserFilesAbsolutePath'] ;
 
-$Config['AllowedExtensions']['Flash']   = array('swf','fla') ;
+$Config['AllowedExtensions']['Flash']   = array('swf','flv') ;
 $Config['DeniedExtensions']['Flash']    = array() ;
 $Config['FileTypesPath']['Flash']               = $Config['UserFilesPath'] . 'flash/' ;

FCKeditor/trunk/editor/filemanager/connectors/py/config.py

@@ -23 +23 @@
 """
 
-# INSTALLATION NOTE: You must set up your server enviroment accordingly to run 
+# INSTALLATION NOTE: You must set up your server environment accordingly to run 
 # python scripts. This connector requires Python 2.4 or greater.
 # 
@@ -29 +29 @@
 #  * WSGI (recommended): You'll need apache + mod_python + modpython_gateway 
 #                        or any web server capable of the WSGI python standard
-#  * Plain Old CGI:      Any server capable of running standartd python scripts
+#  * Plain Old CGI:      Any server capable of running standard python scripts
 #                        (although mod_python is recommended for performance)
 #                        This was the previous connector version operation mode
@@ -40 +40 @@
 
    
-# SECURITY: You must explicitelly enable this "connector". (Set it to "True").
+# SECURITY: You must explicitly enable this "connector". (Set it to "True").
 # WARNING: don't just set "ConfigIsEnabled = True", you must be sure that only 
 #               authenticated users can access this file or use some kind of session checking.
@@ -49 +49 @@
 
 # Fill the following value it you prefer to specify the absolute path for the
-# user files directory. Usefull if you are using a virtual directory, symbolic
+# user files directory. Useful if you are using a virtual directory, symbolic
 # link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
 # Attention: The above 'UserFilesPath' must point to the same directory.
@@ -56 +56 @@
 UserFilesAbsolutePath = '' 
 
-# Due to security issues with Apache modules, it is reccomended to leave the
+# Due to security issues with Apache modules, it is recommended to leave the
 # following setting enabled.
 ForceSingleExtension = True 
@@ -78 +78 @@
 #               If it is empty then no restrictions are done here.
 #
-#       For a file to be uploaded it has to fullfil both the AllowedExtensions
+#       For a file to be uploaded it has to fulfill both the AllowedExtensions
 #       and DeniedExtensions (that's it: not being denied) conditions.
 #
@@ -88 +88 @@
 #               an absolute path. 
 #               If it's an empty string then it will be autocalculated.
-#               Usefull if you are using a virtual directory, symbolic link or alias. 
+#               Useful if you are using a virtual directory, symbolic link or alias. 
 #               Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
 #               Attention: The above 'FileTypesPath' must point to the same directory.
@@ -102 +102 @@
 #               an absolute path. 
 #               If it's an empty string then it will be autocalculated.
-#               Usefull if you are using a virtual directory, symbolic link or alias. 
+#               Useful if you are using a virtual directory, symbolic link or alias. 
 #               Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
 #               Attention: The above 'QuickUploadPath' must point to the same directory.
@@ -114 +114 @@
 QuickUploadAbsolutePath['File'] = FileTypesAbsolutePath['File']
 
-AllowedExtensions['Image']              = ['bmp','gif','jpeg','jpg','png','psd','tif','tiff']
+AllowedExtensions['Image']              = ['bmp','gif','jpeg','jpg','png']
 DeniedExtensions['Image']               = []
 FileTypesPath['Image']                  = UserFilesPath + 'image/' 
@@ -121 +121 @@
 QuickUploadAbsolutePath['Image']= FileTypesAbsolutePath['Image']
 
-AllowedExtensions['Flash']              = ['swf','fla']
+AllowedExtensions['Flash']              = ['swf','flv']
 DeniedExtensions['Flash']               = []
 FileTypesPath['Flash']                  = UserFilesPath + 'flash/'

FCKeditor/trunk/fckconfig.js

@@ -286 +286 @@
 FCKConfig.LinkUpload = true ;
 FCKConfig.LinkUploadURL = FCKConfig.BasePath + 'filemanager/connectors/' + _QuickUploadLanguage + '/upload.' + _QuickUploadLanguage ;
-FCKConfig.LinkUploadAllowedExtensions   = "" ;                  // empty for all
-FCKConfig.LinkUploadDeniedExtensions    = ".(html|htm|php|php2|php3|php4|php5|phtml|pwml|inc|asp|aspx|ascx|jsp|cfm|cfc|pl|bat|exe|com|dll|vbs|js|reg|cgi|htaccess|asis|sh|shtml|shtm|phtm)$" ;  // empty for no one
+FCKConfig.LinkUploadAllowedExtensions   = ".(7z|aiff|asf|avi|bmp|csv|doc|fla|flv|gif|gz|gzip|jpeg|jpg|mid|mov|mp3|mp4|mpc|mpeg|mpg|ods|odt|pdf|png|ppt|pxd|qt|ram|rar|rm|rmi|rmvb|rtf|sdc|sitd|swf|sxc|sxw|tar|tgz|tif|tiff|txt|vsd|wav|wma|wmv|xls|xml|zip)$" ;                        // empty for all
+FCKConfig.LinkUploadDeniedExtensions    = "" ;  // empty for no one
 
 FCKConfig.ImageUpload = true ;
@@ -296 +296 @@
 FCKConfig.FlashUpload = true ;
 FCKConfig.FlashUploadURL = FCKConfig.BasePath + 'filemanager/connectors/' + _QuickUploadLanguage + '/upload.' + _QuickUploadLanguage + '?Type=Flash' ;
-FCKConfig.FlashUploadAllowedExtensions  = ".(swf|fla)$" ;               // empty for all
+FCKConfig.FlashUploadAllowedExtensions  = ".(swf|flv)$" ;               // empty for all
 FCKConfig.FlashUploadDeniedExtensions   = "" ;                                  // empty for no one