Context Navigation

← Previous Change
Next Change →

connector.lasso

Timestamp:

2008-03-25 14:01:57 (8 months ago)

Author:

wwalc

Message:

Fix for #1944, backslash is disallowed in currentfolder parameter: ColdFusion, Perl, PHP, Python

Files:

: 1 modified

FCKeditor/trunk/editor/filemanager/connectors/lasso/connector.lasso (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed

FCKeditor/trunk/editor/filemanager/connectors/lasso/connector.lasso

r1791	r1797
56	56	);
57	57
	58	/*.....................................................................
	59	Custom tag sets the HTML response.
	60	*/
	61
	62	define_tag(
	63	'htmlreply',
	64	-namespace='fck_',
	65	-priority='replace',
	66	-required='uploadResult',
	67	-optional='NewFilePath',
	68	-type='string',
	69	-description='Sets the HTML response for the FCKEditor File Upload feature.'
	70	);
	71	$__html_reply__ = '\
	72	<script type="text/javascript">
	73	(function()
	74	{
	75	var d = document.domain ;
	76
	77	while ( true )
	78	{
	79	// Test if we can access a parent property.
	80	try
	81	{
	82	var test = window.top.opener.document.domain ;
	83	break ;
	84	}
	85	catch( e ) {}
	86
	87	// Remove a domain part: www.mytest.example.com => mytest.example.com => example.com ...
	88	d = d.replace( /.*?(?:\\.\|$)/, "" ) ;
	89
	90	if ( d.length == 0 )
	91	break ; // It was not able to detect the domain.
	92
	93	try
	94	{
	95	document.domain = d ;
	96	}
	97	catch (e)
	98	{
	99	break ;
	100	}
	101	}
	102	})() ;
	103	';
	104	if($uploadResult == '0' \|\| $uploadResult == '201');
	105	$__html_reply__ = $__html_reply__ + '\
	106	window.parent.OnUploadCompleted(' + $uploadResult + ',\'' + $NewFilePath + '\',\'' + $NewFilePath->split('/')->last + '\');
	107	</script>
	108	';
	109	else;
	110	$__html_reply__ = $__html_reply__ + '\
	111	window.parent.OnUploadCompleted(' + $uploadResult + ');
	112	</script>
	113	';
	114	/if;
	115	/define_tag;
	116
58	117
59	118	/*.....................................................................
…	…
64	123	var('currentFolderURL' = $ServerPath
65	124	+ $config->find('Subdirectories')->find(action_param('Type'))
66		+ ~~action_param('CurrentFolder')~~
	125	+ $CurrentFolder
67	126	);
68	127
69
	128	if($CurrentFolder->(Find: '..') \|\| $CurrentFolder->(Find: '\\'));
	129	if($Command == 'FileUpload');
	130	$responseType = 'html';
	131	$uploadResult = '102';
	132	fck_htmlreply(
	133	-uploadResult=$uploadResult
	134	);
	135	else;
	136	$errorNumber = 102;
	137	$commandData += '<Error number="' + $errorNumber + '" />\n';
	138	/if;
	139	else;
	140
70	141	/*.....................................................................
71	142	Build the appropriate response per the 'Command' parameter. Wrap the
…	…
150	221	Was a file actually uploaded?
151	222	*/
152		file_uploads->size ? $NewFile = file_uploads->get(1) \| $uploadResult = '202';
153
	223	if(file_uploads->size);
	224	$NewFile = file_uploads->get(1);
	225	else;
	226	$uploadResult = '202';
	227	/if;
	228
154	229	if($uploadResult == '0');
155	230	/*.....................................................
…	…
195	270	$OrigFilePath != $NewFilePath ? $uploadResult = 201;
196	271	case;
197		$uploadResult = ~~'202'~~;
	272	$uploadResult = file_currenterror( -errorcode);
198	273	/select;
199	274	/if;
200	275	/if;
201
202
203		/*.........................................................
204		Set the HTML response.
205		*/
206		$__html_reply__ = '\
207		<script type="text/javascript">
208		(function()
209		{
210		var d = document.domain ;
211
212		while ( true )
213		{
214		// Test if we can access a parent property.
215		try
216		{
217		var test = window.top.opener.document.domain ;
218		break ;
219		}
220		catch( e ) {}
221
222		// Remove a domain part: www.mytest.example.com => mytest.example.com => example.com ...
223		d = d.replace( /.*?(?:\\.\|$)/, "" ) ;
224
225		if ( d.length == 0 )
226		break ; // It was not able to detect the domain.
227
228		try
229		{
230		document.domain = d ;
231		}
232		catch (e)
233		{
234		break ;
235		}
236		}
237		})() ;
238		';
239		if($uploadResult == '0' \|\| $uploadResult == '201');
240		$__html_reply__ = $__html_reply__ + '\
241		window.parent.OnUploadCompleted(' + $uploadResult + ',\'' + $NewFilePath + '\',\'' + $NewFilePath->split('/')->last + '\');
242		</script>
243		';
244		else;
245		$__html_reply__ = $__html_reply__ + '\
246		window.parent.OnUploadCompleted(' + $uploadResult + ');
247		</script>
248		';
249		/if;
	276	fck_htmlreply(
	277	-uploadResult=$uploadResult,
	278	-NewFilePath=$NewFilePath
	279	);
250	280	/select;
251	281	/inline;
252
	282	/if;
253	283
254	284	/*.....................................................................
…	…
269	299	Content-Type: text/xml; charset=utf-8
270	300	[//lasso
271		/header;
272
273
274		/*.................................................................
275		Set the content type encoding for Lasso.
276		*/
	301	/header;
	302
	303	/*
	304	Set the content type encoding for Lasso.
	305	*/
277	306	content_type('text/xml; charset=utf-8');
278	307
279
280		/*.................................................................
281		Wrap the response as XML and output.
282		*/
	308	/*
	309	Wrap the response as XML and output.
	310	*/
283	311	$__html_reply__ = '\
284	312	<?xml version="1.0" encoding="utf-8" ?>
285		<Connector command="' + $Command + '" resourceType="' + $Type + '">
286		<CurrentFolder path="' + $CurrentFolder + '" url="' + $currentFolderURL + '" />
287		' + $commandData + '
288		</Connector>
289		';
	313	<Connector command="' + $Command + '" resourceType="' + $Type + '">';
	314
	315	if($errorNumber != '102');
	316	$__html_reply__ += '<CurrentFolder path="' + $CurrentFolder + '" url="' + $currentFolderURL + '" />';
	317	/if;
	318
	319	$__html_reply__ += $commandData + '
	320	</Connector>';
290	321	/if;
291	322	]

Context Navigation

Changeset 1797 for FCKeditor/trunk/editor/filemanager/connectors/lasso/connector.lasso

Legend:

FCKeditor/trunk/editor/filemanager/connectors/lasso/connector.lasso

Download in other formats: