Changeset 310

Timestamp:

2007-05-18 23:42:43 (3 years ago)

Author:

alfonsoml

Message:

Deny the upload of "sh", "shtml", "shtm" and "phtm". Issue #273. Patch for trunk

Location:

FCKeditor/trunk

Files:

• editor/filemanager/browser/default/connectors/asp/config.asp (modified) (1 diff)
• editor/filemanager/browser/default/connectors/cfm/config.cfm (modified) (1 diff)
• editor/filemanager/browser/default/connectors/lasso/config.lasso (modified) (1 diff)
• editor/filemanager/browser/default/connectors/php/config.php (modified) (1 diff)
• editor/filemanager/browser/default/connectors/py/connector.py (modified) (1 diff)
• editor/filemanager/upload/asp/config.asp (modified) (1 diff)
• editor/filemanager/upload/cfm/config.cfm (modified) (1 diff)
• editor/filemanager/upload/lasso/config.lasso (modified) (1 diff)
• editor/filemanager/upload/php/config.php (modified) (1 diff)
• fckconfig.js (modified) (1 diff)
• _whatsnew.html (modified) (1 diff)

FCKeditor/trunk/editor/filemanager/browser/default/connectors/asp/config.asp

@@ -36 +36 @@
 
 ConfigAllowedExtensions.Add     "File", ""
-ConfigDeniedExtensions.Add      "File", "html|htm|php|php2|php3|php4|php5|phtml|pwml|inc|asp|aspx|ascx|jsp|cfm|cfc|pl|bat|exe|com|dll|vbs|js|reg|cgi|htaccess|asis"
+ConfigDeniedExtensions.Add      "File", "html|htm|php|php2|php3|php4|php5|phtml|pwml|inc|asp|aspx|ascx|jsp|cfm|cfc|pl|bat|exe|com|dll|vbs|js|reg|cgi|htaccess|asis|sh|shtml|shtm|phtm"
 
 ConfigAllowedExtensions.Add     "Image", "jpg|gif|jpeg|png|bmp"

FCKeditor/trunk/editor/filemanager/browser/default/connectors/cfm/config.cfm

@@ -35 +35 @@
         // config.allowedExtensions["File"] = "doc,rtf,pdf,ppt,pps,xls,csv,vnd,zip";
         config.allowedExtensions["File"] = "";
-        config.deniedExtensions["File"] = "html,htm,php,php2,php3,php4,php5,phtml,pwml,inc,asp,aspx,ascx,jsp,cfm,cfc,pl,bat,exe,com,dll,vbs,js,reg,cgi,htaccess,asis";
+        config.deniedExtensions["File"] = "html,htm,php,php2,php3,php4,php5,phtml,pwml,inc,asp,aspx,ascx,jsp,cfm,cfc,pl,bat,exe,com,dll,vbs,js,reg,cgi,htaccess,asis,sh,shtml,shtm,phtm";
 
         config.allowedExtensions["Image"] = "png,gif,jpg,jpeg,bmp";

FCKeditor/trunk/editor/filemanager/browser/default/connectors/lasso/config.lasso

@@ -57 +57 @@
                 ),
                 'DeniedExtensions' = map(
-                        'File' = array('html','htm','php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi','lasso','lassoapp','htaccess','asis'),
+                        'File' = array('html','htm','php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi','lasso','lassoapp','htaccess','asis','sh','shtml','shtm','phtm'),
                         'Image' = array(),
                         'Flash' = array(),

FCKeditor/trunk/editor/filemanager/browser/default/connectors/php/config.php

@@ -47 +47 @@
 
 $Config['AllowedExtensions']['File']    = array() ;
-$Config['DeniedExtensions']['File']             = array('html','htm','php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi','htaccess','asis') ;
+$Config['DeniedExtensions']['File']             = array('html','htm','php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi','htaccess','asis','sh','shtml','shtm','phtm') ;
 
 $Config['AllowedExtensions']['Image']   = array('jpg','gif','jpeg','png') ;

FCKeditor/trunk/editor/filemanager/browser/default/connectors/py/connector.py

@@ -178 +178 @@
                                 }
                 self.deniedExtensions = {
-                                "File": [ "html","htm","php","php2","php3","php4","php5","phtml","pwml","inc","asp","aspx","ascx","jsp","cfm","cfc","pl","bat","exe","com","dll","vbs","js","reg","cgi","htaccess","asis" ],
-                                "Image": [ "html","htm","php","php2","php3","php4","php5","phtml","pwml","inc","asp","aspx","ascx","jsp","cfm","cfc","pl","bat","exe","com","dll","vbs","js","reg","cgi","htaccess","asis" ],
-                                "Flash": [ "html","htm","php","php2","php3","php4","php5","phtml","pwml","inc","asp","aspx","ascx","jsp","cfm","cfc","pl","bat","exe","com","dll","vbs","js","reg","cgi","htaccess","asis" ],
-                                "Media": [ "html","htm","php","php2","php3","php4","php5","phtml","pwml","inc","asp","aspx","ascx","jsp","cfm","cfc","pl","bat","exe","com","dll","vbs","js","reg","cgi","htaccess","asis" ]
+                                "File": [ "html","htm","php","php2","php3","php4","php5","phtml","pwml","inc","asp","aspx","ascx","jsp","cfm","cfc","pl","bat","exe","com","dll","vbs","js","reg","cgi","htaccess","asis","sh","shtml","shtm","phtm" ],
+                                "Image": [ "html","htm","php","php2","php3","php4","php5","phtml","pwml","inc","asp","aspx","ascx","jsp","cfm","cfc","pl","bat","exe","com","dll","vbs","js","reg","cgi","htaccess","asis","sh","shtml","shtm","phtm" ],
+                                "Flash": [ "html","htm","php","php2","php3","php4","php5","phtml","pwml","inc","asp","aspx","ascx","jsp","cfm","cfc","pl","bat","exe","com","dll","vbs","js","reg","cgi","htaccess","asis","sh","shtml","shtm","phtm" ],
+                                "Media": [ "html","htm","php","php2","php3","php4","php5","phtml","pwml","inc","asp","aspx","ascx","jsp","cfm","cfc","pl","bat","exe","com","dll","vbs","js","reg","cgi","htaccess","asis","sh","shtml","shtm","phtm" ]
                                 }
 

FCKeditor/trunk/editor/filemanager/upload/asp/config.asp

@@ -42 +42 @@
 
 ConfigAllowedExtensions.Add     "File", ""
-ConfigDeniedExtensions.Add      "File", "html|htm|php|php2|php3|php4|php5|phtml|pwml|inc|asp|aspx|ascx|jsp|cfm|cfc|pl|bat|exe|com|dll|vbs|js|reg|cgi|htaccess|asis"
+ConfigDeniedExtensions.Add      "File", "html|htm|php|php2|php3|php4|php5|phtml|pwml|inc|asp|aspx|ascx|jsp|cfm|cfc|pl|bat|exe|com|dll|vbs|js|reg|cgi|htaccess|asis|sh|shtml|shtm|phtm"
 
 ConfigAllowedExtensions.Add     "Image", "jpg|gif|jpeg|png|bmp"

FCKeditor/trunk/editor/filemanager/upload/cfm/config.cfm

@@ -37 +37 @@
 
         config.allowedExtensions["File"] = "";
-        config.deniedExtensions["File"] = "html,htm,php,php2,php3,php4,php5,phtml,pwml,inc,asp,aspx,ascx,jsp,cfm,cfc,pl,bat,exe,com,dll,vbs,js,reg,cgi,htaccess,asis";
+        config.deniedExtensions["File"] = "html,htm,php,php2,php3,php4,php5,phtml,pwml,inc,asp,aspx,ascx,jsp,cfm,cfc,pl,bat,exe,com,dll,vbs,js,reg,cgi,htaccess,asis,sh,shtml,shtm,phtm";
 
         config.allowedExtensions["Image"] = "png,gif,jpg,jpeg,bmp";

FCKeditor/trunk/editor/filemanager/upload/lasso/config.lasso

@@ -57 +57 @@
                 ),
                 'DeniedExtensions' = map(
-                        'File' = array('html','htm','php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi','lasso','lassoapp','htaccess','asis'),
+                        'File' = array('html','htm','php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi','lasso','lassoapp','htaccess','asis','sh','shtml','shtm','phtm'),
                         'Image' = array(),
                         'Flash' = array(),

FCKeditor/trunk/editor/filemanager/upload/php/config.php

@@ -46 +46 @@
 
 $Config['AllowedExtensions']['File']    = array() ;
-$Config['DeniedExtensions']['File']             = array('html','htm','php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi','htaccess','asis') ;
+$Config['DeniedExtensions']['File']             = array('html','htm','php','php2','php3','php4','php5','phtml','pwml','inc','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','com','dll','vbs','js','reg','cgi','htaccess','asis','sh','shtml','shtm','phtm') ;
 
 $Config['AllowedExtensions']['Image']   = array('jpg','gif','jpeg','png') ;

FCKeditor/trunk/fckconfig.js

@@ -213 +213 @@
 FCKConfig.LinkUploadURL = FCKConfig.BasePath + 'filemanager/upload/' + _QuickUploadLanguage + '/upload.' + _QuickUploadLanguage ;
 FCKConfig.LinkUploadAllowedExtensions   = "" ;                  // empty for all
-FCKConfig.LinkUploadDeniedExtensions    = ".(html|htm|php|php2|php3|php4|php5|phtml|pwml|inc|asp|aspx|ascx|jsp|cfm|cfc|pl|bat|exe|com|dll|vbs|js|reg|cgi|htaccess|asis)$" ;     // empty for no one
+FCKConfig.LinkUploadDeniedExtensions    = ".(html|htm|php|php2|php3|php4|php5|phtml|pwml|inc|asp|aspx|ascx|jsp|cfm|cfc|pl|bat|exe|com|dll|vbs|js|reg|cgi|htaccess|asis|sh|shtml|shtm|phtm)$" ;  // empty for no one
 
 FCKConfig.ImageUpload = true ;

FCKeditor/trunk/_whatsnew.html

@@ -91 +91 @@
                         not create invalid nested block elements, like creating <form> or <hr>
                         inside &lt;p&gt;.</li>
+                <li>>[<a target="_blank" href="http://dev.fckeditor.net/ticket/273">#273</a>] The extensions 
+                        "sh", "shtml", "shtm" and "phtm" have been added to the list of denied extensions on 
+                        upload.</li>
         </ul>
         <h3>