"check for a valid eGW session"

This commit is contained in:
Ralf Becker 2008-04-15 08:04:26 +00:00
parent a58cd51617
commit 256163ba98

View File

@ -1,146 +1,160 @@
<?php <?php
/* /*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net * FCKeditor - The text editor for Internet - http://www.fckeditor.net
* Copyright (C) 2003-2007 Frederico Caldeira Knabben * Copyright (C) 2003-2007 Frederico Caldeira Knabben
* *
* == BEGIN LICENSE == * == BEGIN LICENSE ==
* *
* Licensed under the terms of any of the following licenses at your * Licensed under the terms of any of the following licenses at your
* choice: * choice:
* *
* - GNU General Public License Version 2 or later (the "GPL") * - GNU General Public License Version 2 or later (the "GPL")
* http://www.gnu.org/licenses/gpl.html * http://www.gnu.org/licenses/gpl.html
* *
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL") * - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
* http://www.gnu.org/licenses/lgpl.html * http://www.gnu.org/licenses/lgpl.html
* *
* - Mozilla Public License Version 1.1 or later (the "MPL") * - Mozilla Public License Version 1.1 or later (the "MPL")
* http://www.mozilla.org/MPL/MPL-1.1.html * http://www.mozilla.org/MPL/MPL-1.1.html
* *
* == END LICENSE == * == END LICENSE ==
* *
* Configuration file for the File Manager Connector for PHP. * Configuration file for the File Manager Connector for PHP.
*/ */
global $Config ; global $Config ;
// SECURITY: You must explicitly enable this "connector". (Set it to "true"). // SECURITY: You must explicitly enable this "connector". (Set it to "true").
// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only // WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only
// authenticated users can access this file or use some kind of session checking. // authenticated users can access this file or use some kind of session checking.
$Config['Enabled'] = true ; //$Config['Enabled'] = false ;
function deny_no_egw_session(&$account)
// Path to user files relative to the document root. {
//$Config['UserFilesPath'] = '' ; die('Access denied!');
}
// Fill the following value it you prefer to specify the absolute path for the $GLOBALS['egw_info'] = array(
// user files directory. Useful if you are using a virtual directory, symbolic 'flags' => array(
// link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'. 'currentapp' => 'sitemgr',
// Attention: The above 'UserFilesPath' must point to the same directory. 'noheader' => true,
$Config['UserFilesAbsolutePath'] = '' ; 'autocreate_session_callback' => 'deny_no_egw_session',
)
// Due to security issues with Apache modules, it is recommended to leave the );
// following setting enabled. // will not continue, unless the header get's included, there is a valid eGW session and the user has sitemgr rights
$Config['ForceSingleExtension'] = true ; require('../../../../../../../header.inc.php');
$Config['Enabled'] = $GLOBALS['egw']->session->session_flags == 'N'; // disallow anonymous users
// Perform additional checks for image files
// if set to true, validate image size (using getimagesize) // Path to user files relative to the document root.
$Config['SecureImageUploads'] = true; //$Config['UserFilesPath'] = '' ;
// What the user can do with this connector // Fill the following value it you prefer to specify the absolute path for the
$Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ; // user files directory. Useful if you are using a virtual directory, symbolic
// link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
// Allowed Resource Types // Attention: The above 'UserFilesPath' must point to the same directory.
$Config['ConfigAllowedTypes'] = array('images','File', 'Image', 'Flash', 'Media') ; $Config['UserFilesAbsolutePath'] = '' ;
// For security, HTML is allowed in the first Kb of data for files having the // Due to security issues with Apache modules, it is recommended to leave the
// following extensions only. // following setting enabled.
$Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ; $Config['ForceSingleExtension'] = true ;
/* // Perform additional checks for image files
Configuration settings for each Resource Type // if set to true, validate image size (using getimagesize)
$Config['SecureImageUploads'] = true;
- AllowedExtensions: the possible extensions that can be allowed.
If it is empty then any file type can be uploaded. // What the user can do with this connector
- DeniedExtensions: The extensions that won't be allowed. $Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ;
If it is empty then no restrictions are done here.
// Allowed Resource Types
For a file to be uploaded it has to fulfill both the AllowedExtensions $Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media') ;
and DeniedExtensions (that's it: not being denied) conditions.
// For security, HTML is allowed in the first Kb of data for files having the
- FileTypesPath: the virtual folder relative to the document root where // following extensions only.
these resources will be located. $Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ;
Attention: It must start and end with a slash: '/'
/*
- FileTypesAbsolutePath: the physical path to the above folder. It must be Configuration settings for each Resource Type
an absolute path.
If it's an empty string then it will be autocalculated. - AllowedExtensions: the possible extensions that can be allowed.
Useful if you are using a virtual directory, symbolic link or alias. If it is empty then any file type can be uploaded.
Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'. - DeniedExtensions: The extensions that won't be allowed.
Attention: The above 'FileTypesPath' must point to the same directory. If it is empty then no restrictions are done here.
Attention: It must end with a slash: '/'
For a file to be uploaded it has to fulfill both the AllowedExtensions
- QuickUploadPath: the virtual folder relative to the document root where and DeniedExtensions (that's it: not being denied) conditions.
these resources will be uploaded using the Upload tab in the resources
dialogs. - FileTypesPath: the virtual folder relative to the document root where
Attention: It must start and end with a slash: '/' these resources will be located.
Attention: It must start and end with a slash: '/'
- QuickUploadAbsolutePath: the physical path to the above folder. It must be
an absolute path. - FileTypesAbsolutePath: the physical path to the above folder. It must be
If it's an empty string then it will be autocalculated. an absolute path.
Useful if you are using a virtual directory, symbolic link or alias. If it's an empty string then it will be autocalculated.
Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'. Useful if you are using a virtual directory, symbolic link or alias.
Attention: The above 'QuickUploadPath' must point to the same directory. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
Attention: It must end with a slash: '/' Attention: The above 'FileTypesPath' must point to the same directory.
Attention: It must end with a slash: '/'
NOTE: by default, QuickUploadPath and QuickUploadAbsolutePath point to
"userfiles" directory to maintain backwards compatibility with older versions of FCKeditor. - QuickUploadPath: the virtual folder relative to the document root where
This is fine, but you in some cases you will be not able to browse uploaded files using file browser. these resources will be uploaded using the Upload tab in the resources
Example: if you click on "image button", select "Upload" tab and send image dialogs.
to the server, image will appear in FCKeditor correctly, but because it is placed Attention: It must start and end with a slash: '/'
directly in /userfiles/ directory, you'll be not able to see it in built-in file browser.
The more expected behaviour would be to send images directly to "image" subfolder. - QuickUploadAbsolutePath: the physical path to the above folder. It must be
To achieve that, simply change an absolute path.
$Config['QuickUploadPath']['Image'] = $Config['UserFilesPath'] ; If it's an empty string then it will be autocalculated.
$Config['QuickUploadAbsolutePath']['Image'] = $Config['UserFilesAbsolutePath'] ; Useful if you are using a virtual directory, symbolic link or alias.
into: Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
$Config['QuickUploadPath']['Image'] = $Config['FileTypesPath']['Image'] ; Attention: The above 'QuickUploadPath' must point to the same directory.
$Config['QuickUploadAbsolutePath']['Image'] = $Config['FileTypesAbsolutePath']['Image'] ; Attention: It must end with a slash: '/'
*/ NOTE: by default, QuickUploadPath and QuickUploadAbsolutePath point to
"userfiles" directory to maintain backwards compatibility with older versions of FCKeditor.
$Config['AllowedExtensions']['File'] = array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ; This is fine, but you in some cases you will be not able to browse uploaded files using file browser.
$Config['DeniedExtensions']['File'] = array() ; Example: if you click on "image button", select "Upload" tab and send image
$Config['FileTypesPath']['File'] = $Config['UserFilesPath'] . 'file/' ; to the server, image will appear in FCKeditor correctly, but because it is placed
$Config['FileTypesAbsolutePath']['File']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'file/' ; directly in /userfiles/ directory, you'll be not able to see it in built-in file browser.
$Config['QuickUploadPath']['File'] = $Config['UserFilesPath'] ; The more expected behaviour would be to send images directly to "image" subfolder.
$Config['QuickUploadAbsolutePath']['File']= $Config['UserFilesAbsolutePath'] ; To achieve that, simply change
$Config['QuickUploadPath']['Image'] = $Config['UserFilesPath'] ;
$upload_path = $_GET['ServerPath']; $Config['QuickUploadAbsolutePath']['Image'] = $Config['UserFilesAbsolutePath'] ;
if ( !ereg('/$', $upload_path)) into:
{ $Config['QuickUploadPath']['Image'] = $Config['FileTypesPath']['Image'] ;
$upload_path .= '/' ; $Config['QuickUploadAbsolutePath']['Image'] = $Config['FileTypesAbsolutePath']['Image'] ;
}
*/
$Config['AllowedExtensions']['Image'] = array('bmp','gif','jpeg','jpg','png') ;
$Config['DeniedExtensions']['Image'] = array() ; $Config['AllowedExtensions']['File'] = array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ;
$Config['FileTypesPath']['Image'] = $upload_path; $Config['DeniedExtensions']['File'] = array() ;
$Config['FileTypesAbsolutePath']['Image']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath']; $Config['FileTypesPath']['File'] = $Config['UserFilesPath'] . 'file/' ;
$Config['QuickUploadPath']['Image'] = $upload_path; $Config['FileTypesAbsolutePath']['File']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'file/' ;
$Config['QuickUploadAbsolutePath']['Image']= $Config['UserFilesAbsolutePath'] ; $Config['QuickUploadPath']['File'] = $Config['UserFilesPath'] ;
$Config['QuickUploadAbsolutePath']['File']= $Config['UserFilesAbsolutePath'] ;
$Config['AllowedExtensions']['Flash'] = array('swf','flv') ;
$Config['DeniedExtensions']['Flash'] = array() ; $upload_path = $_GET['ServerPath'];
$Config['FileTypesPath']['Flash'] = $Config['UserFilesPath'] . 'flash/' ; if ( !ereg('/$', $upload_path))
$Config['FileTypesAbsolutePath']['Flash']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'flash/' ; {
$Config['QuickUploadPath']['Flash'] = $Config['UserFilesPath'] ; $upload_path .= '/' ;
$Config['QuickUploadAbsolutePath']['Flash']= $Config['UserFilesAbsolutePath'] ; }
$Config['AllowedExtensions']['Media'] = array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ; $Config['AllowedExtensions']['Image'] = array('bmp','gif','jpeg','jpg','png') ;
$Config['DeniedExtensions']['Media'] = array() ; $Config['DeniedExtensions']['Image'] = array() ;
$Config['FileTypesPath']['Media'] = $Config['UserFilesPath'] . 'media/' ; $Config['FileTypesPath']['Image'] = $upload_path;
$Config['FileTypesAbsolutePath']['Media']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'media/' ; $Config['FileTypesAbsolutePath']['Image']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'];
$Config['QuickUploadPath']['Media'] = $Config['UserFilesPath'] ; $Config['QuickUploadPath']['Image'] = $upload_path;
$Config['QuickUploadAbsolutePath']['Media']= $Config['UserFilesAbsolutePath'] ; $Config['QuickUploadAbsolutePath']['Image']= $Config['UserFilesAbsolutePath'] ;
?> $Config['AllowedExtensions']['Flash'] = array('swf','flv') ;
$Config['DeniedExtensions']['Flash'] = array() ;
$Config['FileTypesPath']['Flash'] = $Config['UserFilesPath'] . 'flash/' ;
$Config['FileTypesAbsolutePath']['Flash']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'flash/' ;
$Config['QuickUploadPath']['Flash'] = $Config['UserFilesPath'] ;
$Config['QuickUploadAbsolutePath']['Flash']= $Config['UserFilesAbsolutePath'] ;
$Config['AllowedExtensions']['Media'] = array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ;
$Config['DeniedExtensions']['Media'] = array() ;
$Config['FileTypesPath']['Media'] = $Config['UserFilesPath'] . 'media/' ;
$Config['FileTypesAbsolutePath']['Media']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'media/' ;
$Config['QuickUploadPath']['Media'] = $Config['UserFilesPath'] ;
$Config['QuickUploadAbsolutePath']['Media']= $Config['UserFilesAbsolutePath'] ;
?>