mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-09 07:28:43 +01:00
"check for a valid eGW session"
This commit is contained in:
parent
a58cd51617
commit
256163ba98
@ -1,146 +1,160 @@
|
||||
<?php
|
||||
/*
|
||||
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
|
||||
* Copyright (C) 2003-2007 Frederico Caldeira Knabben
|
||||
*
|
||||
* == BEGIN LICENSE ==
|
||||
*
|
||||
* Licensed under the terms of any of the following licenses at your
|
||||
* choice:
|
||||
*
|
||||
* - GNU General Public License Version 2 or later (the "GPL")
|
||||
* http://www.gnu.org/licenses/gpl.html
|
||||
*
|
||||
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
|
||||
* http://www.gnu.org/licenses/lgpl.html
|
||||
*
|
||||
* - Mozilla Public License Version 1.1 or later (the "MPL")
|
||||
* http://www.mozilla.org/MPL/MPL-1.1.html
|
||||
*
|
||||
* == END LICENSE ==
|
||||
*
|
||||
* Configuration file for the File Manager Connector for PHP.
|
||||
*/
|
||||
|
||||
global $Config ;
|
||||
|
||||
// SECURITY: You must explicitly enable this "connector". (Set it to "true").
|
||||
// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only
|
||||
// authenticated users can access this file or use some kind of session checking.
|
||||
$Config['Enabled'] = true ;
|
||||
|
||||
|
||||
// Path to user files relative to the document root.
|
||||
//$Config['UserFilesPath'] = '' ;
|
||||
|
||||
// Fill the following value it you prefer to specify the absolute path for the
|
||||
// user files directory. Useful if you are using a virtual directory, symbolic
|
||||
// link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
|
||||
// Attention: The above 'UserFilesPath' must point to the same directory.
|
||||
$Config['UserFilesAbsolutePath'] = '' ;
|
||||
|
||||
// Due to security issues with Apache modules, it is recommended to leave the
|
||||
// following setting enabled.
|
||||
$Config['ForceSingleExtension'] = true ;
|
||||
|
||||
// Perform additional checks for image files
|
||||
// if set to true, validate image size (using getimagesize)
|
||||
$Config['SecureImageUploads'] = true;
|
||||
|
||||
// What the user can do with this connector
|
||||
$Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ;
|
||||
|
||||
// Allowed Resource Types
|
||||
$Config['ConfigAllowedTypes'] = array('images','File', 'Image', 'Flash', 'Media') ;
|
||||
|
||||
// For security, HTML is allowed in the first Kb of data for files having the
|
||||
// following extensions only.
|
||||
$Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ;
|
||||
|
||||
/*
|
||||
Configuration settings for each Resource Type
|
||||
|
||||
- AllowedExtensions: the possible extensions that can be allowed.
|
||||
If it is empty then any file type can be uploaded.
|
||||
- DeniedExtensions: The extensions that won't be allowed.
|
||||
If it is empty then no restrictions are done here.
|
||||
|
||||
For a file to be uploaded it has to fulfill both the AllowedExtensions
|
||||
and DeniedExtensions (that's it: not being denied) conditions.
|
||||
|
||||
- FileTypesPath: the virtual folder relative to the document root where
|
||||
these resources will be located.
|
||||
Attention: It must start and end with a slash: '/'
|
||||
|
||||
- FileTypesAbsolutePath: the physical path to the above folder. It must be
|
||||
an absolute path.
|
||||
If it's an empty string then it will be autocalculated.
|
||||
Useful if you are using a virtual directory, symbolic link or alias.
|
||||
Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
|
||||
Attention: The above 'FileTypesPath' must point to the same directory.
|
||||
Attention: It must end with a slash: '/'
|
||||
|
||||
- QuickUploadPath: the virtual folder relative to the document root where
|
||||
these resources will be uploaded using the Upload tab in the resources
|
||||
dialogs.
|
||||
Attention: It must start and end with a slash: '/'
|
||||
|
||||
- QuickUploadAbsolutePath: the physical path to the above folder. It must be
|
||||
an absolute path.
|
||||
If it's an empty string then it will be autocalculated.
|
||||
Useful if you are using a virtual directory, symbolic link or alias.
|
||||
Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
|
||||
Attention: The above 'QuickUploadPath' must point to the same directory.
|
||||
Attention: It must end with a slash: '/'
|
||||
|
||||
NOTE: by default, QuickUploadPath and QuickUploadAbsolutePath point to
|
||||
"userfiles" directory to maintain backwards compatibility with older versions of FCKeditor.
|
||||
This is fine, but you in some cases you will be not able to browse uploaded files using file browser.
|
||||
Example: if you click on "image button", select "Upload" tab and send image
|
||||
to the server, image will appear in FCKeditor correctly, but because it is placed
|
||||
directly in /userfiles/ directory, you'll be not able to see it in built-in file browser.
|
||||
The more expected behaviour would be to send images directly to "image" subfolder.
|
||||
To achieve that, simply change
|
||||
$Config['QuickUploadPath']['Image'] = $Config['UserFilesPath'] ;
|
||||
$Config['QuickUploadAbsolutePath']['Image'] = $Config['UserFilesAbsolutePath'] ;
|
||||
into:
|
||||
$Config['QuickUploadPath']['Image'] = $Config['FileTypesPath']['Image'] ;
|
||||
$Config['QuickUploadAbsolutePath']['Image'] = $Config['FileTypesAbsolutePath']['Image'] ;
|
||||
|
||||
*/
|
||||
|
||||
$Config['AllowedExtensions']['File'] = array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ;
|
||||
$Config['DeniedExtensions']['File'] = array() ;
|
||||
$Config['FileTypesPath']['File'] = $Config['UserFilesPath'] . 'file/' ;
|
||||
$Config['FileTypesAbsolutePath']['File']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'file/' ;
|
||||
$Config['QuickUploadPath']['File'] = $Config['UserFilesPath'] ;
|
||||
$Config['QuickUploadAbsolutePath']['File']= $Config['UserFilesAbsolutePath'] ;
|
||||
|
||||
$upload_path = $_GET['ServerPath'];
|
||||
if ( !ereg('/$', $upload_path))
|
||||
{
|
||||
$upload_path .= '/' ;
|
||||
}
|
||||
|
||||
$Config['AllowedExtensions']['Image'] = array('bmp','gif','jpeg','jpg','png') ;
|
||||
$Config['DeniedExtensions']['Image'] = array() ;
|
||||
$Config['FileTypesPath']['Image'] = $upload_path;
|
||||
$Config['FileTypesAbsolutePath']['Image']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'];
|
||||
$Config['QuickUploadPath']['Image'] = $upload_path;
|
||||
$Config['QuickUploadAbsolutePath']['Image']= $Config['UserFilesAbsolutePath'] ;
|
||||
|
||||
$Config['AllowedExtensions']['Flash'] = array('swf','flv') ;
|
||||
$Config['DeniedExtensions']['Flash'] = array() ;
|
||||
$Config['FileTypesPath']['Flash'] = $Config['UserFilesPath'] . 'flash/' ;
|
||||
$Config['FileTypesAbsolutePath']['Flash']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'flash/' ;
|
||||
$Config['QuickUploadPath']['Flash'] = $Config['UserFilesPath'] ;
|
||||
$Config['QuickUploadAbsolutePath']['Flash']= $Config['UserFilesAbsolutePath'] ;
|
||||
|
||||
$Config['AllowedExtensions']['Media'] = array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ;
|
||||
$Config['DeniedExtensions']['Media'] = array() ;
|
||||
$Config['FileTypesPath']['Media'] = $Config['UserFilesPath'] . 'media/' ;
|
||||
$Config['FileTypesAbsolutePath']['Media']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'media/' ;
|
||||
$Config['QuickUploadPath']['Media'] = $Config['UserFilesPath'] ;
|
||||
$Config['QuickUploadAbsolutePath']['Media']= $Config['UserFilesAbsolutePath'] ;
|
||||
|
||||
?>
|
||||
<?php
|
||||
/*
|
||||
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
|
||||
* Copyright (C) 2003-2007 Frederico Caldeira Knabben
|
||||
*
|
||||
* == BEGIN LICENSE ==
|
||||
*
|
||||
* Licensed under the terms of any of the following licenses at your
|
||||
* choice:
|
||||
*
|
||||
* - GNU General Public License Version 2 or later (the "GPL")
|
||||
* http://www.gnu.org/licenses/gpl.html
|
||||
*
|
||||
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
|
||||
* http://www.gnu.org/licenses/lgpl.html
|
||||
*
|
||||
* - Mozilla Public License Version 1.1 or later (the "MPL")
|
||||
* http://www.mozilla.org/MPL/MPL-1.1.html
|
||||
*
|
||||
* == END LICENSE ==
|
||||
*
|
||||
* Configuration file for the File Manager Connector for PHP.
|
||||
*/
|
||||
|
||||
global $Config ;
|
||||
|
||||
// SECURITY: You must explicitly enable this "connector". (Set it to "true").
|
||||
// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only
|
||||
// authenticated users can access this file or use some kind of session checking.
|
||||
//$Config['Enabled'] = false ;
|
||||
|
||||
function deny_no_egw_session(&$account)
|
||||
{
|
||||
die('Access denied!');
|
||||
}
|
||||
$GLOBALS['egw_info'] = array(
|
||||
'flags' => array(
|
||||
'currentapp' => 'sitemgr',
|
||||
'noheader' => true,
|
||||
'autocreate_session_callback' => 'deny_no_egw_session',
|
||||
)
|
||||
);
|
||||
// will not continue, unless the header get's included, there is a valid eGW session and the user has sitemgr rights
|
||||
require('../../../../../../../header.inc.php');
|
||||
$Config['Enabled'] = $GLOBALS['egw']->session->session_flags == 'N'; // disallow anonymous users
|
||||
|
||||
// Path to user files relative to the document root.
|
||||
//$Config['UserFilesPath'] = '' ;
|
||||
|
||||
// Fill the following value it you prefer to specify the absolute path for the
|
||||
// user files directory. Useful if you are using a virtual directory, symbolic
|
||||
// link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
|
||||
// Attention: The above 'UserFilesPath' must point to the same directory.
|
||||
$Config['UserFilesAbsolutePath'] = '' ;
|
||||
|
||||
// Due to security issues with Apache modules, it is recommended to leave the
|
||||
// following setting enabled.
|
||||
$Config['ForceSingleExtension'] = true ;
|
||||
|
||||
// Perform additional checks for image files
|
||||
// if set to true, validate image size (using getimagesize)
|
||||
$Config['SecureImageUploads'] = true;
|
||||
|
||||
// What the user can do with this connector
|
||||
$Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ;
|
||||
|
||||
// Allowed Resource Types
|
||||
$Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media') ;
|
||||
|
||||
// For security, HTML is allowed in the first Kb of data for files having the
|
||||
// following extensions only.
|
||||
$Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ;
|
||||
|
||||
/*
|
||||
Configuration settings for each Resource Type
|
||||
|
||||
- AllowedExtensions: the possible extensions that can be allowed.
|
||||
If it is empty then any file type can be uploaded.
|
||||
- DeniedExtensions: The extensions that won't be allowed.
|
||||
If it is empty then no restrictions are done here.
|
||||
|
||||
For a file to be uploaded it has to fulfill both the AllowedExtensions
|
||||
and DeniedExtensions (that's it: not being denied) conditions.
|
||||
|
||||
- FileTypesPath: the virtual folder relative to the document root where
|
||||
these resources will be located.
|
||||
Attention: It must start and end with a slash: '/'
|
||||
|
||||
- FileTypesAbsolutePath: the physical path to the above folder. It must be
|
||||
an absolute path.
|
||||
If it's an empty string then it will be autocalculated.
|
||||
Useful if you are using a virtual directory, symbolic link or alias.
|
||||
Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
|
||||
Attention: The above 'FileTypesPath' must point to the same directory.
|
||||
Attention: It must end with a slash: '/'
|
||||
|
||||
- QuickUploadPath: the virtual folder relative to the document root where
|
||||
these resources will be uploaded using the Upload tab in the resources
|
||||
dialogs.
|
||||
Attention: It must start and end with a slash: '/'
|
||||
|
||||
- QuickUploadAbsolutePath: the physical path to the above folder. It must be
|
||||
an absolute path.
|
||||
If it's an empty string then it will be autocalculated.
|
||||
Useful if you are using a virtual directory, symbolic link or alias.
|
||||
Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
|
||||
Attention: The above 'QuickUploadPath' must point to the same directory.
|
||||
Attention: It must end with a slash: '/'
|
||||
|
||||
NOTE: by default, QuickUploadPath and QuickUploadAbsolutePath point to
|
||||
"userfiles" directory to maintain backwards compatibility with older versions of FCKeditor.
|
||||
This is fine, but you in some cases you will be not able to browse uploaded files using file browser.
|
||||
Example: if you click on "image button", select "Upload" tab and send image
|
||||
to the server, image will appear in FCKeditor correctly, but because it is placed
|
||||
directly in /userfiles/ directory, you'll be not able to see it in built-in file browser.
|
||||
The more expected behaviour would be to send images directly to "image" subfolder.
|
||||
To achieve that, simply change
|
||||
$Config['QuickUploadPath']['Image'] = $Config['UserFilesPath'] ;
|
||||
$Config['QuickUploadAbsolutePath']['Image'] = $Config['UserFilesAbsolutePath'] ;
|
||||
into:
|
||||
$Config['QuickUploadPath']['Image'] = $Config['FileTypesPath']['Image'] ;
|
||||
$Config['QuickUploadAbsolutePath']['Image'] = $Config['FileTypesAbsolutePath']['Image'] ;
|
||||
|
||||
*/
|
||||
|
||||
$Config['AllowedExtensions']['File'] = array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ;
|
||||
$Config['DeniedExtensions']['File'] = array() ;
|
||||
$Config['FileTypesPath']['File'] = $Config['UserFilesPath'] . 'file/' ;
|
||||
$Config['FileTypesAbsolutePath']['File']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'file/' ;
|
||||
$Config['QuickUploadPath']['File'] = $Config['UserFilesPath'] ;
|
||||
$Config['QuickUploadAbsolutePath']['File']= $Config['UserFilesAbsolutePath'] ;
|
||||
|
||||
$upload_path = $_GET['ServerPath'];
|
||||
if ( !ereg('/$', $upload_path))
|
||||
{
|
||||
$upload_path .= '/' ;
|
||||
}
|
||||
|
||||
$Config['AllowedExtensions']['Image'] = array('bmp','gif','jpeg','jpg','png') ;
|
||||
$Config['DeniedExtensions']['Image'] = array() ;
|
||||
$Config['FileTypesPath']['Image'] = $upload_path;
|
||||
$Config['FileTypesAbsolutePath']['Image']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'];
|
||||
$Config['QuickUploadPath']['Image'] = $upload_path;
|
||||
$Config['QuickUploadAbsolutePath']['Image']= $Config['UserFilesAbsolutePath'] ;
|
||||
|
||||
$Config['AllowedExtensions']['Flash'] = array('swf','flv') ;
|
||||
$Config['DeniedExtensions']['Flash'] = array() ;
|
||||
$Config['FileTypesPath']['Flash'] = $Config['UserFilesPath'] . 'flash/' ;
|
||||
$Config['FileTypesAbsolutePath']['Flash']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'flash/' ;
|
||||
$Config['QuickUploadPath']['Flash'] = $Config['UserFilesPath'] ;
|
||||
$Config['QuickUploadAbsolutePath']['Flash']= $Config['UserFilesAbsolutePath'] ;
|
||||
|
||||
$Config['AllowedExtensions']['Media'] = array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ;
|
||||
$Config['DeniedExtensions']['Media'] = array() ;
|
||||
$Config['FileTypesPath']['Media'] = $Config['UserFilesPath'] . 'media/' ;
|
||||
$Config['FileTypesAbsolutePath']['Media']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'media/' ;
|
||||
$Config['QuickUploadPath']['Media'] = $Config['UserFilesPath'] ;
|
||||
$Config['QuickUploadAbsolutePath']['Media']= $Config['UserFilesAbsolutePath'] ;
|
||||
|
||||
?>
|
||||
|
Loading…
Reference in New Issue
Block a user