"check for a valid eGW session"

phpgwapi/js/fckeditor/editor/filemanager/connectors/php/config.php

@@ -1,146 +1,160 @@
-<?php
-/*
- * FCKeditor - The text editor for Internet - http://www.fckeditor.net
- * Copyright (C) 2003-2007 Frederico Caldeira Knabben
- *
- * == BEGIN LICENSE ==
- *
- * Licensed under the terms of any of the following licenses at your
- * choice:
- *
- *  - GNU General Public License Version 2 or later (the "GPL")
- *    http://www.gnu.org/licenses/gpl.html
- *
- *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
- *    http://www.gnu.org/licenses/lgpl.html
- *
- *  - Mozilla Public License Version 1.1 or later (the "MPL")
- *    http://www.mozilla.org/MPL/MPL-1.1.html
- *
- * == END LICENSE ==
- *
- * Configuration file for the File Manager Connector for PHP.
- */
-
-global $Config ;
-
-// SECURITY: You must explicitly enable this "connector". (Set it to "true").
-// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only 
-//		authenticated users can access this file or use some kind of session checking.
-$Config['Enabled'] = true ;
-
-
-// Path to user files relative to the document root.
-//$Config['UserFilesPath'] = '' ;
-
-// Fill the following value it you prefer to specify the absolute path for the
-// user files directory. Useful if you are using a virtual directory, symbolic
-// link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
-// Attention: The above 'UserFilesPath' must point to the same directory.
-$Config['UserFilesAbsolutePath'] = '' ;
-
-// Due to security issues with Apache modules, it is recommended to leave the
-// following setting enabled.
-$Config['ForceSingleExtension'] = true ;
-
-// Perform additional checks for image files
-// if set to true, validate image size (using getimagesize)
-$Config['SecureImageUploads'] = true;
-
-// What the user can do with this connector
-$Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ;
-
-// Allowed Resource Types
-$Config['ConfigAllowedTypes'] = array('images','File', 'Image', 'Flash', 'Media') ;
-
-// For security, HTML is allowed in the first Kb of data for files having the
-// following extensions only.
-$Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ;
-
-/*
-	Configuration settings for each Resource Type
-
-	- AllowedExtensions: the possible extensions that can be allowed. 
-		If it is empty then any file type can be uploaded.
-	- DeniedExtensions: The extensions that won't be allowed. 
-		If it is empty then no restrictions are done here.
-
-	For a file to be uploaded it has to fulfill both the AllowedExtensions
-	and DeniedExtensions (that's it: not being denied) conditions.
-
-	- FileTypesPath: the virtual folder relative to the document root where
-		these resources will be located. 
-		Attention: It must start and end with a slash: '/'
-
-	- FileTypesAbsolutePath: the physical path to the above folder. It must be
-		an absolute path. 
-		If it's an empty string then it will be autocalculated.
-		Useful if you are using a virtual directory, symbolic link or alias. 
-		Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
-		Attention: The above 'FileTypesPath' must point to the same directory.
-		Attention: It must end with a slash: '/'
-
-	 - QuickUploadPath: the virtual folder relative to the document root where
-		these resources will be uploaded using the Upload tab in the resources 
-		dialogs.
-		Attention: It must start and end with a slash: '/'
-
-	 - QuickUploadAbsolutePath: the physical path to the above folder. It must be
-		an absolute path. 
-		If it's an empty string then it will be autocalculated.
-		Useful if you are using a virtual directory, symbolic link or alias. 
-		Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
-		Attention: The above 'QuickUploadPath' must point to the same directory.
-		Attention: It must end with a slash: '/'
-
-	 	NOTE: by default, QuickUploadPath and QuickUploadAbsolutePath point to 
-	 	"userfiles" directory to maintain backwards compatibility with older versions of FCKeditor. 
-	 	This is fine, but you in some cases you will be not able to browse uploaded files using file browser.
-	 	Example: if you click on "image button", select "Upload" tab and send image 
-	 	to the server, image will appear in FCKeditor correctly, but because it is placed 
-	 	directly in /userfiles/ directory, you'll be not able to see it in built-in file browser.
-	 	The more expected behaviour would be to send images directly to "image" subfolder.
-	 	To achieve that, simply change
-			$Config['QuickUploadPath']['Image']			= $Config['UserFilesPath'] ;
-			$Config['QuickUploadAbsolutePath']['Image']	= $Config['UserFilesAbsolutePath'] ;
-		into:	
-			$Config['QuickUploadPath']['Image']			= $Config['FileTypesPath']['Image'] ;
-			$Config['QuickUploadAbsolutePath']['Image'] 	= $Config['FileTypesAbsolutePath']['Image'] ;			
-		
-*/
-
-$Config['AllowedExtensions']['File']	= array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ;
-$Config['DeniedExtensions']['File']		= array() ;
-$Config['FileTypesPath']['File']		= $Config['UserFilesPath'] . 'file/' ;
-$Config['FileTypesAbsolutePath']['File']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'file/' ;
-$Config['QuickUploadPath']['File']		= $Config['UserFilesPath'] ;
-$Config['QuickUploadAbsolutePath']['File']= $Config['UserFilesAbsolutePath'] ;
-
-$upload_path = $_GET['ServerPath'];
-if ( !ereg('/$', $upload_path))
-{
-		$upload_path .= '/' ;
-}
-
-$Config['AllowedExtensions']['Image']	= array('bmp','gif','jpeg','jpg','png') ;
-$Config['DeniedExtensions']['Image']	= array() ;
-$Config['FileTypesPath']['Image']		= $upload_path;
-$Config['FileTypesAbsolutePath']['Image']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'];
-$Config['QuickUploadPath']['Image']		= $upload_path;
-$Config['QuickUploadAbsolutePath']['Image']= $Config['UserFilesAbsolutePath'] ;
-
-$Config['AllowedExtensions']['Flash']	= array('swf','flv') ;
-$Config['DeniedExtensions']['Flash']	= array() ;
-$Config['FileTypesPath']['Flash']		= $Config['UserFilesPath'] . 'flash/' ;
-$Config['FileTypesAbsolutePath']['Flash']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'flash/' ;
-$Config['QuickUploadPath']['Flash']		= $Config['UserFilesPath'] ;
-$Config['QuickUploadAbsolutePath']['Flash']= $Config['UserFilesAbsolutePath'] ;
-
-$Config['AllowedExtensions']['Media']	= array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ;
-$Config['DeniedExtensions']['Media']	= array() ;
-$Config['FileTypesPath']['Media']		= $Config['UserFilesPath'] . 'media/' ;
-$Config['FileTypesAbsolutePath']['Media']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'media/' ;
-$Config['QuickUploadPath']['Media']		= $Config['UserFilesPath'] ;
-$Config['QuickUploadAbsolutePath']['Media']= $Config['UserFilesAbsolutePath'] ;
-
-?>
+<?php
+/*
+ * FCKeditor - The text editor for Internet - http://www.fckeditor.net
+ * Copyright (C) 2003-2007 Frederico Caldeira Knabben
+ *
+ * == BEGIN LICENSE ==
+ *
+ * Licensed under the terms of any of the following licenses at your
+ * choice:
+ *
+ *  - GNU General Public License Version 2 or later (the "GPL")
+ *    http://www.gnu.org/licenses/gpl.html
+ *
+ *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
+ *    http://www.gnu.org/licenses/lgpl.html
+ *
+ *  - Mozilla Public License Version 1.1 or later (the "MPL")
+ *    http://www.mozilla.org/MPL/MPL-1.1.html
+ *
+ * == END LICENSE ==
+ *
+ * Configuration file for the File Manager Connector for PHP.
+ */
+
+global $Config ;
+
+// SECURITY: You must explicitly enable this "connector". (Set it to "true").
+// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only 
+//		authenticated users can access this file or use some kind of session checking.
+//$Config['Enabled'] = false ;
+
+function deny_no_egw_session(&$account)
+{
+	die('Access denied!');
+}
+$GLOBALS['egw_info'] = array(
+	'flags' => array(
+		'currentapp' => 'sitemgr',
+		'noheader' => true,
+		'autocreate_session_callback' => 'deny_no_egw_session',
+	)
+);
+// will not continue, unless the header get's included, there is a valid eGW session and the user has sitemgr rights
+require('../../../../../../../header.inc.php');
+$Config['Enabled'] = $GLOBALS['egw']->session->session_flags == 'N';	// disallow anonymous users
+
+// Path to user files relative to the document root.
+//$Config['UserFilesPath'] = '' ;
+
+// Fill the following value it you prefer to specify the absolute path for the
+// user files directory. Useful if you are using a virtual directory, symbolic
+// link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
+// Attention: The above 'UserFilesPath' must point to the same directory.
+$Config['UserFilesAbsolutePath'] = '' ;
+
+// Due to security issues with Apache modules, it is recommended to leave the
+// following setting enabled.
+$Config['ForceSingleExtension'] = true ;
+
+// Perform additional checks for image files
+// if set to true, validate image size (using getimagesize)
+$Config['SecureImageUploads'] = true;
+
+// What the user can do with this connector
+$Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder') ;
+
+// Allowed Resource Types
+$Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media') ;
+
+// For security, HTML is allowed in the first Kb of data for files having the
+// following extensions only.
+$Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ;
+
+/*
+	Configuration settings for each Resource Type
+
+	- AllowedExtensions: the possible extensions that can be allowed. 
+		If it is empty then any file type can be uploaded.
+	- DeniedExtensions: The extensions that won't be allowed. 
+		If it is empty then no restrictions are done here.
+
+	For a file to be uploaded it has to fulfill both the AllowedExtensions
+	and DeniedExtensions (that's it: not being denied) conditions.
+
+	- FileTypesPath: the virtual folder relative to the document root where
+		these resources will be located. 
+		Attention: It must start and end with a slash: '/'
+
+	- FileTypesAbsolutePath: the physical path to the above folder. It must be
+		an absolute path. 
+		If it's an empty string then it will be autocalculated.
+		Useful if you are using a virtual directory, symbolic link or alias. 
+		Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
+		Attention: The above 'FileTypesPath' must point to the same directory.
+		Attention: It must end with a slash: '/'
+
+	 - QuickUploadPath: the virtual folder relative to the document root where
+		these resources will be uploaded using the Upload tab in the resources 
+		dialogs.
+		Attention: It must start and end with a slash: '/'
+
+	 - QuickUploadAbsolutePath: the physical path to the above folder. It must be
+		an absolute path. 
+		If it's an empty string then it will be autocalculated.
+		Useful if you are using a virtual directory, symbolic link or alias. 
+		Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
+		Attention: The above 'QuickUploadPath' must point to the same directory.
+		Attention: It must end with a slash: '/'
+
+	 	NOTE: by default, QuickUploadPath and QuickUploadAbsolutePath point to 
+	 	"userfiles" directory to maintain backwards compatibility with older versions of FCKeditor. 
+	 	This is fine, but you in some cases you will be not able to browse uploaded files using file browser.
+	 	Example: if you click on "image button", select "Upload" tab and send image 
+	 	to the server, image will appear in FCKeditor correctly, but because it is placed 
+	 	directly in /userfiles/ directory, you'll be not able to see it in built-in file browser.
+	 	The more expected behaviour would be to send images directly to "image" subfolder.
+	 	To achieve that, simply change
+			$Config['QuickUploadPath']['Image']			= $Config['UserFilesPath'] ;
+			$Config['QuickUploadAbsolutePath']['Image']	= $Config['UserFilesAbsolutePath'] ;
+		into:	
+			$Config['QuickUploadPath']['Image']			= $Config['FileTypesPath']['Image'] ;
+			$Config['QuickUploadAbsolutePath']['Image'] 	= $Config['FileTypesAbsolutePath']['Image'] ;			
+		
+*/
+
+$Config['AllowedExtensions']['File']	= array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ;
+$Config['DeniedExtensions']['File']		= array() ;
+$Config['FileTypesPath']['File']		= $Config['UserFilesPath'] . 'file/' ;
+$Config['FileTypesAbsolutePath']['File']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'file/' ;
+$Config['QuickUploadPath']['File']		= $Config['UserFilesPath'] ;
+$Config['QuickUploadAbsolutePath']['File']= $Config['UserFilesAbsolutePath'] ;
+
+$upload_path = $_GET['ServerPath'];
+if ( !ereg('/$', $upload_path))
+{
+		$upload_path .= '/' ;
+}
+
+$Config['AllowedExtensions']['Image']	= array('bmp','gif','jpeg','jpg','png') ;
+$Config['DeniedExtensions']['Image']	= array() ;
+$Config['FileTypesPath']['Image']		= $upload_path;
+$Config['FileTypesAbsolutePath']['Image']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'];
+$Config['QuickUploadPath']['Image']		= $upload_path;
+$Config['QuickUploadAbsolutePath']['Image']= $Config['UserFilesAbsolutePath'] ;
+
+$Config['AllowedExtensions']['Flash']	= array('swf','flv') ;
+$Config['DeniedExtensions']['Flash']	= array() ;
+$Config['FileTypesPath']['Flash']		= $Config['UserFilesPath'] . 'flash/' ;
+$Config['FileTypesAbsolutePath']['Flash']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'flash/' ;
+$Config['QuickUploadPath']['Flash']		= $Config['UserFilesPath'] ;
+$Config['QuickUploadAbsolutePath']['Flash']= $Config['UserFilesAbsolutePath'] ;
+
+$Config['AllowedExtensions']['Media']	= array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ;
+$Config['DeniedExtensions']['Media']	= array() ;
+$Config['FileTypesPath']['Media']		= $Config['UserFilesPath'] . 'media/' ;
+$Config['FileTypesAbsolutePath']['Media']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'media/' ;
+$Config['QuickUploadPath']['Media']		= $Config['UserFilesPath'] ;
+$Config['QuickUploadAbsolutePath']['Media']= $Config['UserFilesAbsolutePath'] ;
+
+?>