1<%
2 ' FCKeditor - The text editor for Internet - http://www.fckeditor.net
3 ' Copyright (C) 2003-2010 Frederico Caldeira Knabben
4 '
5 ' == BEGIN LICENSE ==
6 '
7 ' Licensed under the terms of any of the following licenses at your
8 ' choice:
9 '
10 '  - GNU General Public License Version 2 or later (the "GPL")
11 '    http://www.gnu.org/licenses/gpl.html
12 '
13 '  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
14 '    http://www.gnu.org/licenses/lgpl.html
15 '
16 '  - Mozilla Public License Version 1.1 or later (the "MPL")
17 '    http://www.mozilla.org/MPL/MPL-1.1.html
18 '
19 ' == END LICENSE ==
20 '
21 ' This file include IO specific functions used by the ASP Connector.
22%>
23<%
24function CombinePaths( sBasePath, sFolder)
25	sFolder = replace(sFolder, "\", "/")
26	CombinePaths =  RemoveFromEnd( sBasePath, "/" ) & "/" & RemoveFromStart( sFolder, "/" )
27end function
28
29function CombineLocalPaths( sBasePath, sFolder)
30	sFolder = replace(sFolder, "/", "\")
31	' The RemoveFrom* functions use RegExp, so we must escape the \
32	CombineLocalPaths =  RemoveFromEnd( sBasePath, "\\" ) & "\" & RemoveFromStart( sFolder, "\\" )
33end function
34
35Function GetResourceTypePath( resourceType, sCommand )
36	if ( sCommand = "QuickUpload") then
37		GetResourceTypePath = ConfigQuickUploadPath.Item( resourceType )
38	else
39		GetResourceTypePath = ConfigFileTypesPath.Item( resourceType )
40	end if
41end Function
42
43Function GetResourceTypeDirectory( resourceType, sCommand )
44	if ( sCommand = "QuickUpload") then
45
46		if ( ConfigQuickUploadAbsolutePath.Item( resourceType ) <> "" ) then
47			GetResourceTypeDirectory = ConfigQuickUploadAbsolutePath.Item( resourceType )
48		else
49			' Map the "UserFiles" path to a local directory.
50			GetResourceTypeDirectory = Server.MapPath( ConfigQuickUploadPath.Item( resourceType ) )
51		end if
52	else
53		if ( ConfigFileTypesAbsolutePath.Item( resourceType ) <> "" ) then
54			GetResourceTypeDirectory = ConfigFileTypesAbsolutePath.Item( resourceType )
55		else
56			' Map the "UserFiles" path to a local directory.
57			GetResourceTypeDirectory = Server.MapPath( ConfigFileTypesPath.Item( resourceType ) )
58		end if
59	end if
60end Function
61
62Function GetUrlFromPath( resourceType, folderPath, sCommand )
63	GetUrlFromPath = CombinePaths( GetResourceTypePath( resourceType, sCommand ), folderPath )
64End Function
65
66Function RemoveExtension( fileName )
67	RemoveExtension = Left( fileName, InStrRev( fileName, "." ) - 1 )
68End Function
69
70Function ServerMapFolder( resourceType, folderPath, sCommand )
71	Dim sResourceTypePath
72	' Get the resource type directory.
73	sResourceTypePath = GetResourceTypeDirectory( resourceType, sCommand )
74
75	' Ensure that the directory exists.
76	CreateServerFolder sResourceTypePath
77
78	' Return the resource type directory combined with the required path.
79	ServerMapFolder = CombineLocalPaths( sResourceTypePath, folderPath )
80End Function
81
82Sub CreateServerFolder( folderPath )
83	Dim oFSO
84	Set oFSO = Server.CreateObject( "Scripting.FileSystemObject" )
85
86	Dim sParent
87	sParent = oFSO.GetParentFolderName( folderPath )
88
89	' If folderPath is a network path (\\server\folder\) then sParent is an empty string.
90	' Get out.
91	if (sParent = "") then exit sub
92
93	' Check if the parent exists, or create it.
94	If ( NOT oFSO.FolderExists( sParent ) ) Then CreateServerFolder( sParent )
95
96	If ( oFSO.FolderExists( folderPath ) = False ) Then
97		On Error resume next
98		oFSO.CreateFolder( folderPath )
99
100		if err.number<>0 then
101		dim sErrorNumber
102		Dim iErrNumber, sErrDescription
103		iErrNumber		= err.number
104		sErrDescription	= err.Description
105
106		On Error Goto 0
107
108		Select Case iErrNumber
109			Case 52
110				sErrorNumber = "102"	' Invalid Folder Name.
111			Case 70
112				sErrorNumber = "103"	' Security Error.
113			Case 76
114				sErrorNumber = "102"	' Path too long.
115			Case Else
116				sErrorNumber = "110"
117			End Select
118
119			SendError sErrorNumber, "CreateServerFolder(" & folderPath & ") : " & sErrDescription
120		end if
121
122	End If
123
124	Set oFSO = Nothing
125End Sub
126
127Function IsAllowedExt( extension, resourceType )
128	Dim oRE
129	Set oRE	= New RegExp
130	oRE.IgnoreCase	= True
131	oRE.Global		= True
132
133	Dim sAllowed, sDenied
134	sAllowed	= ConfigAllowedExtensions.Item( resourceType )
135	sDenied		= ConfigDeniedExtensions.Item( resourceType )
136
137	IsAllowedExt = True
138
139	If sDenied <> "" Then
140		oRE.Pattern	= sDenied
141		IsAllowedExt	= Not oRE.Test( extension )
142	End If
143
144	If IsAllowedExt And sAllowed <> "" Then
145		oRE.Pattern		= sAllowed
146		IsAllowedExt	= oRE.Test( extension )
147	End If
148
149	Set oRE	= Nothing
150End Function
151
152Function IsAllowedType( resourceType )
153	Dim oRE
154	Set oRE	= New RegExp
155	oRE.IgnoreCase	= False
156	oRE.Global		= True
157	oRE.Pattern		= "^(" & ConfigAllowedTypes & ")$"
158
159	IsAllowedType = oRE.Test( resourceType )
160
161	Set oRE	= Nothing
162End Function
163
164Function IsAllowedCommand( sCommand )
165	Dim oRE
166	Set oRE	= New RegExp
167	oRE.IgnoreCase	= True
168	oRE.Global		= True
169	oRE.Pattern		= "^(" & ConfigAllowedCommands & ")$"
170
171	IsAllowedCommand = oRE.Test( sCommand )
172
173	Set oRE	= Nothing
174End Function
175
176function GetCurrentFolder()
177	dim sCurrentFolder
178	dim oRegex
179
180	sCurrentFolder = Request.QueryString("CurrentFolder")
181	If ( sCurrentFolder = "" ) Then sCurrentFolder = "/"
182
183	' Check the current folder syntax (must begin and start with a slash).
184	If ( Right( sCurrentFolder, 1 ) <> "/" ) Then sCurrentFolder = sCurrentFolder & "/"
185	If ( Left( sCurrentFolder, 1 ) <> "/" ) Then sCurrentFolder = "/" & sCurrentFolder
186
187	' Check for invalid folder paths (..)
188	If ( InStr( 1, sCurrentFolder, ".." ) <> 0 OR InStr( 1, sCurrentFolder, "\" ) <> 0) Then
189		SendError 102, ""
190	End If
191
192	Set oRegex = New RegExp
193	oRegex.Global		= True
194	oRegex.Pattern = "(/\.)|(//)|([\\:\;\.\*\?\""\<\>\|]|[\u0000-\u001F]|\u007F)"
195
196	if (oRegex.Test(sCurrentFolder)) Then
197		SendError 102, ""
198	End If
199
200	GetCurrentFolder = sCurrentFolder
201end function
202
203' Do a cleanup of the folder name to avoid possible problems
204function SanitizeFolderName( sNewFolderName )
205	Dim oRegex
206	Set oRegex = New RegExp
207	oRegex.Global		= True
208
209' remove . \ / | : ? *  " < > and control characters
210	oRegex.Pattern = "(\.|\\|\/|\||:|\?|\;|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
211	SanitizeFolderName = oRegex.Replace( sNewFolderName, "_" )
212
213	Set oRegex = Nothing
214end function
215
216' Do a cleanup of the file name to avoid possible problems
217function SanitizeFileName( sNewFileName )
218	Dim oRegex
219	Set oRegex = New RegExp
220	oRegex.Global		= True
221
222	if ( ConfigForceSingleExtension = True ) then
223		oRegex.Pattern = "\.(?![^.]*$)"
224		sNewFileName = oRegex.Replace( sNewFileName, "_" )
225	end if
226
227' remove \ / | : ? *  " < > and control characters
228	oRegex.Pattern = "(\\|\/|\||:|\;|\?|\*|""|\<|\>|[\u0000-\u001F]|\u007F)"
229	SanitizeFileName = oRegex.Replace( sNewFileName, "_" )
230
231	Set oRegex = Nothing
232end function
233
234' This is the function that sends the results of the uploading process.
235Sub SendUploadResults( errorNumber, fileUrl, fileName, customMsg )
236	Response.Clear
237	Response.Write "<script type=""text/javascript"">"
238	' Minified version of the document.domain automatic fix script (#1919).
239	' The original script can be found at _dev/domain_fix_template.js
240	Response.Write "(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\.|$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})();"
241
242	Response.Write "window.parent.OnUploadCompleted(" & errorNumber & ",""" & Replace( fileUrl, """", "\""" ) & """,""" & Replace( fileName, """", "\""" ) & """,""" & Replace( customMsg , """", "\""" ) & """) ;"
243	Response.Write "</script>"
244	Response.End
245End Sub
246
247%>
248