typo 5.0.3.98.1 → 5.1

data/public/javascripts/fckeditor/editor/filemanager/browser/default/frmresourcetype.html

@@ -1,7 +1,7 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 <!--
  * FCKeditor - The text editor for Internet - http://www.fckeditor.net
- * Copyright (C) 2003-2007 Frederico Caldeira Knabben
+ * Copyright (C) 2003-2008 Frederico Caldeira Knabben
  *
  * == BEGIN LICENSE ==
  *

data/public/javascripts/fckeditor/editor/filemanager/browser/default/frmupload.html

@@ -1,7 +1,7 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 <!--
  * FCKeditor - The text editor for Internet - http://www.fckeditor.net
- * Copyright (C) 2003-2007 Frederico Caldeira Knabben
+ * Copyright (C) 2003-2008 Frederico Caldeira Knabben
  *
  * == BEGIN LICENSE ==
  *
@@ -24,6 +24,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 	<head>
 		<title>File Upload</title>
+		<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 		<link href="browser.css" type="text/css" rel="stylesheet" />
 		<script type="text/javascript" src="js/common.js"></script>
 		<script type="text/javascript">

data/public/javascripts/fckeditor/editor/filemanager/browser/default/js/common.js

@@ -1,6 +1,6 @@
 /*
  * FCKeditor - The text editor for Internet - http://www.fckeditor.net
- * Copyright (C) 2003-2007 Frederico Caldeira Knabben
+ * Copyright (C) 2003-2008 Frederico Caldeira Knabben
  *
  * == BEGIN LICENSE ==
  *
@@ -22,6 +22,38 @@
  * File Browser dialog window.
  */
 
+// Automatically detect the correct document.domain (#1919).
+(function()
+{
+	var d = document.domain ;
+
+	while ( true )
+	{
+		// Test if we can access a parent property.
+		try
+		{
+			var test = window.top.opener.document.domain ;
+			break ;
+		}
+		catch( e ) {}
+
+		// Remove a domain part: www.mytest.example.com => mytest.example.com => example.com ...
+		d = d.replace( /.*?(?:\.|$)/, '' ) ;
+
+		if ( d.length == 0 )
+			break ;		// It was not able to detect the domain.
+
+		try
+		{
+			document.domain = d ;
+		}
+		catch (e)
+		{
+			break ;
+		}
+	}
+})() ;
+
 function AddSelectOption( selectElement, optionText, optionValue )
 {
 	var oOption = document.createElement("OPTION") ;
@@ -52,4 +84,4 @@ StringBuilder.prototype.Append = function( value )
 StringBuilder.prototype.ToString = function()
 {
     return this._Strings.join( '' ) ;
-}
+}

data/public/javascripts/fckeditor/editor/filemanager/browser/default/js/fckxml.js

@@ -1,6 +1,6 @@
 /*
  * FCKeditor - The text editor for Internet - http://www.fckeditor.net
- * Copyright (C) 2003-2007 Frederico Caldeira Knabben
+ * Copyright (C) 2003-2008 Frederico Caldeira Knabben
  *
  * == BEGIN LICENSE ==
  *
@@ -31,8 +31,8 @@ var FCKXml = function()
 FCKXml.prototype.GetHttpRequest = function()
 {
 	// Gecko / IE7
-	if ( typeof(XMLHttpRequest) != 'undefined' )
-		return new XMLHttpRequest() ;
+	try { return new XMLHttpRequest(); }
+	catch(e) {}
 
 	// IE6
 	try { return new ActiveXObject( 'Msxml2.XMLHTTP' ) ; }

data/public/javascripts/fckeditor/editor/filemanager/connectors/aspx/connector.aspx

@@ -1,7 +1,8 @@
-<%@ Page language="c#" Trace="false" Inherits="FredCK.FCKeditorV2.FileBrowserConnector" AutoEventWireup="false" %>
+<%@ Page Language="c#" Trace="false" Inherits="FredCK.FCKeditorV2.FileBrowser.Connector" AutoEventWireup="false" %>
+<%@ Register Src="config.ascx" TagName="Config" TagPrefix="FCKeditor" %>
 <%--
  * FCKeditor - The text editor for Internet - http://www.fckeditor.net
- * Copyright (C) 2003-2007 Frederico Caldeira Knabben
+ * Copyright (C) 2003-2008 Frederico Caldeira Knabben
  *
  * == BEGIN LICENSE ==
  *
@@ -27,4 +28,5 @@
  *
  * To download the FCKeditor.Net package, go to our official web site:
  * http://www.fckeditor.net
---%>
+--%>
+<FCKeditor:Config id="Config" runat="server"></FCKeditor:Config>

data/public/javascripts/fckeditor/editor/filemanager/connectors/aspx/upload.aspx

@@ -1,7 +1,8 @@
-<%@ Page language="c#" Trace="false" Inherits="FredCK.FCKeditorV2.Uploader" AutoEventWireup="false" %>
+<%@ Page Language="c#" Trace="false" Inherits="FredCK.FCKeditorV2.FileBrowser.Uploader" AutoEventWireup="false" %>
+<%@ Register Src="config.ascx" TagName="Config" TagPrefix="FCKeditor" %>
 <%--
  * FCKeditor - The text editor for Internet - http://www.fckeditor.net
- * Copyright (C) 2003-2007 Frederico Caldeira Knabben
+ * Copyright (C) 2003-2008 Frederico Caldeira Knabben
  *
  * == BEGIN LICENSE ==
  *
@@ -27,4 +28,5 @@
  *
  * To download the FCKeditor.Net package, go to our official web site:
  * http://www.fckeditor.net
---%>
+--%>
+<FCKeditor:Config id="Config" runat="server"></FCKeditor:Config>

data/public/javascripts/fckeditor/editor/filemanager/connectors/perl/basexml.pl

@@ -1,6 +1,6 @@
 #####
 #  FCKeditor - The text editor for Internet - http://www.fckeditor.net
-#  Copyright (C) 2003-2007 Frederico Caldeira Knabben
+#  Copyright (C) 2003-2008 Frederico Caldeira Knabben
 #
 #  == BEGIN LICENSE ==
 #

data/public/javascripts/fckeditor/editor/filemanager/connectors/perl/commands.pl

@@ -1,6 +1,6 @@
 #####
 #  FCKeditor - The text editor for Internet - http://www.fckeditor.net
-#  Copyright (C) 2003-2007 Frederico Caldeira Knabben
+#  Copyright (C) 2003-2008 Frederico Caldeira Knabben
 #
 #  == BEGIN LICENSE ==
 #
@@ -91,6 +91,7 @@ sub CreateFolder
 
 	if($FORM{'NewFolderName'} ne "") {
 		$sNewFolderName = $FORM{'NewFolderName'};
+		$sNewFolderName =~ s/\.|\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
 		# Map the virtual path to the local server path of the current folder.
 		$sServerDir = &ServerMapFolder($resourceType, $currentFolder);
 		if(-w $sServerDir) {
@@ -128,6 +129,7 @@ eval("use File::Copy;");
 
 		# Get the uploaded file name.
 		$sFileName = $new_fname;
+		$sFileName =~ s/\\|\/|\||\:|\?|\*|\"|<|>|[[:cntrl:]]/_/g;
 		$sOriginalFileName = $sFileName;
 
 		$iCounter = 0;
@@ -140,7 +142,16 @@ eval("use File::Copy;");
 				$sErrorNumber = '201';
 			} else {
 				copy("$img_dir/$new_fname","$sFilePath");
-				chmod(0777,$sFilePath);
+				if (defined $CHMOD_ON_UPLOAD) {
+					if ($CHMOD_ON_UPLOAD) {
+						umask(000);
+						chmod($CHMOD_ON_UPLOAD,$sFilePath);
+					}
+				}
+				else {
+					umask(000);
+					chmod(0777,$sFilePath);
+				}
 				unlink("$img_dir/$new_fname");
 				last;
 			}
@@ -158,8 +169,43 @@ sub SendUploadResults
 
 	local($sErrorNumber, $sFileUrl, $sFileName, $customMsg) = @_;
 
-	print "Content-type: text/html\n\n";
-	print '<script type="text/javascript">';
+	print <<EOF;
+Content-type: text/html
+
+<script type="text/javascript">
+// Automatically detect the correct document.domain (#1919).
+(function()
+{
+	var d = document.domain ;
+
+	while ( true )
+	{
+		// Test if we can access a parent property.
+		try
+		{
+			var test = window.top.opener.document.domain ;
+			break ;
+		}
+		catch( e ) {}
+
+		// Remove a domain part: www.mytest.example.com => mytest.example.com => example.com ...
+		d = d.replace( /.*?(?:\\.|\$)/, '' ) ;
+
+		if ( d.length == 0 )
+			break ;		// It was not able to detect the domain.
+
+		try
+		{
+			document.domain = d ;
+		}
+		catch (e)
+		{
+			break ;
+		}
+	}
+})() ;
+
+EOF
 	print 'window.parent.OnUploadCompleted(' . $sErrorNumber . ',"' . JS_cnv($sFileUrl) . '","' . JS_cnv($sFileName) . '","' . JS_cnv($customMsg) . '") ;';
 	print '</script>';
 	exit ;

data/public/javascripts/fckeditor/editor/filemanager/connectors/perl/connector.cgi

@@ -2,7 +2,7 @@
 
 #####
 #  FCKeditor - The text editor for Internet - http://www.fckeditor.net
-#  Copyright (C) 2003-2007 Frederico Caldeira Knabben
+#  Copyright (C) 2003-2008 Frederico Caldeira Knabben
 #
 #  == BEGIN LICENSE ==
 #
@@ -101,7 +101,7 @@ sub DoResponse
 	}
 
 	# Check for invalid folder paths (..)
-	if ( $sCurrentFolder =~ /\.\./ ) {
+	if ( $sCurrentFolder =~ /(?:\.\.|\\)/ ) {
 		SendError( 102, "" ) ;
 	}
 
@@ -134,4 +134,3 @@ _HTML_HEAD_
 
 	exit ;
 }
-

data/public/javascripts/fckeditor/editor/filemanager/connectors/perl/io.pl

@@ -1,6 +1,6 @@
 #####
 #  FCKeditor - The text editor for Internet - http://www.fckeditor.net
-#  Copyright (C) 2003-2007 Frederico Caldeira Knabben
+#  Copyright (C) 2003-2008 Frederico Caldeira Knabben
 #
 #  == BEGIN LICENSE ==
 #
@@ -87,9 +87,19 @@ sub CreateServerFolder
 		}
 	}
 	if(!(-e $folderPath)) {
-		umask(000);
-		mkdir("$folderPath",0777);
-		chmod(0777,"$folderPath");
+		if (defined $CHMOD_ON_FOLDER_CREATE && !$CHMOD_ON_FOLDER_CREATE) {
+			mkdir("$folderPath");
+		}
+		else {
+			umask(000);
+			if (defined $CHMOD_ON_FOLDER_CREATE) {
+				mkdir("$folderPath",$CHMOD_ON_FOLDER_CREATE);
+			}
+			else {
+				mkdir("$folderPath",0777);
+			}
+		}
+
 		return(0);
 	} else {
 		return(1);

data/public/javascripts/fckeditor/editor/filemanager/connectors/perl/upload.cgi

@@ -2,7 +2,7 @@
 
 #####
 #  FCKeditor - The text editor for Internet - http://www.fckeditor.net
-#  Copyright (C) 2003-2007 Frederico Caldeira Knabben
+#  Copyright (C) 2003-2008 Frederico Caldeira Knabben
 #
 #  == BEGIN LICENSE ==
 #
@@ -104,7 +104,7 @@ sub DoResponse
 	}
 
 	# Check for invalid folder paths (..)
-	if ( $sCurrentFolder =~ /\.\./ ) {
+	if ( $sCurrentFolder =~ /(?:\.\.|\\)/ ) {
 		SendError( 102, "" ) ;
 	}
 
@@ -115,4 +115,3 @@ sub DoResponse
 	}
 
 }
-

data/public/javascripts/fckeditor/editor/filemanager/connectors/perl/upload_fck.pl

@@ -1,6 +1,6 @@
 #####
 #  FCKeditor - The text editor for Internet - http://www.fckeditor.net
-#  Copyright (C) 2003-2007 Frederico Caldeira Knabben
+#  Copyright (C) 2003-2008 Frederico Caldeira Knabben
 #
 #  == BEGIN LICENSE ==
 #
@@ -28,6 +28,16 @@ $img_dir	= './temp/';
 # File size max(unit KB)
 $MAX_CONTENT_SIZE =  30000;
 
+# After file is uploaded, sometimes it is required to change its permissions
+# so that it was possible to access it at the later time.
+# If possible, it is recommended to set more restrictive permissions, like 0755.
+# Set to 0 to disable this feature.
+$CHMOD_ON_UPLOAD = 0777;
+
+# See comments above.
+# Used when creating folders that does not exist.
+$CHMOD_ON_FOLDER_CREATE = 0755;
+
 # Filelock (1=use,0=not use)
 $PM{'flock'}		= '1';
 
@@ -124,9 +134,18 @@ eval("use File::Path;");
 
 	my ($FORM) = @_;
 
-
-	mkdir($img_dir,0777);
-	chmod(0777,$img_dir);
+	if (defined $CHMOD_ON_FOLDER_CREATE && !$CHMOD_ON_FOLDER_CREATE) {
+		mkdir("$img_dir");
+	}
+	else {
+		umask(000);
+		if (defined $CHMOD_ON_FOLDER_CREATE) {
+			mkdir("$img_dir",$CHMOD_ON_FOLDER_CREATE);
+		}
+		else {
+			mkdir("$img_dir",0777);
+		}
+	}
 
 	undef $img_data_exists;
 	undef @NEWFNAMES;

data/public/javascripts/fckeditor/editor/filemanager/connectors/perl/util.pl

@@ -1,6 +1,6 @@
 #####
 #  FCKeditor - The text editor for Internet - http://www.fckeditor.net
-#  Copyright (C) 2003-2007 Frederico Caldeira Knabben
+#  Copyright (C) 2003-2008 Frederico Caldeira Knabben
 #
 #  == BEGIN LICENSE ==
 #

data/public/javascripts/fckeditor/editor/filemanager/connectors/py/config.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 """
  * FCKeditor - The text editor for Internet - http://www.fckeditor.net
- * Copyright (C) 2003-2007 Frederico Caldeira Knabben
+ * Copyright (C) 2003-2008 Frederico Caldeira Knabben
  *
  * == BEGIN LICENSE ==
  *
@@ -19,51 +19,62 @@
  *
  * == END LICENSE ==
  *
- * Configuration file for the File Manager Connector for Python 
+ * Configuration file for the File Manager Connector for Python
 """
 
-# INSTALLATION NOTE: You must set up your server enviroment accordingly to run 
+# INSTALLATION NOTE: You must set up your server environment accordingly to run
 # python scripts. This connector requires Python 2.4 or greater.
-# 
-# Supported operation modes: 
-#  * WSGI (recommended): You'll need apache + mod_python + modpython_gateway 
+#
+# Supported operation modes:
+#  * WSGI (recommended): You'll need apache + mod_python + modpython_gateway
 #                        or any web server capable of the WSGI python standard
-#  * Plain Old CGI:      Any server capable of running standartd python scripts
+#  * Plain Old CGI:      Any server capable of running standard python scripts
 #                        (although mod_python is recommended for performance)
 #                        This was the previous connector version operation mode
 #
-# If you're using Apache web server, replace the htaccess.txt to to .htaccess, 
+# If you're using Apache web server, replace the htaccess.txt to to .htaccess,
 # and set the proper options and paths.
 # For WSGI and mod_python, you may need to download modpython_gateway from:
-# http://projects.amor.org/misc/svn/modpython_gateway.py and copy it in this 
+# http://projects.amor.org/misc/svn/modpython_gateway.py and copy it in this
 # directory.
 
-   
-# SECURITY: You must explicitelly enable this "connector". (Set it to "True").
-# WARNING: don't just set "ConfigIsEnabled = True", you must be sure that only 
+
+# SECURITY: You must explicitly enable this "connector". (Set it to "True").
+# WARNING: don't just set "ConfigIsEnabled = True", you must be sure that only
 #		authenticated users can access this file or use some kind of session checking.
 Enabled = False
 
 # Path to user files relative to the document root.
-UserFilesPath = '/userfiles/' 
+UserFilesPath = '/userfiles/'
 
 # Fill the following value it you prefer to specify the absolute path for the
-# user files directory. Usefull if you are using a virtual directory, symbolic
+# user files directory. Useful if you are using a virtual directory, symbolic
 # link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
 # Attention: The above 'UserFilesPath' must point to the same directory.
 # WARNING: GetRootPath may not work in virtual or mod_python configurations, and
 # may not be thread safe. Use this configuration parameter instead.
-UserFilesAbsolutePath = '' 
+UserFilesAbsolutePath = ''
 
-# Due to security issues with Apache modules, it is reccomended to leave the
+# Due to security issues with Apache modules, it is recommended to leave the
 # following setting enabled.
-ForceSingleExtension = True 
+ForceSingleExtension = True
 
 # What the user can do with this connector
-ConfigAllowedCommands = [ 'QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder' ] 
+ConfigAllowedCommands = [ 'QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder' ]
 
 # Allowed Resource Types
-ConfigAllowedTypes = ['File', 'Image', 'Flash', 'Media'] 
+ConfigAllowedTypes = ['File', 'Image', 'Flash', 'Media']
+
+# After file is uploaded, sometimes it is required to change its permissions
+# so that it was possible to access it at the later time.
+# If possible, it is recommended to set more restrictive permissions, like 0755.
+# Set to 0 to disable this feature.
+# Note: not needed on Windows-based servers.
+ChmodOnUpload = 0755
+
+# See comments above.
+# Used when creating folders that does not exist.
+ChmodOnFolderCreate = 0755
 
 # Do not touch this 3 lines, see "Configuration settings for each Resource Type"
 AllowedExtensions = {}; DeniedExtensions = {};
@@ -72,55 +83,55 @@ QuickUploadPath = {}; QuickUploadAbsolutePath = {};
 
 #	Configuration settings for each Resource Type
 #
-#	- AllowedExtensions: the possible extensions that can be allowed. 
+#	- AllowedExtensions: the possible extensions that can be allowed.
 #		If it is empty then any file type can be uploaded.
-#	- DeniedExtensions: The extensions that won't be allowed. 
+#	- DeniedExtensions: The extensions that won't be allowed.
 #		If it is empty then no restrictions are done here.
 #
-#	For a file to be uploaded it has to fullfil both the AllowedExtensions
+#	For a file to be uploaded it has to fulfill both the AllowedExtensions
 #	and DeniedExtensions (that's it: not being denied) conditions.
 #
 #	- FileTypesPath: the virtual folder relative to the document root where
-#		these resources will be located. 
+#		these resources will be located.
 #		Attention: It must start and end with a slash: '/'
 #
 #	- FileTypesAbsolutePath: the physical path to the above folder. It must be
-#		an absolute path. 
+#		an absolute path.
 #		If it's an empty string then it will be autocalculated.
-#		Usefull if you are using a virtual directory, symbolic link or alias. 
+#		Useful if you are using a virtual directory, symbolic link or alias.
 #		Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
 #		Attention: The above 'FileTypesPath' must point to the same directory.
 #		Attention: It must end with a slash: '/'
 #
 #
 #	- QuickUploadPath: the virtual folder relative to the document root where
-#		these resources will be uploaded using the Upload tab in the resources 
+#		these resources will be uploaded using the Upload tab in the resources
 #		dialogs.
 #		Attention: It must start and end with a slash: '/'
 #
 #	- QuickUploadAbsolutePath: the physical path to the above folder. It must be
-#		an absolute path. 
+#		an absolute path.
 #		If it's an empty string then it will be autocalculated.
-#		Usefull if you are using a virtual directory, symbolic link or alias. 
+#		Useful if you are using a virtual directory, symbolic link or alias.
 #		Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
 #		Attention: The above 'QuickUploadPath' must point to the same directory.
 #		Attention: It must end with a slash: '/'
 
 AllowedExtensions['File'] 		= ['7z','aiff','asf','avi','bmp','csv','doc','fla','flv','gif','gz','gzip','jpeg','jpg','mid','mov','mp3','mp4','mpc','mpeg','mpg','ods','odt','pdf','png','ppt','pxd','qt','ram','rar','rm','rmi','rmvb','rtf','sdc','sitd','swf','sxc','sxw','tar','tgz','tif','tiff','txt','vsd','wav','wma','wmv','xls','xml','zip']
 DeniedExtensions['File'] 		= []
-FileTypesPath['File'] 			= UserFilesPath + 'file/' 
+FileTypesPath['File'] 			= UserFilesPath + 'file/'
 FileTypesAbsolutePath['File'] 	= (not UserFilesAbsolutePath == '') and (UserFilesAbsolutePath + 'file/') or ''
 QuickUploadPath['File']			= FileTypesPath['File']
 QuickUploadAbsolutePath['File']	= FileTypesAbsolutePath['File']
 
-AllowedExtensions['Image']		= ['bmp','gif','jpeg','jpg','png','psd','tif','tiff']
+AllowedExtensions['Image']		= ['bmp','gif','jpeg','jpg','png']
 DeniedExtensions['Image']		= []
-FileTypesPath['Image']			= UserFilesPath + 'image/' 
+FileTypesPath['Image']			= UserFilesPath + 'image/'
 FileTypesAbsolutePath['Image']	= (not UserFilesAbsolutePath == '') and UserFilesAbsolutePath + 'image/' or ''
 QuickUploadPath['Image']		= FileTypesPath['Image']
 QuickUploadAbsolutePath['Image']= FileTypesAbsolutePath['Image']
 
-AllowedExtensions['Flash']		= ['swf','fla']
+AllowedExtensions['Flash']		= ['swf','flv']
 DeniedExtensions['Flash']		= []
 FileTypesPath['Flash']			= UserFilesPath + 'flash/'
 FileTypesAbsolutePath['Flash']	= ( not UserFilesAbsolutePath == '') and UserFilesAbsolutePath + 'flash/' or ''