Пример #1
0
  @Override
  public void init() throws ServletException {
    ServletContextFactory.setServletContext(getServletContext());
    IConfiguration configuration = null;
    try {
      String className = getServletConfig().getInitParameter("configuration");
      if (className != null) {
        Class<?> clazz = Class.forName(className);

        if (clazz.getConstructor(ServletConfig.class) != null) {
          configuration =
              (IConfiguration)
                  clazz.getConstructor(ServletConfig.class).newInstance(getServletConfig());

        } else {
          configuration = (IConfiguration) clazz.newInstance();
        }
      } else {
        configuration = new Configuration(getServletConfig());
      }
    } catch (Exception e) {
      configuration = new Configuration(getServletConfig());
    }
    try {
      configuration.init();
      AccessControlUtil.getInstance(configuration).loadACLConfig();
    } catch (Exception e) {
      if (Boolean.valueOf(getServletConfig().getInitParameter("debug"))) {
        e.printStackTrace();
      }
      this.startException = e;
      configuration = null;
    }
    ConfigurationFactory.getInstace().setConfiguration(configuration);
  }
Пример #2
0
 /*     */ private void validate() /*     */ throws ConnectorException /*     */ {
   /* 158 */ if (!(this.configuration.getThumbsEnabled())) {
     /* 159 */ throw new ConnectorException(501);
     /*     */ }
   /*     */
   /* 163 */ if (!(AccessControlUtil.getInstance(this.configuration)
       .checkFolderACL(this.type, this.currentFolder, this.userRole, 16)))
   /*     */ {
     /* 166 */ throw new ConnectorException(103);
     /*     */ }
   /*     */
   /* 170 */ if (!(FileUtils.checkFileName(this.fileName))) {
     /* 171 */ throw new ConnectorException(109);
     /*     */ }
   /*     */
   /* 175 */ if (FileUtils.checkIfFileIsHidden(this.fileName, this.configuration)) {
     /* 176 */ throw new ConnectorException(117);
     /*     */ }
   /*     */
   /* 180 */ File typeThumbDir =
       new File(this.configuration.getThumbsPath() + File.separator + this.type);
   /*     */ try
   /*     */ {
     /* 184 */ this.fullCurrentPath = typeThumbDir.getAbsolutePath() + this.currentFolder;
     /*     */
     /* 186 */ if (!(typeThumbDir.exists()))
       /* 187 */ FileUtils.mkdir(typeThumbDir, this.configuration);
     /*     */ }
   /*     */ catch (SecurityException e) {
     /* 190 */ throw new ConnectorException(104, e);
     /*     */ }
   /*     */ }
  /**
   * validate parameters and rights.
   *
   * @throws ConnectorException if validation fails.
   */
  private void validate() throws ConnectorException {

    if (!this.configuration.getThumbsEnabled()) {
      throw new ConnectorException(Constants.Errors.CKFINDER_CONNECTOR_ERROR_THUMBNAILS_DISABLED);
    }

    if (!AccessControlUtil.getInstance(this.configuration)
        .checkFolderACL(
            this.type,
            this.currentFolder,
            this.userRole,
            AccessControlUtil.CKFINDER_CONNECTOR_ACL_FILE_VIEW)) {
      throw new ConnectorException(Constants.Errors.CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
    }

    if (!FileUtils.checkFileName(this.fileName)) {
      throw new ConnectorException(Constants.Errors.CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
    }

    if (FileUtils.checkIfFileIsHidden(this.fileName, this.configuration)) {
      throw new ConnectorException(Constants.Errors.CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
    }

    File typeThumbDir = new File(configuration.getThumbsPath() + File.separator + type);

    try {
      this.fullCurrentPath = typeThumbDir.getAbsolutePath() + currentFolder;
      if (!typeThumbDir.exists()) {
        FileUtils.mkdir(typeThumbDir, configuration);
      }
    } catch (SecurityException e) {
      throw new ConnectorException(Constants.Errors.CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED, e);
    }
  }
  @Override
  protected int getDataForXml() {
    if (!AccessControlUtil.getInstance(configuration)
        .checkFolderACL(
            this.type,
            this.currentFolder,
            this.userRole,
            AccessControlUtil.CKFINDER_CONNECTOR_ACL_FILE_RENAME
                | AccessControlUtil.CKFINDER_CONNECTOR_ACL_FILE_DELETE
                | AccessControlUtil.CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) {
      return Constants.Errors.CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED;
    }

    try {
      return copyFiles();
    } catch (Exception e) {
      this.exception = e;
    }
    // this code should never be reached
    return Constants.Errors.CKFINDER_CONNECTOR_ERROR_UNKNOWN;
  }
Пример #5
0
 @Override
 protected Configuration createConfigurationInstance() {
   Principal principal = (Principal) UserUtils.getPrincipal();
   if (principal == null) {
     return new CKFinderConfig(this.servletConf);
   }
   boolean isView = true; // UserUtils.getSubject().isPermitted("cms:ckfinder:view");
   boolean isUpload = true; // UserUtils.getSubject().isPermitted("cms:ckfinder:upload");
   boolean isEdit = true; // UserUtils.getSubject().isPermitted("cms:ckfinder:edit");
   AccessControlLevel alc = this.getAccessConrolLevels().get(0);
   alc.setFolderView(isView);
   alc.setFolderCreate(isEdit);
   alc.setFolderRename(isEdit);
   alc.setFolderDelete(isEdit);
   alc.setFileView(isView);
   alc.setFileUpload(isUpload);
   alc.setFileRename(isEdit);
   alc.setFileDelete(isEdit);
   //		for (AccessControlLevel a : this.getAccessConrolLevels()){
   //			System.out.println(a.getRole()+", "+a.getResourceType()+", "+a.getFolder()
   //					+", "+a.isFolderView()+", "+a.isFolderCreate()+", "+a.isFolderRename()+",
   // "+a.isFolderDelete()
   //					+", "+a.isFileView()+", "+a.isFileUpload()+", "+a.isFileRename()+", "+a.isFileDelete());
   //		}
   AccessControlUtil.getInstance(this).loadACLConfig();
   try {
     //			Principal principal = (Principal)SecurityUtils.getSubject().getPrincipal();
     //			this.baseURL =
     // ServletContextFactory.getServletContext().getContextPath()+"/userfiles/"+principal+"/";
     this.baseURL =
         FileUtils.path(
             Servlets.getRequest().getContextPath() + Global.USERFILES_BASE_URL + principal + "/");
     this.baseDir =
         FileUtils.path(
             Global.getUserfilesBaseDir() + Global.USERFILES_BASE_URL + principal + "/");
   } catch (Exception e) {
     throw new RuntimeException(e);
   }
   return new CKFinderConfig(this.servletConf);
 }
  /**
   * copy files from request.
   *
   * @return error code
   * @throws IOException when ioexception in debug mode occurs
   */
  private int copyFiles() throws IOException {
    this.filesCopied = 0;
    this.addCopyNode = false;
    for (FilePostParam file : files) {

      if (!FileUtils.checkFileName(file.getName())) {
        return Constants.Errors.CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST;
      }

      if (Pattern.compile(Constants.INVALID_PATH_REGEX).matcher(file.getFolder()).find()) {
        return Constants.Errors.CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST;
      }
      if (configuration.getTypes().get(file.getType()) == null) {
        return Constants.Errors.CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST;
      }
      if (file.getFolder() == null || file.getFolder().equals("")) {
        return Constants.Errors.CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST;
      }
      if (FileUtils.checkFileExtension(file.getName(), this.configuration.getTypes().get(this.type))
          == 1) {
        creator.appendErrorNodeChild(
            Constants.Errors.CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION,
            file.getName(),
            file.getFolder(),
            file.getType());
        continue;
      }
      // check #4 (extension) - when moving to another resource type,
      // double check extension
      if (!this.type.equals(file.getType())) {
        if (FileUtils.checkFileExtension(
                file.getName(), this.configuration.getTypes().get(file.getType()))
            == 1) {
          creator.appendErrorNodeChild(
              Constants.Errors.CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION,
              file.getName(),
              file.getFolder(),
              file.getType());
          continue;
        }
      }
      if (FileUtils.checkIfDirIsHidden(file.getFolder(), this.configuration)) {
        return Constants.Errors.CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST;
      }

      if (FileUtils.checkIfFileIsHidden(file.getName(), this.configuration)) {
        return Constants.Errors.CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST;
      }

      if (!AccessControlUtil.getInstance(this.configuration)
          .checkFolderACL(
              file.getType(),
              file.getFolder(),
              this.userRole,
              AccessControlUtil.CKFINDER_CONNECTOR_ACL_FILE_VIEW)) {
        return Constants.Errors.CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED;
      }

      File sourceFile =
          new File(
              configuration.getTypes().get(file.getType()).getPath() + file.getFolder(),
              file.getName());
      File destFile =
          new File(
              configuration.getTypes().get(this.type).getPath() + this.currentFolder,
              file.getName());

      try {
        if (!sourceFile.exists() || !sourceFile.isFile()) {
          creator.appendErrorNodeChild(
              Constants.Errors.CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND,
              file.getName(),
              file.getFolder(),
              file.getType());
          continue;
        }
        if (!this.type.equals(file.getType())) {
          Long maxSize = configuration.getTypes().get(this.type).getMaxSize();
          if (maxSize != null && maxSize < sourceFile.length()) {
            creator.appendErrorNodeChild(
                Constants.Errors.CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG,
                file.getName(),
                file.getFolder(),
                file.getType());
            continue;
          }
        }
        if (sourceFile.equals(destFile)) {
          creator.appendErrorNodeChild(
              Constants.Errors.CKFINDER_CONNECTOR_ERROR_SOURCE_AND_TARGET_PATH_EQUAL,
              file.getName(),
              file.getFolder(),
              file.getType());
          continue;
        } else if (destFile.exists()) {
          if (file.getOptions() != null && file.getOptions().indexOf("overwrite") != -1) {
            if (!handleOverwrite(sourceFile, destFile)) {
              creator.appendErrorNodeChild(
                  Constants.Errors.CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED,
                  file.getName(),
                  file.getFolder(),
                  file.getType());
              continue;
            } else {
              this.filesCopied++;
            }
          } else if (file.getOptions() != null && file.getOptions().indexOf("autorename") != -1) {
            if (!handleAutoRename(sourceFile, destFile)) {
              creator.appendErrorNodeChild(
                  Constants.Errors.CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED,
                  file.getName(),
                  file.getFolder(),
                  file.getType());
              continue;
            } else {
              this.filesCopied++;
            }
          } else {
            creator.appendErrorNodeChild(
                Constants.Errors.CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST,
                file.getName(),
                file.getFolder(),
                file.getType());
            continue;
          }
        } else {
          if (FileUtils.copyFromSourceToDestFile(sourceFile, destFile, false, configuration)) {
            this.filesCopied++;
            copyThumb(file);
          }
        }
      } catch (SecurityException e) {
        if (configuration.isDebugMode()) {
          throw e;
        } else {
          creator.appendErrorNodeChild(
              Constants.Errors.CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED,
              file.getName(),
              file.getFolder(),
              file.getType());
          continue;
        }
      } catch (IOException e) {
        if (configuration.isDebugMode()) {
          throw e;
        } else {
          creator.appendErrorNodeChild(
              Constants.Errors.CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED,
              file.getName(),
              file.getFolder(),
              file.getType());
          continue;
        }
      }
    }
    this.addCopyNode = true;
    if (creator.hasErrors()) {
      return Constants.Errors.CKFINDER_CONNECTOR_ERROR_COPY_FAILED;
    } else {
      return Constants.Errors.CKFINDER_CONNECTOR_ERROR_NONE;
    }
  }
Пример #7
0
  @Override
  protected int getDataForXml() {

    try {
      checkParam(newFolderName);

    } catch (ConnectorException e) {
      return e.getErrorCode();
    }

    if (!checkIfTypeExists(this.type)) {
      this.type = null;
      return Constants.Errors.CKFINDER_CONNECTOR_ERROR_INVALID_TYPE;
    }

    if (!AccessControlUtil.getInstance(configuration)
        .checkFolderACL(
            this.type,
            this.currentFolder,
            this.userRole,
            AccessControlUtil.CKFINDER_CONNECTOR_ACL_FOLDER_RENAME)) {
      return Constants.Errors.CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED;
    }

    if (configuration.forceASCII()) {
      this.newFolderName = FileUtils.convertToASCII(this.newFolderName);
    }

    if (FileUtils.checkIfDirIsHidden(this.newFolderName, configuration)
        || !FileUtils.checkFolderName(this.newFolderName, configuration)) {
      return Constants.Errors.CKFINDER_CONNECTOR_ERROR_INVALID_NAME;
    }

    if (this.currentFolder.equals("/")) {
      return Constants.Errors.CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST;
    }

    File dir = new File(configuration.getTypes().get(this.type).getPath() + this.currentFolder);
    try {
      if (!dir.isDirectory()) {
        return Constants.Errors.CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST;
      }
      setNewFolder();
      File newDir =
          new File(configuration.getTypes().get(this.type).getPath() + this.newFolderPath);
      if (newDir.exists()) {
        return Constants.Errors.CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST;
      }
      if (dir.renameTo(newDir)) {
        renameThumb();
      } else {
        return Constants.Errors.CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED;
      }
    } catch (SecurityException e) {
      if (configuration.isDebugMode()) {
        throw e;
      } else {
        return Constants.Errors.CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED;
      }
    }

    return Constants.Errors.CKFINDER_CONNECTOR_ERROR_NONE;
  }