source: trunk/unsupported_plugins/ExtendedFileManager/config.inc.php @ 1366

Last change on this file since 1366 was 1366, checked in by gogo, 18 months ago

Move ExtendedFileManager? and ImageManager? into unsupported_plugins to deprecate.

Add a .htaccess file which denies access to some unsupported_plugins which may have security vulnerabilities (eg, ImageManager? and ExtendedFileManager?)

  • Property svn:keywords set to LastChangedDate LastChangedRevision LastChangedBy HeadURL Id
File size: 12.6 KB
Line 
1<?php
2
3  die('Developer, this plugin ExtendedFileManager has been deprecated.  You are STRONGLY advised to use MootoolsFileManager plugin instead.  If you really must continue using this plugin, please edit xinha/unsupported_plugins/ExtendedFileManager/config.php to remove this notice.');
4
5/**
6 * ExtendedFileManager configuration file.
7 * Authors: Wei Zhuo, Afru
8 * Version: Updated on 08-01-2005 by Afru
9 * Version 1.1.2: Updated on 04-07-2006 by Krzysztof Kotowicz <koto@webworkers.pl>
10 * Package: ExtendedFileManager
11 * http://www.afrusoft.com/htmlarea
12 */
13
14/*  Configuration file usage:
15 *      There are two insertModes for this filemanager.
16 *      One is "image" and another is "link".
17 *      So you can assign config values as below
18 *
19 *      if($insertMode=="image") $IMConfig['property']=somevalueforimagemode;
20 *      else if($insertMode=="link") $IMConfig['property']=somevalueforlinkmode;
21 *
22 *      (or) you can directly as $IMConfig['property']=somevalueforbothmodes;
23 *
24 *      Best of Luck :) Afru.
25 */
26 
27/*
28 *      Getting the mode for further differentiation
29 */
30
31if(isset($_REQUEST['mode'])) $insertMode=$_REQUEST['mode'];
32        if(!isset($insertMode)) $insertMode="image";
33
34/**
35* Default backend URL
36*
37* URL to use for unified backend.
38*
39* The ?__plugin=ExtendedFileManager& is required.
40*/
41
42$IMConfig['backend_url'] = "backend.php?__plugin=ExtendedFileManager&";
43
44/**
45* Backend Installation Directory
46*
47* location of backend install; these are used to link to css and js
48* assets because we may have the front end installed in a different
49* directory than the backend. (i.e. nothing assumes that the frontend
50* and the backend are in the same directory)
51*/
52$IMConfig['base_dir'] = getcwd();
53$IMConfig['base_url'] = '';
54
55
56/*
57         File system path to the directory you want to manage the images
58         for multiple user systems, set it dynamically.
59
60         NOTE: This directory requires write access by PHP. That is,
61                   PHP must be able to create files in this directory.
62                   Able to create directories is nice, but not necessary.
63*/
64$IMConfig['images_dir'] = 'demo_images';
65//You may set a different directory for the link mode; if you don't, the above setting will be used for both modes
66//$IMConfig['files_dir'] = 'demo_files';
67
68/*
69 The URL to the above path, the web browser needs to be able to see it.
70 Please remove scripting capabilities in this directory
71 for this directory (i.e. disable PHP, Perl, CGI; see .htaccess file in demo_images folder).
72*/
73$IMConfig['images_url'] = str_replace( array("backend.php","manager.php"), "", $_SERVER["PHP_SELF"] ) . $IMConfig['images_dir'];
74//$IMConfig['files_url'] = 'url/to/files_dir';
75
76/*
77  Format of the Date Modified in list view.
78  It has to be a string understood by the PHP date() function (for possible values see http://http://php.net/manual/en/function.date.php)
79*/
80$IMConfig['date_format'] = "d.m.y H:i";
81/*
82  Possible values: true, false
83
84  TRUE - If PHP on the web server is in safe mode, set this to true.
85         SAFE MODE restrictions: directory creation will not be possible,
86                 only the GD library can be used, other libraries require
87                 Safe Mode to be off.
88
89  FALSE - Set to false if PHP on the web server is not in safe mode.
90*/
91$IMConfig['safe_mode'] = false;
92
93/*
94This specifies whether any image library is available to resize and edit images.TRUE - Thumbnails will be resized by image libraries and if there is no library, default thumbnail will be shown.
95FALSE - Thumbnails will be resized by browser ignoring image libraries.
96*/
97$IMConfig['img_library'] = true;
98
99
100/*
101View type when the File manager is in insert image mode.
102Valid values are "thumbview" and "listview".
103*/
104
105   
106if ($insertMode == 'image')
107        $IMConfig['view_type'] = "thumbview";
108       
109else if($insertMode == "link")
110        $IMConfig['view_type'] = "listview";
111
112$IMConfig['insert_mode'] = $insertMode;
113
114/*
115 Possible values: 'GD', 'IM', or 'NetPBM'
116
117 The image manipulation library to use, either GD or ImageMagick or NetPBM.
118 If you have safe mode ON, or don't have the binaries to other packages,
119 your choice is 'GD' only. Other packages require Safe Mode to be off.
120*/
121define('IMAGE_CLASS', 'GD');
122
123
124/*
125 After defining which library to use, if it is NetPBM or IM, you need to
126 specify where the binary for the selected library are. And of course
127 your server and PHP must be able to execute them (i.e. safe mode is OFF).
128 GD does not require the following definition.
129*/
130define('IMAGE_TRANSFORM_LIB_PATH', '/usr/bin/');
131//define('IMAGE_TRANSFORM_LIB_PATH', 'C:/"Program Files"/ImageMagick-5.5.7-Q16/');
132
133
134/*
135  The prefix for thumbnail files, something like .thumb will do. The
136  thumbnails files will be named as "prefix_imagefile.ext", that is,
137  prefix + orginal filename.
138*/
139$IMConfig['thumbnail_prefix'] = 't_';
140
141
142/*
143  Thumbnail can also be stored in a directory, this directory
144  will be created by PHP. If PHP is in safe mode, this parameter
145  is ignored, you can not create directories.
146
147  If you do not want to store thumbnails in a directory, set this
148  to false or empty string '';
149*/
150$IMConfig['thumbnail_dir'] = 't';
151
152/**
153 * Resize files, or not.  If the dimensions for an image are changed
154 * this will control if the image is actually resized. 
155 *
156 * Usually you want this true, unless you are very disk space concious.
157 */
158 
159$IMConfig['resize_files'] = true;
160
161/**
162* Resized prefix
163*
164* The prefix for resized files, something like .resized will do.  The
165* resized files will be named <prefix>_<width>x<height>_<original>
166* resized files are created when one changes the dimensions of an image
167* in the image manager selection dialog - the image is scaled when the
168* user clicks the ok button.
169*/
170
171$IMConfig['resized_prefix'] = '.resized';
172
173// -------------------------------------------------------------------------
174
175/**
176* Resized Directory
177*
178* Resized images may also be stored in a directory, except in safe mode.
179*/
180
181$IMConfig['resized_dir'] = '';
182
183/*
184  Possible values: true, false
185
186 TRUE -  Allow the user to create new sub-directories in the
187         $IMConfig['images_dir']/$IMConfig['files_dir'].
188
189 FALSE - No directory creation.
190
191 NOTE: If $IMConfig['safe_mode'] = true, this parameter
192       is ignored, you can not create directories
193*/
194$IMConfig['allow_new_dir'] = false;
195
196/*
197  Possible values: true, false
198
199 TRUE -  Allow the user to edit image by image editor.
200
201 FALSE - No edit icon will be displayed.
202
203 NOTE: If $IMConfig['img_library'] = false, this parameter
204       is ignored, you can not edit images.
205*/
206$IMConfig['allow_edit_image'] = false;
207
208/*
209  Possible values: true, false
210
211 TRUE -  Allow the user to rename files and folders.
212
213 FALSE - No rename icon will be displayed.
214
215*/
216$IMConfig['allow_rename'] = false;
217
218/*
219  Possible values: true, false
220
221 TRUE -  Allow the user to perform cut/copy/paste actions.
222
223 FALSE - No cut/copy/paste icons will be displayed.
224
225*/
226$IMConfig['allow_cut_copy_paste'] = false;
227
228/*
229  Possible values: true, false
230
231 TRUE -  Allow the user to delete files and folders.
232
233 FALSE - No delete icon will be displayed.
234
235*/
236$IMConfig['allow_delete'] = false;
237
238/*
239  Possible values: true, false
240
241  TRUE - Display color pickers for image background / border colors
242
243  FALSE - Don't display color pickers
244*/
245$IMConfig['use_color_pickers'] = true;
246
247/*
248  Possible values: true, false
249
250 TRUE -  Allow the user to set alt (alternative text) attribute.
251
252 FALSE - No input field for alt attribute will be displayed.
253
254 NOTE: The alt attribute is _obligatory_ for images, so <img alt="" /> will be inserted
255      if 'images_enable_alt' is set to false
256*/
257$IMConfig['images_enable_alt'] = true;
258
259/*
260  Possible values: true, false
261
262 TRUE -  Allow the user to set title attribute (usually displayed when mouse is over element).
263
264 FALSE - No input field for title attribute will be displayed.
265
266*/
267$IMConfig['images_enable_title'] = false;
268
269/*
270  Possible values: true, false
271
272 TRUE -  Allow the user to set align attribute.
273
274 FALSE - No selection box for align attribute will be displayed.
275
276*/
277$IMConfig['images_enable_align'] = true;
278
279/*
280  Possible values: true, false
281
282 TRUE -  Allow the user to set margin, padding, and border styles for the image
283
284 FALSE - No styling input fields will be displayed.
285
286*/
287$IMConfig['images_enable_styling'] = true;
288
289/*
290  Possible values: true, false
291
292 TRUE -   Allow the user to set target attribute for link (the window in which the link will be opened).
293
294 FALSE - No selection box for target attribute will be displayed.
295
296*/
297$IMConfig['link_enable_target'] = true;
298/*
299  Possible values: true, false
300
301  TRUE - Allow the user to upload files.
302
303  FALSE - No uploading allowed.
304*/
305$IMConfig['allow_upload'] = false;
306
307/* Maximum upload file size
308
309  Possible values: number, "max"
310
311  number - maximum size in Kilobytes.
312
313  "max"  - the maximum allowed by the server (the value is retrieved from the server configuration).
314*/
315$IMConfig['max_filesize_kb_image'] = 200;
316
317$IMConfig['max_filesize_kb_link'] = 5000;
318
319/* Maximum upload folder size in Megabytes. Use 0 to disable limit */
320$IMConfig['max_foldersize_mb'] = 0;
321
322/*
323Allowed extensions that can be shown and allowed to upload.
324Available icons are for "doc,fla,gif,gz,html,jpg,js,mov,pdf,php,png,ppt,rar,txt,xls,zip"
325-Changed by AFRU.
326*/
327
328$IMConfig['allowed_image_extensions'] = array("jpg","gif","png","bmp");
329$IMConfig['allowed_link_extensions'] = array("jpg","gif","js","php","pdf","zip","txt","psd","png","html","swf","xml","xls","doc");
330
331
332/*
333 The default thumbnail and list view icon in case thumbnails are not created and the files are of unknown.
334*/
335$IMConfig['default_thumbnail'] = 'icons/def.gif';
336$IMConfig['default_listicon'] = 'icons/def_small.gif';
337
338
339/*
340Only files with these extensions will be shown as thumbnails. All other files will be shown as icons.
341*/
342$IMConfig['thumbnail_extensions'] = array("jpg", "gif", "png", "bmp");
343
344/*
345  Thumbnail dimensions.
346*/
347$IMConfig['thumbnail_width'] = 84;
348$IMConfig['thumbnail_height'] = 84;
349
350/*
351  Image Editor temporary filename prefix.
352*/
353$IMConfig['tmp_prefix'] = '.editor_';
354
355
356// Standard PHP Backend Data Passing
357//  if data was passed using xinha_pass_to_php_backend() we merge the items
358//  provided into the Config
359require_once(realpath(dirname(__FILE__) . '/../../contrib/php-xinha.php'));
360if($passed_data = xinha_read_passed_data())
361{
362  $IMConfig = array_merge($IMConfig, $passed_data);
363  $IMConfig['backend_url'] .= xinha_passed_data_querystring() . '&';
364}
365// Deprecated config passing, don't use this way any more!
366elseif(isset($_REQUEST['backend_config']))
367{
368  if(get_magic_quotes_gpc()) {
369    $_REQUEST['backend_config'] = stripslashes($_REQUEST['backend_config']);
370  }
371 
372  if($_REQUEST['backend_config_secret_key_location'] !== 'Xinha:ExtendedFileManager')
373  {
374    trigger_error('Programming Error - please contact the website administrator/programmer to alert them to this problem. A non-default backend key location is being used to pass backend data to Xinha, but the same key location is not being used to receive data.  The special backend configuration has been ignored.  To resolve this, you should edit plugins/ExtendedFileManager/config.php and change the default key location from "Xinha:ExtendedFileManager" to your desired non default.  See: http://trac.xinha.org/ticket/1518', E_USER_ERROR);   
375  }
376  else
377  {
378  // Config specified from front end, check that it's valid
379  session_start();
380  if (!array_key_exists($_REQUEST['backend_config_secret_key_location'], $_SESSION))
381    die("Backend security error.");
382
383  $secret = $_SESSION[$_REQUEST['backend_config_secret_key_location']];
384
385  if($_REQUEST['backend_config_hash'] !== sha1($_REQUEST['backend_config'] . $secret))
386  {
387    die("Backend security error.");
388  }
389
390  $to_merge = unserialize($_REQUEST['backend_config']);
391  if(!is_array($to_merge))
392  {
393    die("Backend config syntax error.");
394  }
395
396  $IMConfig = array_merge($IMConfig, $to_merge);
397
398   // changed config settings keys in relation to ImageManager
399  $IMConfig['backend_url'] .= "backend_config=" . rawurlencode($_REQUEST['backend_config']) . '&';
400  $IMConfig['backend_url'] .= "backend_config_hash=" . rawurlencode($_REQUEST['backend_config_hash']) . '&';
401  $IMConfig['backend_url'] .= "backend_config_secret_key_location=" . rawurlencode($_REQUEST['backend_config_secret_key_location']) . '&';
402  }
403}
404if ($IMConfig['max_filesize_kb_link'] == "max")
405{
406  $IMConfig['max_filesize_kb_link'] = upload_max_filesize_kb();
407}
408
409if ($IMConfig['max_filesize_kb_image'] == "max")
410{
411  $IMConfig['max_filesize_kb_image'] = upload_max_filesize_kb();
412}
413// END
414
415?>
Note: See TracBrowser for help on using the repository browser.