1 20 21 33 package info.magnolia.cms.gui.fckeditor; 34 35 import info.magnolia.cms.beans.runtime.Document; 36 import info.magnolia.cms.core.Path; 37 import info.magnolia.cms.servlets.ContextSensitiveServlet; 38 import info.magnolia.cms.util.RequestFormUtil; 39 40 import java.io.File ; 41 import java.io.IOException ; 42 import java.io.PrintWriter ; 43 import java.util.ArrayList ; 44 import java.util.Hashtable ; 45 46 import javax.servlet.ServletException ; 47 import javax.servlet.http.HttpServletRequest ; 48 import javax.servlet.http.HttpServletResponse ; 49 50 import org.apache.commons.io.FileUtils; 51 import org.safehaus.uuid.UUIDGenerator; 52 import org.slf4j.Logger; 53 import org.slf4j.LoggerFactory; 54 55 56 62 63 public class FCKEditorSimpleUploadServlet extends ContextSensitiveServlet { 64 65 private static final long serialVersionUID = -8512828615271068088L; 66 67 private static Logger log = LoggerFactory.getLogger(FCKEditorSimpleUploadServlet.class); 68 69 private static Hashtable allowedExtensions; 70 71 private static Hashtable deniedExtensions; 72 73 79 public void init() throws ServletException { 80 allowedExtensions = new Hashtable (3); 81 deniedExtensions = new Hashtable (3); 82 83 allowedExtensions.put("file", stringToArrayList(getInitParameter("AllowedExtensionsFile"))); 84 deniedExtensions.put("file", stringToArrayList(getInitParameter("DeniedExtensionsFile"))); 85 86 allowedExtensions.put("image", stringToArrayList(getInitParameter("AllowedExtensionsImage"))); 87 deniedExtensions.put("image", stringToArrayList(getInitParameter("DeniedExtensionsImage"))); 88 89 allowedExtensions.put("flash", stringToArrayList(getInitParameter("AllowedExtensionsFlash"))); 90 deniedExtensions.put("flash", stringToArrayList(getInitParameter("DeniedExtensionsFlash"))); 91 } 92 93 101 public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException , IOException { 102 super.doPost(request, response); 103 response.setContentType("text/html; charset=UTF-8"); 104 response.setHeader("Cache-Control", "no-cache"); 105 PrintWriter out = response.getWriter(); 106 107 String typeStr = request.getParameter("type"); 108 109 String retVal = "0"; 110 String newName = ""; 111 String fileUrl = ""; 112 String errorMessage = ""; 113 114 RequestFormUtil form = new RequestFormUtil(request); 115 116 Document doc = form.getDocument("NewFile"); 117 118 if (extIsAllowed(typeStr, doc.getExtension())) { 119 120 try { 121 String uuid = UUIDGenerator.getInstance().generateTimeBasedUUID().toString(); 123 FileUtils.copyFileToDirectory(doc.getFile(), new File (Path.getTempDirectoryPath() 124 + "/fckeditor/" 125 + uuid)); 126 doc.delete(); 127 128 doc = new Document(new File (Path.getTempDirectoryPath() 130 + "/fckeditor/" 131 + uuid 132 + "/" 133 + doc.getFile().getName()), doc.getType()); 134 135 FCKEditorTmpFiles.addDocument(doc, uuid); 137 138 fileUrl = request.getContextPath() + "/tmp/fckeditor/" + uuid + "/" + doc.getFile().getName(); 140 141 } 142 catch (Exception ex) { 143 log.error("can't upload the file", ex); 144 retVal = "203"; 145 } 146 147 } 148 else { 149 log.info("Tried to upload a not allowed file [" + doc.getFileNameWithExtension() + "]"); 150 retVal = "202"; 151 errorMessage = ""; 152 } 153 154 out.println("<script type=\"text/javascript\">"); 155 out.println("window.parent.OnUploadCompleted(" 156 + retVal 157 + ",'" 158 + fileUrl 159 + "','" 160 + newName 161 + "','" 162 + errorMessage 163 + "');"); 164 out.println("</script>"); 165 out.flush(); 166 out.close(); 167 } 168 169 172 173 private ArrayList stringToArrayList(String str) { 174 String [] strArr = str.split("\\|"); 175 176 ArrayList tmp = new ArrayList (); 177 if (str.length() > 0) { 178 for (int i = 0; i < strArr.length; ++i) { 179 tmp.add(strArr[i].toLowerCase()); 180 } 181 } 182 return tmp; 183 } 184 185 188 189 private boolean extIsAllowed(String fileType, String ext) { 190 191 ext = ext.toLowerCase(); 192 193 ArrayList allowList = (ArrayList ) allowedExtensions.get(fileType); 194 ArrayList denyList = (ArrayList ) deniedExtensions.get(fileType); 195 196 if (allowList.size() == 0) { 197 if (denyList.contains(ext)) { 198 return false; 199 } 200 return true; 201 202 } 203 204 if (denyList.size() == 0) { 205 if (allowList.contains(ext)) { 206 return true; 207 } 208 return false; 209 210 } 211 212 return false; 213 } 214 } 215 | Popular Tags |