System information:
CKFinder 1.4.2
Coldfusion MX 7
Windows Server 2003 R2
Bug 1: Temporary files not deleted after upload
Reason: Paths constructed incorrectly in FileUpload.cfc
The following call:
has two errors, though it is somewhat dependent on implementation.
CFFILE.Serverdirectory returns a path using back-slashes and this is adding a forward slash into the path, meaning the call to <cffile action="delete"...> on the temporary file will err out. Additionally, "currentFolderServerPath " already has a trailing slash (from currentFolder.getServerPath()), so there is a double forward slash right before the filename in the constructed path, leading to another error.
Permanent Fix: use one type of path or another and convert all paths to that format
Temporary fix:
in core/connector/cfm/CommandHandler/FileUpload.cfc
replace
with
Bug 2: File permissions error in multi-user windows system on uploaded files
Reason: File permissions from temporary directory are carried over to final directory.
We use CKFinder on a sever running several domains and Plesk. The Image folder has inheritable permissions giving read, write, and delete access to the IUSR_user (anonymous IIS user) created by Plesk. When a file is moved from the default Coldfusion temporary directory the the destination, the file permissions on the file are the permissions from the temporary directory and the domain anonymous internet user cannot connect without authentication.
Permanent Fix: Use copy/delete to move the temp file instead of the move command. A new file created in a directory will inherit the permissions correctly. Move will literally just change the directory entry and not touch the file permissions.
Temporary Fix: Follow the recommendation in config.cfm and set config.tempDirectory to a folder that has the correct inheritable permissions.
CKFinder 1.4.2
Coldfusion MX 7
Windows Server 2003 R2
Bug 1: Temporary files not deleted after upload
Reason: Paths constructed incorrectly in FileUpload.cfc
The following call:
<cfset fileSystem.moveTempFile(CFFILE.ServerDirectory & "/" & CFFILE.ServerFile, currentFolderServerPath & "/" & fileName)>
has two errors, though it is somewhat dependent on implementation.
CFFILE.Serverdirectory returns a path using back-slashes and this is adding a forward slash into the path, meaning the call to <cffile action="delete"...> on the temporary file will err out. Additionally, "currentFolderServerPath " already has a trailing slash (from currentFolder.getServerPath()), so there is a double forward slash right before the filename in the constructed path, leading to another error.
Permanent Fix: use one type of path or another and convert all paths to that format
Temporary fix:
in core/connector/cfm/CommandHandler/FileUpload.cfc
replace
<cfif imageMaxWidth gt 0 and imageMaxHeight gt 0 and imageQuality gt 0>
<cftry>
<!--- scale image instead of copying --->
<cfif not APPLICATION.CreateCFC("Utils.Thumbnail").createThumbnail("#CFFILE.ServerDirectory#/#CFFILE.ServerFile#", "#currentFolderServerPath#/#fileName#", imageMaxWidth, imageMaxHeight, imageQuality)>
<cfset fileSystem.moveTempFile(CFFILE.ServerDirectory & "/" & CFFILE.ServerFile, currentFolderServerPath & "/" & fileName)>
</cfif>
<cfcatch>
<!---
we try to create a thumbnail from each file
if it's not an image file, we catch the exception
and copy it to ther right place
--->
<cfset fileSystem.moveTempFile(CFFILE.ServerDirectory & "/" & CFFILE.ServerFile, currentFolderServerPath & "/" & fileName)>
</cfcatch>
</cftry>
<cfelse>
<!--- if we don't scale uploaded file, let's copy it'--->
<cfset fileSystem.moveTempFile(CFFILE.ServerDirectory & "/" & CFFILE.ServerFile, currentFolderServerPath & "/" & fileName)>
</cfif>
with
<cfif imageMaxWidth gt 0 and imageMaxHeight gt 0 and imageQuality gt 0>
<cftry>
<!--- scale image instead of copying --->
<cfif not APPLICATION.CreateCFC("Utils.Thumbnail").createThumbnail("#CFFILE.ServerDirectory#/#CFFILE.ServerFile#", "#currentFolderServerPath#/#fileName#", imageMaxWidth, imageMaxHeight, imageQuality)>
<cfset fileSystem.moveTempFile(CFFILE.ServerDirectory & "\" & CFFILE.ServerFile, currentFolderServerPath & fileName)>
</cfif>
<cfcatch>
<!---
we try to create a thumbnail from each file
if it's not an image file, we catch the exception
and copy it to ther right place
--->
<cfset fileSystem.moveTempFile(CFFILE.ServerDirectory & "\" & CFFILE.ServerFile, currentFolderServerPath & fileName)>
</cfcatch>
</cftry>
<cfelse>
<!--- if we don't scale uploaded file, let's copy it'--->
<cfset fileSystem.moveTempFile(CFFILE.ServerDirectory & "\" & CFFILE.ServerFile, currentFolderServerPath & fileName)>
</cfif>
Bug 2: File permissions error in multi-user windows system on uploaded files
Reason: File permissions from temporary directory are carried over to final directory.
We use CKFinder on a sever running several domains and Plesk. The Image folder has inheritable permissions giving read, write, and delete access to the IUSR_user (anonymous IIS user) created by Plesk. When a file is moved from the default Coldfusion temporary directory the the destination, the file permissions on the file are the permissions from the temporary directory and the domain anonymous internet user cannot connect without authentication.
Permanent Fix: Use copy/delete to move the temp file instead of the move command. A new file created in a directory will inherit the permissions correctly. Move will literally just change the directory entry and not touch the file permissions.
Temporary Fix: Follow the recommendation in config.cfm and set config.tempDirectory to a folder that has the correct inheritable permissions.
Re: Various bugs with CKFinder with Coldfusion on Windows
We'll definitely fix it in the next release. Thanks again.
Wiktor Walc
CTO, CKSource - http://cksource.com
--
Follow CKEditor on: Twitter | Facebook | Google+