I wanted to block users from creating more then two levels deep of subfolders.
So for example They could have Resource/foo/bar/ but not Resource/foo/bar/asdf/
One level of wildcards /*/ worked but anything after that didn't. Examples: /*/*/ or /*/*/*/
So here is a simple patch. (I don't know if this is up to date or not but you should be able to add the code)
Hope this helps someone else.
So for example They could have Resource/foo/bar/ but not Resource/foo/bar/asdf/
One level of wildcards /*/ worked but anything after that didn't. Examples: /*/*/ or /*/*/*/
So here is a simple patch. (I don't know if this is up to date or not but you should be able to add the code)
Hope this helps someone else.
Index: ckfinder/core/connector/php/php5/Core/AccessControlConfig.php
===================================================================
ckfinder/core/connector/php/php5/Core/AccessControlConfig.php
ckfinder/core/connector/php/php5/Core/AccessControlConfig.php
@@ -171,7 +171,14 @@
if (array_key_exists($_currentPath . '*/', $this->_aclEntries))
$_computedMask = $this->mergePathComputedMask( $_computedMask, $resourceType, $_userRole, $_currentPath . '*/' );
+ if (sizeof($_pathParts) > 1){
+ $_wildcardPath = '*/';
+ for ($x = 1; $x < sizeof($_pathParts); $x++) {
+ $_wildcardPath .= '*/';
+ if (array_key_exists($_currentPath . $_wildcardPath, $this->_aclEntries))
+ $_computedMask = $this->mergePathComputedMask( $_computedMask, $resourceType, $_userRole, $_currentPath . $_wildcardPath );
+ }
+ }
$_currentPath .= $_pathParts[$i] . '/';
}