admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#30941 Automatisch web.config die geen execute toestaat in uploadfolders plaatsen

Browse Source 
svn path=/Website/trunk/; revision=23811
This commit is contained in:
Jos Groot Lipman
2015-01-07 11:18:04 +00:00
parent fd5769ade4
commit cee3b3a3c3
3 changed files with 43 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
APPL/Shared/FlexFiles.inc
View File

@@ -71,25 +71,29 @@ function flexProps(pModule, pKey, pSubpath, pNiveau)
switch (pModule)
{
case "FGII": // Facilitor Graphics
result.AttachPath = S("fg_dwf_path_concept");
result.AttachRootPath = S("fg_dwf_path_concept");
result.AttachPath = result.AttachRootPath;
result.pickfile = true;
result.multi = true;
result.extFilter = "dwf";
break;
case "FGIIV": // Vluchtplannen
result.AttachPath = S("fg_vlucht_path") + "V" + pKey + "/";
result.AttachRootPath = S("fg_vlucht_path");
result.AttachPath = result.AttachRootPath + "V" + pKey + "/";
result.pickfile = true;
result.multi = true;
result.extFilter = "dwf";
break;
case "FGIIS": // Facilitor Graphics symbolen
result.AttachPath = S("fg_symbols_path");
result.AttachRootPath = S("fg_symbols_path");
result.AttachPath = result.AttachRootPath;
result.pickfile = true;
result.multi = true;
result.extFilter = "dwf";
break;
case "FGIIP":
result.AttachPath = S("fg_dwf_path_prj") + pKey + "/";
result.AttachRootPath = S("fg_dwf_path_prj");
result.AttachPath = result.AttachRootPath + pKey + "/";
result.pickfile = true;
result.multi = true;
result.extFilter = "dwf";
@@ -97,7 +101,8 @@ function flexProps(pModule, pKey, pSubpath, pNiveau)
case "BESPH":
// Bestanden zijn te vinden op prs_bedrijf.prs_bedrijf_image_loc of ...cust/xxxx/photos/bes/[disc_key]/
// Wij kunnen alleen bestanden naar ...cust/xxxx/photos/bes/[disc_key]/ uploaden.
result.AttachPath = Server.MapPath(S("bes_image_path") + pKey) + "/";
result.AttachRootPath = Server.MapPath(S("bes_image_path"));
result.AttachPath = result.AttachRootPath + "/" + pKey + "/";
result.extFilter = "jpg|png";
result.pickfile = true;
result.multi = true;
@@ -105,14 +110,16 @@ function flexProps(pModule, pKey, pSubpath, pNiveau)
break;
case "INSPH":
// Bestanden zijn te vinden op ...cust/x/photos/ins
result.AttachPath = Server.MapPath(S("ins_image_path")) + "/";
result.AttachRootPath = Server.MapPath(S("ins_image_path"));
result.AttachPath = result.AttachRootPath + "/";
result.extFilter = "jpg|png";
result.pickfile = true;
result.multi = true;
result.regexp = S("ins_photo_size");
break;
case "MLDS": // Stdmelding symbolen
result.AttachPath = Server.MapPath(S("mlds_image_path")) + "/";
result.AttachRootPath = Server.MapPath(S("mlds_image_path"));
result.AttachPath = result.AttachRootPath + "/";
result.pickfile = true;
result.multi = true;
result.extFilter = "jpg|png";
@@ -129,7 +136,8 @@ function flexProps(pModule, pKey, pSubpath, pNiveau)
case "RES":
case "FAQ":
// Bestanden zijn nu te vinden on ...cust/x/flexfiles/[module]/[subfolder]/[key]/[kenmerk_key]
result.AttachPath = S("flexFilesPath") + "/" + pModule + "/";
result.AttachRootPath = S("flexFilesPath");
result.AttachPath = result.AttachRootPath + "/" + pModule + "/";
result.AttachPath += (pKey > 0? subfolderKey(bepaalNiveau(pModule, pNiveau), pKey)
: subfolderNew(bepaalNiveau(pModule, pNiveau), user_key + "_" + getQParam("tmpfolder")));
result.AttachPath += "/" + pSubpath + "/";
@@ -138,14 +146,16 @@ function flexProps(pModule, pKey, pSubpath, pNiveau)
break;
case "RESPH":
// Bestanden zijn te vinden op ...cust/x/photos
result.AttachPath = Server.MapPath(S("res_image_path")) + "/";
result.AttachRootPath = Server.MapPath(S("res_image_path"));
result.AttachPath = result.AttachRootPath + "/";
result.extFilter = "jpg";
result.pickfile = true;
result.multi = true;
result.regexp = S("res_photo_size");
break;
case "MRK":
result.AttachPath = Server.MapPath(S("mrk_image_path")) + "/";
result.AttachRootPath = Server.MapPath(S("mrk_image_path"));
result.AttachPath = result.AttachRootPath + "/";
result.AttachPath += (pKey > 0? subfolderKey("M", pKey)
: subfolderNew("M", Session.SessionId));
result.AttachPath += "/1/";
@@ -154,7 +164,8 @@ function flexProps(pModule, pKey, pSubpath, pNiveau)
result.regexp = S("mrk_photo_size");
break;
case "SML":
result.AttachPath = Server.MapPath(S("prs_image_path")) + "/";
result.AttachRootPath = Server.MapPath(S("prs_image_path"));
result.AttachPath = result.AttachRootPath + "/";
result.AttachPath += subfolderKey("P", pKey);
result.AttachPath += "/SML/";
result.multi = false; // vooralsnog maar eentje
@@ -162,14 +173,16 @@ function flexProps(pModule, pKey, pSubpath, pNiveau)
result.regexp = S("sml_photo_size"); // "r200x150", Resized naar binnen 200x150 (zonder crop, met behoud aspect ratio)
break;
case "MENU":
result.AttachPath = Server.MapPath(S("menu_image_path")) + "/";
result.AttachRootPath = Server.MapPath(S("menu_image_path"));
result.AttachPath = result.AttachRootPath + "/";
result.pickfile = true;
result.multi = true;
result.extFilter = S("flexExtensionFilter"); // was "jpg|png"; maar tegenwoordig ook andere bestanden
result.regexp = S("menu_photo_size");
break;
case "BDRADR":
result.AttachPath = S("bdradrfiles_path") + "/";
result.AttachRootPath = S("bdradrfiles_path");
result.AttachPath = result.AttachRootPath + "/";
result.pickfile = true;
result.multi = true;
result.extFilter = S("flexExtensionFilter"); // Mag in principe alles zijn
@@ -177,7 +190,8 @@ function flexProps(pModule, pKey, pSubpath, pNiveau)
default:
INTERNAL_ERROR_MODULE;
}
result.AttachPath = result.AttachPath.replace("..", "_"); // paranoia mode, should never happen
result.AttachRootPath = result.AttachRootPath.replace("..", "_"); // paranoia mode, should never happen
result.AttachPath = result.AttachPath.replace("..", "_");
return result;
}

10
APPL/Shared/UploadForm_save.asp
View File

@@ -86,7 +86,15 @@ function jslog(str) // VB Vindt de twee underscores niet leuk
result.message = L("lcl_shared_upload_error_start") + result.message + L("lcl_shared_upload_error_end");
}
else
{ // Eerst Resize/crop
{
// Plaats automatisch een web.config die asp-Execute van bestanden verbiedt
var fso = Server.CreateObject("Scripting.FileSystemObject");
if (fso.FolderExists(params.AttachRootPath) && !fso.FileExists(params.AttachRootPath + "/web.config"))
{
__DoLog("Placing web.config file in " + params.AttachRootPath);
fso.CopyFile(Server.MapPath("./web_sample.config"), params.AttachRootPath + "/web.config");
}
// Eerst Resize/crop
if (params.regexp && result.safefilename.match(/\.(png|jpg|jpeg)$/i))
{
var Format = params.regexp.match(/^([RrCc])(\d*)x(\d*)$/i); // P800x600

6
APPL/Shared/web_sample.config Normal file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers accessPolicy="Read" />
</system.webServer>
</configuration>